User Profile

I asked the account holder of my company's developer account to request an entitlement for building with DriverKit. Then later I received an email saying the entitlement had been granted.I am trying to build a driverkit project but it fails for Code Signing. The errors I am getting are two things: first the provisioning profile doesn't contain my development certificate. I actually did add it when I created it in the developer portal. The second error is that the provisioning profile doesn't contain the entitlement.One of the things I did was revoke my development certificate and create a certificate request and make a new development certificate. Then I created a provisioning profile for Mac development adding my new developer certificate and my device (i.e. my Mac I use for development) for the wildcard identifier. Then I downloaded and installed the provisioning profile. Then I restarted Xcode and opened my driverkit project. I had to import the provisioning profile wtihin Xcode in order for it to appear as an option for manual signing.I'm on MacOS 10.14.6 and Xcode Version 11.3.1 (11C504).Is the problem that I am on Mojave or that I need to revoke and re-create my Developer ID: Application certificate? I don't want to have to do either of these things because the former would be a real pain for me and the second would be a real pain for other people at my company using the certificate.

Hi. I have a question about the Info.plist in DriverKit.I currently have a KEXT project that uses VID/PID matching for a large number of customized VID/PID pairs that all map to the same family of USB to Serial bridge chips my company makes. As we migrate this KEXT to DriverKit, do the IOKitPersonality records stay pretty much the same? Specifically, do we continue to use idProduct, idVendor, and bInterfaceNumber the same way?I would just try it out, but I don't yet have the com.apple.developer.driverkit entitlement.Thanks!Brant

Hi. I have a customer who is unable to load a KEXT under MacOS 10.15.3 that they were previously able to load under 10.15.1.I asked them to try to load it from the command line using kextutil. This is the error they received:MacBook-Pro:Extensions user$ sudo kextutil SiLabsUSBDriver.kext Password: Kext rejected due to system policy: { URL = "file:///Library/StagedExtensions/Library/Extensions/SiLabsUSBDriver.kext/", ID = "com.silabs.driver.CP210xVCPDriver" } Kext rejected due to system policy: { URL = "file:///Library/StagedExtensions/Library/Extensions/SiLabsUSBDriver.kext/", ID = "com.silabs.driver.CP210xVCPDriver" } Diagnostics for /Library/Extensions/SiLabsUSBDriver.kext: MacBook-Pro:Extensions user$The installer for this KEXT calls KextManagerLoadKextWithURL() and is getting a return code of kOSKextReturnSystemPolicy. I usually take this return code to mean that the user needs to approve the kernel extension in the Security & Privacy pane of the System Preferenes. However, in this case they do not see a message about this kext in that preference pane. I tried formatting the drive on a test system in my office and reinstalling MacOS 10.15.3 and I was able to install the kext and everything worked the way I expected. The installer called KextManagerLoadKextWithURL() and got kOSKextReturnSystemPolicy and when I opened the Security & Privacy control panel, I saw the "Allow" button for this kernel extension and I clicked it and it loaded properly. But this cutomer has tried the same steps and those steps are all working the same except the Allow button does not appear.The only difference I am aware of is that their systems are set to Japanese. Their GateKeeper settings are the same ("App Store & Identified Developers") and they are using an admin account for the installation. Of course, you could not authorize the privileged helper tool that the installer uses to install the kext if you did not have an admin account.When I create the .dmg that this is distributed on, I sign and notarize the .dmg and staple it afterwards and this all is successful. I do not currently notarize the kext itself nor the installer application - I merely sign these.Would it be worthwhile to try separately notarizing the KEXT? Could this be the reason why it is not loading or showing the "Allow" button when they run kextutil on the command line?

I just updated the version of Xcode I was using to build a KEXT project. I needed to run kextlibs on the Kext in order to update the OSBundleLibraries key in the Info.plist for the KEXT. When I do this, I get the following output:For all architectures: com.apple.iokit.IOSerialFamily = 11.0 com.apple.iokit.IOUSBHostFamily = 1.2 com.apple.kpi.iokit = 18.7 com.apple.kpi.libkern = 18.7 For x86_64: 2 symbols not found in any library kext: __ZN9IOService8DispatchE5IORPC __ZN15OSMetaClassBase8DispatchE5IORPCWhen I run the two symbols that were not found through the demangler, it is telling me they are:IOService::Dispatch(IORPC)andOSMetaClassBase::Dispatch(IORPC)I double checked to make sure that I had not made any code changes - the only change is moving to Xcode Version 11.2.1 (11B500).I would appreciate any ideas as to how I can solve this issue.

I'm having trouble with Notarization for a Kext.I am using Xcode 10.2.1.The Kext is properly signed and works properly up through 10.14.4. When the update for 10.14.5 became available, I updated my primary Mac and the kext that was already installed continued to work.I used a clean VMWare image that was running 10.14 and upgraded it to 10.14.5 and I saved a clean snapshot of the image. This way I can test installing the KEXT over and over and to see the errors that pop up on first install.When I install the KEXT on my test image, I see an error, "System Extension Blocked" "A program tried to load one or more system extensions that are incompatbile with this version of macOS. Please Contact Silicon Laboratories, Inc for support." My understanding is that I am seeing this message due to my Kext not being Notarized. When I try to load the KEXT using kextutil, I see a message that says "Kext rejected due to system policy" and some other specific information. It says "Diagnostics for /Library/Extensions/<mykext>.kext:" and then there is nothing after that. I would expect it to say something like the kext isn't notarized.The KEXT is installed by a .pkg file that is shipped on a .dmg. I tried the following steps:crun altool --notarize-app --primary-bundle-id "" --file .dmg --username "" --password "@keychain:AC_PASSWORD"This resulted in a message that said "No errors uploading <mydmgname>.dmg".A few minutes later, I got an email that said "You can now distribute your Mac software." in the subject line. It said "Your Mac software has been notarized. You can now export this software and distribute it directly to users."What does it mean to "export this software"?I tried to install the .dmg onto my VMWare image. I received thes same result.I then tried mounting the .dmg and notarizing the .pkg. I did the same command, but notarized the .pkg this time. I got the same result from altool and then the same email saying my software was notarized. I tried installing again on a fresh restore of my VMWare image. Same result - won't install. So for good measure, I tried taking the raw kext that works on my workstation, zipping it, and notarizing it with altool. Again, same steps - same results. Won't install.I must be skipping a step or two. Ideas?