codesigned kext But why not load in Yosemite(10.10)

后端 未结 3 745
梦如初夏
梦如初夏 2021-02-15 00:04

I had a code signing on kext in Yosemite. But kextload is failed.
It was version2 codesign. codesign --verify is true.
But kextload is failed. Why not load

3条回答
  •  鱼传尺愫
    2021-02-15 00:31

    I agree with ParaDevil answer.
    For OS X Yosemite you can do the following:

    1. Download "Kernel Debug Kit";
    2. Run installer package;
    3. Continue to "Read Me" step;
    4. The "Read Me" says:

    In order to load unsigned kexts, the system must have "KEXT Developer Mode" enabled by adding the "kext-dev-mode=1" boot-arg. The following command (followed by a reboot) would be suitable to prepare a system for testing non-production kexts:     

    sudo nvram boot-args="debug=0x146 kext-dev-mode=1"
    

    Once this is done, the machine will be able to load any valid kext; signatures will still be checked, but a failed verification will just result in a log message. Note: This applies to kexts that contain a binary, as well as codeless (plist-only) kexts. The system will remain in developer mode until you manually remove the boot-arg or clear nvram and reboot. You can exit developer mode by redefining the boot-arg to your previous settings, or clear your boot-args as follows:

        

    sudo nvram -d boot-args
    

    Apple recommends that you make use of KEXT Developer Mode rather than use your Developer ID certificate to sign drivers while they are under development. Ideally you should sign a driver using a Developer ID certificate only when it reaches its final stages of testing and is being evaluated for release to customers.


    For OS X El Captain 10.11 the command:

    sudo nvram boot-args="debug=0x146 kext-dev-mode=1"
    

    has no effect.

    Read System Integrity Protection Guide/Kernel Extensions for more information.

提交回复
热议问题