Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

codesigned kext But why not load in Yosemite(10.10)

I had a code signing on kext in Yosemite. But kextload is failed.
It was version2 codesign. codesign --verify is true.
But kextload is failed. Why not load in Yosemite?

Here is my log.

I have checked with codesign -dvvv ./myKext.kext And It's all right.

codesign -dvvv ./myKext.kext returned following:

Executable=/Path/to/myKext
Identifier=com.myKext.kext.Firewall
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20100 size=317 flags=0x0(none) hashes=9+3 location=embedded
Hash type=sha1 size=20
CDHash=d0ff68bd8b49c650f45349c2d1570d45a8c1f148
Signature size=8544
Authority=Developer ID Application: My Kext Co., Ltd. (R2PBZJ465V)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=2014. 10. 31. 오전 11:09:35
Info.plist entries=18
TeamIdentifier=not set
Sealed Resources version=2 rules=12 files=1
Internal requirements count=1 size=188

It shows that the version 2.
But sudo kextload ./myKext.kext is returning the following:

/Path/to/myKext.kext failed to load - (libkern/kext) not loadable (reason unspecified); check the system/kernel logs for errors or try kextutil(8).

cat /var/log/system.log returns:

com.apple.kextd[19]: ERROR: invalid signature for com.myKext.kext.Firewall, will not load

sudo kextutil -l ./myKext.kext returns:

Diagnostics for ./myKext.kext:
Code Signing Failure: code signature is invalid
ERROR: invalid signature for com.myKext.kext.Firewall, will not load

Why are invalid signature?!
I have signed with version2 codesign in Yosemite.
What I did wrong sign? Somebody teach me please.

like image 838
나승훈 Avatar asked Oct 31 '14 09:10

나승훈


1 Answers

I had the same problem too. And I got the solution sharing with you.

Apple changed the Mac Developer Program, and removed certification for kext from it. So even you are member of Mac Developer Program, you will not get certification for kext development unless you request it at Developer ID and Gatekeeper.

BTW, Apples says,

"KEXT signing is intended for signing commercially shipping kexts or projects broadly distributed in a large organization."

So what we can do is run our Kext on the KEXT Development Mode by adding the "kext-dev- mode=1" boot-arg. Like,

sudo nvram boot-args="debug=0x146 kext-dev-mode=1"

And reboot.

I wish this will be helpful for you.

like image 121
DDDrop Avatar answered Nov 11 '22 15:11

DDDrop