Test carryover kext for TN2459

In TN2459: https://developer.apple.com/library/content/technotes/tn2459/_index.html, user approval is required for loading new third-party kernel extensions.


The kext that I would like to test has been loaded before upgraded to High Sierra, so loading the same kext after upgrade does not trigger the user approve flow which I would like to test against.


I have run the following command on my machine:

$ spctl kext-consent status
Kernel Extension User Consent: ENABLED


I have also deleted the entry that corresponds to the kext in the kext_policy table in /private/var/db/SystemPolicyConfiguration/KextPolicy under recovery mode and restart several times. But the user approval flow is still not triggered when I load the kext.


I wonder if the policy info is cached somewhere else and if I need to clear NVRAM for my machine or tell syspolicyd to clear its cache? Or there is other things that I need to do?

Up vote post of yijiem Down vote post of yijiem
823 views
Posted by
yijiem
Reply
Add a Comment

Replies

The way I test this stuff is using a VM. I take a snapshot of a fresh VM and then restore to that snapshot each time I want to start from scratch. Alas, this only works if your KEXT works acceptable within a VM.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment