7 Replies
      Latest reply on Oct 24, 2019 1:46 AM by JMicron
      JMicron Level 1 Level 1 (0 points)

        Hi all,


        when I use below steps to check my kext file on MacOS 10.15, it returns errors:

        Execute below commands on terminal:

          sudo chown -R root:wheel kextname.kext

          sudo chmod -R 755 kextname.kext


        sudo kextload kextname.kext

        Terminal shows below message:

          /path/kextname.kext failed to load - (libkern/kext) not found; check the system/kernel logs for errors or try kextutil(8).


        sudo kextutil kextname.kext

        Terminal shows below message:

        Kext rejected due to system policy: <OSKext 0x7fec84d68e80 [0x7fff8ddbfb00]> { URL =    "file:///Library/StagedExtensions/Library/Extensions/kextname.kext/", ID = "com.myname.driver.xxx" }

        /Library/StagedExtensions/Library/Extensions/kextname.kext does not authenticate; omitting.

        Kext rejected due to system policy: <OSKext 0x7fa2514d9f80 [0x7fff8ddbfb00]> { URL = "file:///Library/StagedExtensions/Library/Extensions/kextname.kext/", ID = "com.myname.driver.xxx" }


        I've tried to execute command:

          codesign -vvv --deep --strict kextname.kext on terminal

        Terminal shows below message:

        kextname.kext: valid on disk

        kextname.kext: satisfies its Designated Requirement


        My step to generate kext:

        1. Generate my certificate and upload it by my developer ID, and then download the certificate

        2. Use Xcode 11.1 to build kext successfully:

           Signing & Capabilities:

             - Automatically mange signing: unchecked

             - Signing Certificate: select Developer iD Application which I downloaded

           Build Settings:

             - Signing:

               Code Signing Identity: Developer ID Application

               Code Signing Inject Base Entitlements: No

               Development Team: my team name

               Enable Hardened Runtime: Yes


             - OSBundleLibraries

               com.apple.kpi.iokit: 19.0.0

               com.apple.kpi.libkern: 19.0.0


        Is there a way to known the detail for "Kext rejected due to system policy" error? Or to solve it?




        • Re: "Kext rejected due to system policy" when use kextutil to check kext
          eskimo Apple Staff Apple Staff (12,265 points)

          Is your Developer ID enabled for KEXT development?  If you’re not sure, you can check using the instructions in KEXT Code Signing Problems.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: "Kext rejected due to system policy" when use kextutil to check kext
              JMicron Level 1 Level 1 (0 points)

              Dear eskimo,


              Thanks for your reply,

              After I check codesign0.cer, it has the extension with OID=1.2.840.113635., my certificate is in correct OID.


              Please see my further actions and result as below:

              Action 1.

              Execute command: spctl -a -v --type install /path/kextname.kext

              (kextname.kext is builded by Xcode 11.1)

              Terminal shows below message:

              /path/kextname.kext: accepted

              source=Unnotarized Developer ID

              override=security disabled


              Action 2.

              Step1: There is two Partition 10_15 and 10_15_1 on my Mac

              Step2: Boot on 10_15

              Step3: Build kext with Xcode11.1 on MacOS 10.15

              Step4: Use Packages to set to /System/Library/Extensions/kextname.kext on Payload setting and build a pkg

              Step5: Open and install pkg on 10_15_1

              Step6: Reboot on 10_15_1

              Step7: kext can be loaded normally.

              Although it can work, but I hope it can be installed and work well on my current partition 10_15


              Action 3.

              Step1: Build kext with Xcode10 on MacOS 10.14.4

              Step2: Use Packages to set path to /System/Library/Extensions/kextname.kext on Payload setting and build a pkg

              Step3: install it on MacOS 10.14.4, It works well

              Step4: Upgrade MacOS 10.14.5, it works well

              Step5: Upgrade MacOS 10.14.6, it works well

              Step6: Upgrade MacOS 10.15, it is removed

              I know MacOS 10.15 will auto remove it, but my kext is normal loaded on previous Mac OS version


              Can you kindly provide another way to check or debug this issue?