how to sign my kext.

I know i need a developer ID while i couldn't confirm to enroll it personal or with my company.

The Developer ID page has a link to the KEXT-specific info.

As to which team you should use, I generally recommend the team of the company that’s going to publish your KEXT. That way the KEXT signed by this Developer ID is tied to the legal entity that published it.

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi Sir, Do you mean this title "Request a certificate for your kext"? I should sign my kext after submitting my requirements.Right? Thanks.

Do you mean this title "Request a certificate for your kext"? I should sign my kext after submitting my requirements.Right?

Alas, I’m having a hard time parsing your questions, so I’m going to give a generic answer.

Once you have a KEXT-enabled Developer ID, you should sign your KEXTs using Xcode. Specifically, set the Code Signing Identity (

CODE_SIGN_IDENTITY

btw You can recognise a KEXT-enabled Developer ID by look at the extensions in the certificate. A normal Developer ID certificate has the extension 1.2.840.113635.100.6.1.13. A KEXT-enabled one has that and 1.2.840.113635.100.6.1.18.

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Dear sir, I have applied a developer ID successful now and it is KEXT-enabled(has extension 1.2.840.113635.100.6.118), after I used this ID to code sign my kext, when kextutil -tn "my.kext" some errors happened like this, "Code Signing Failure: code signature is invalid", I dont know what I did wrong in all steps? Waiting for your reply, thanks!(by the way, I am using virtual box of MAC OS running on WINDOWS, is there any problem?)

Please post your

kextutil

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thank you for your answer, and I had solved this problem already. The way to solve it is change another version of XCode, when I used Version 5.1, there was the error when I signed my kext, while Version 6+ doesn't.

Now I have signed my kext success already, but I don't know what's the best way for my customers to use it. Do you have some suggestions?

(PackageMaker or tools else) At the meantime, the directory which kexts could be auto-load had changed from /s/l/e to /l/e since version MAC OS X 10.9, how can I make just 1 package for installation and install them to different directory according to ths version of OSX?

Thank you very much.

Look at the WWDC 2013 session 707 "What's New in Kext Development". It gives some guidelines on how to build and install kexts for both 10.8 and 10.9 at the same time. It is really a must watch session for all kernal developers.

I checked introduction of kext sign process. http://devstreaming.apple.com/videos/wwdc/2013/707xfx3xysb4yyrvtxbbu6t9fono/707/707.pdf

And go to https://developer.apple.com/developer-id/ send a request to certificate for my kext.

After 2 weeks, I got reply and into the link trying to get kext-enabled developer ID.

But I can find any option about Develop ID and Kernel Extension.

Below is the screen-shot, did I miss any steps?

https://www.dropbox.com/s/ag5taymb6yqp7t7/developer_id_option.tiff?dl=0

I try to use those options to get certification, but not works still get invalid signature, will not load message on system log.

somebody help, please~

Below is the screen-shot, did I miss any steps?

This sounds kinda silly but did you scroll down on that page? Developer ID is a production certificate, and thus you should expect to find it at the end of the Production list.

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Dear Eskimo,

Thanks for your reply.

Sure, I scrolled to the end everytime.

End of the page has 2 links.

• Worldwide Developer Relations Certificate Authority
• Developer ID Certificate Authority

https://www.dropbox.com/s/oppdnxod1irg6ns/certificates.tiff?dl=0

I can't get the option "Developer ID Application and Kernel Extension" option which like page 82 on WWDC 2013 pdf.

And I try to download the links and install that cerificates.

Also select every option in "Code Signing Identity" and build many time with different option.

Use "tail -f /var/log/system.log" to watch kextload result, it alway show "com.apple.kextd[47]: ERROR: invalid signature for xxxxxxxx, will not load".

Use "kextutil -tn" to verify kext, that shows "Code Signing Failure: code signature is invalid"

I'm really confuse, I know that is a certificate and developer ID problem.

But I already fill out the form and get reply, that mail provides an link, but I can't find the option like mail or pdf descrip.

Do I need send request again? or did I misunderstanding anything?

I’m going to ask you to get in touch officially here. DevForums isn’t the right place to sort out something like this.

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

OK, thanks.

I solved create Developer ID problem, cause only team agent can create Developer ID.

My acount is admin permission, so that will always not display the option in website.

So I asking my colleague who has agent to create kext-enable Developer ID.

But it build fails with kext-enable Developer ID.

Error message:

"timestamps differ by 808 seconds - check your system clock

Command /usr/bin/codesign failed with exit code 1"

Somebody help, please.

Hi eskimo,here is my question,and waiting for your answer.Thank you very much!

We have a certificate kext before,and code signature is valid.My Apple Developer Program membership has expired a few days ago.I renew it yesterday。Everything seems fine.But code signature is invalid again。Should I apply for this certificate from this address again？https://developer.apple.com/contact/kext/ I just check my certificate and it has the OID :1.2.840.113635.100.6.1.18.It still can not work.Is there some problem in the Build Setting of xcode?

I solved create Developer ID problem …

Cool.

But it build fails with kext-enable Developer ID.

That seems pretty self explanatory: your system clock is 808 seconds off (almost 13 minutes). I recommend that you enable System Preferences > Date & Time > Date & Date > “Set date and time automatically”.

Note Developer ID requires that the code signature include an accurate timestamp so that Developer ID certificates can be revoked effectively. Apple runs such a service (speaking the protocol described in RFC 3161) as

timestamp.apple.com

codesign

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"