1 Reply
      Latest reply on Oct 9, 2019 9:28 AM by eskimo
      alsoEricRFMA Level 1 Level 1 (0 points)

        Hello all...


        I'm probably misunderstanding something, but this is a real puzzle.


        The short version is I have an application, that is not notarized, that runs fine on Catalina (released version) without any complaints.


        Here are some data points that might help:


        I have a clean install of macOS 10.15 released version. I have an unsigned installer that installs a partially-signed application bundle. Nothing is notarized. The application was recently built (if that's the same as the timestamp of its signing, then it was built on Sept 6, 2019). The installer also installs a signed kernel extension..


        No issues at install or launch time. When the kext is loaded, I do get the "System Extension Blocked" dialog. I click "Allow", and everything's fine.


        But nothing is notarized except maybe the kernel extension, according to kextutil -nt: /Library/Filesystems/efsfuse.fs/Contents/Extensions/10.15/efsfuse.kext appears to be loadable (including linkage for on-disk libraries).


        Even though everything seems to be running fine, I need to solve the mystery: How can this be working if it's not notarized and on macOS 10.15?


        I'm hoping someone can shed some light on this, 'cause I'm stumped!

        • Re: UN-notarized app loads and runs fine in 10.15
          eskimo Apple Staff Apple Staff (12,325 points)

          As things currently stand on 10.15, the notarisation check is done by Gatekeeper, that is, when a quarantined product is used for the first time.  If the product is never quarantined, there’s no notarisation check.  I recommend that you watch WWDC 2019 Session 701 Advances in macOS Security, and specifically the part leading up to slide 39, which explains the current state of affairs in detail.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"