User Profile

On T2 enabled macOS where Filevault /secure-boot is enabled the system uptime, queried through machabsolutetime()  or using the WTMP records corresponds to the time at which the system's Logon screen is displayed and not really the point at which the hardware button is pressed. The same is the case with named sysctl kern.boottime, it closely points where the logon screen is displayed (could be after 15-23 seconds) These values/mechanisms work well for non-secure boot environment. But being off by up to 30 seconds for T2 enabled environment. Looking at the open sourced bits around rtclock, we do see machdep.tsc.nanotime.tsc_base and machdep.tsc.nanotime.scale. That do hold values that can be calibrated with kern boottime reported to approximate the real point where the keys were pressed. But I don't see these system variables exposed in the new DTK can someone from Apple help us determine how to proceed further on that platform. Many thanks!

I am trying to make sense of some numbers in network extension. Background: I have a NEFilterDataProvider on Catalina MacOS working, mostly it is an extension of existing SimpleFirewall except that it attempts to scan all out going and incoming TCP data. The objective is to Scan as much stream as possible in a performant manner, this is being achieved by, returning let userVerdict: NEFilterDataVerdict = .init(passBytes: data.count /*total bytes indicated*/ , peekBytes: Self.peekBytes) in the inbound/outbound data handler 2. If 1. is not feasible then try to atleast sample offsets 3. Meter the inbound and outBound TCP flow To achieve 3. I think the only possible way is to scan all the data? /* This is what the data handlers looks like */  override func handleInboundData(from flow: NEFilterFlow, readBytesStartOffset offset: Int, readBytes: Data) -> NEFilterDataVerdict {    		return	.init(passBytes: readBytes.count, peekBytes: Self.peekBytes) } To test how our network extension, which simply requests for more data in its data handlers(in/out - bound) will fair in these scenarios we ran some tests on a VmWare fusion environment which had a vmnet network, using a tool called iperf(v2). Another machine acted as server and a macOS vm worked as client. The test run on the macOS looked as follows 	iperf -c 172.16.1.11 -t 300 -r -b 200M #limit throughput to 200Mbps iperf -c 172.16.1.11 -t 300 -r	#saturate the network While running these tests we saw huge variations in CPU utilization and Network throughput simply by changing the peekBytes value in the FilterDataVerdict. For large peekbytes things were more performant and for lower peekbytes they weren't. However with physical interfaces over internet the sweet spot for peekbytes was at 1400 bytes. I have shared what we observed here, I know links are not allowed so you will have to append https imgur.com/a/E1yCaVs I hope what I am saying makes sense? The ask is if there is any guidance around peekBytes for NetworkExtensions. Many thanks!

Hello forum,Trying to build SimpleFirewall sample and running into the following issue:"Your development team, XXXX, does not support the Sign In with Apple and Network Extensions capabilities."Now when I go to my dev profile (apple.developer.com) I couldn't locate where this needs to be set. Also, how do I enable the creation of AppIDs for a developer, currently I am not able to do that either without making the developer admin? Any pointers direction will help, RTFM will do too it seems my google-fu is not as strong. Many thanks!