I've never developed a kext before, but we have some developers who are working on one, and I put in a request for kext signing on behalf of my company. The original request went in in early January. We got our first reply from Apple on January 25, asking for more information, which we provided. We heard nothing back, despite repeated inquiries, until we were approved on March 17.
Unfortunately, our developers are finding that they still cannot sign our kext, and our inquiries with Apple have led to only one response, directing us here. Subsequent inquiries have received no response.
Here's the message Apple sent us on approval:
Your request for a developer ID for kext signing has been processed and the kext signing attribute has been added to your Developer ID. If you have previously obtained a Developer ID for application signing, you will need to re-download your Developer ID to have the updated certificate.
The Team Agents for your teams can download the cert from the following page: <https://developer.apple.com/account/mac/certificate/distribution>
Apple recommends that you make use of KEXT Developer Mode rather than use your Developer ID certificate to sign drivers while they are under development. Ideally you should sign a driver using a Developer ID certificate only when it reaches its final stages of testing and is being evaluated for release to customers.
We have followed these instructions, but are still unable to sign the kext. We are seeing the following error:
Diagnostics for FSObserver.kext: Code Signing Failure: code signature is invalid
Is there any way that we can, in fact, verify whether our certificate actually has the kext signing attribute or not? And if it does not have that attribute, how can we escalate this issue with Apple? It's been 3 months, and we're going to need this very soon.