search

RogueAmoeba / Soundflower-Original

MacOS system extension that allows applications to pass audio to other applications.
https://github.com/Cycling74/Soundflower
MIT License
1.27k stars 146 forks source link

codesigned kext But why not load in Yosemite(10.10) #23

Open finalvictory opened 9 years ago

finalvictory commented 9 years ago

I had a code signing on kext in Yosemite. But kextload is failed. It was version2 codesign. "codesign --verify" is true. But kextload is failed. Why not load in Yosemite?

Here is my log.

I have checked with "codesign -dvvv ./myKext.kext" And It's all right.

"codesign -dvvv ./myKext.kext" returned following:

Executable=/Path/to/myKext
Identifier=com.myKext.kext.Firewall
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20100 size=317 flags=0x0(none) hashes=9+3 location=embedded
Hash type=sha1 size=20
CDHash=d0ff68bd8b49c650f45349c2d1570d45a8c1f148
Signature size=8544
Authority=Developer ID Application: My Kext Co., Ltd. (R2PBZJ465V)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=2014. 10. 31. 오전 11:09:35
Info.plist entries=18
TeamIdentifier=not set
Sealed Resources version=2 rules=12 files=1
Internal requirements count=1 size=188

It shows that the version 2. But "sudo kextload ./myKext.kext" is returned following:

/Path/to/myKext.kext failed to load - (libkern/kext) not loadable (reason unspecified); check the system/kernel logs for errors or try kextutil(8).

"cat /var/log/system.log" return following:

com.apple.kextd[19]: ERROR: invalid signature for com.myKext.kext.Firewall, will not load

"sudo kextutil -l ./myKext.kext" return following:

Diagnostics for ./myKext.kext:
Code Signing Failure: code signature is invalid
ERROR: invalid signature for com.myKext.kext.Firewall, will not load

Why are invalid signature?!! I have signed with version2 codesign in Yosemite. What I did wrong sign? Somebody teach me please.

JeremyAgost commented 9 years ago

The main issue is that in Yosemite, kexts must be signed with a special type of kext-signing certificate. Apple is extremely careful about who they allow to sign kexts and you have to apply for the privilege.

mattingalls commented 9 years ago

has anyone been able to get a certificate from apple? i filled out their form twice and haven't received anything - not even a "thank you for submitting" email.

JeremyAgost commented 9 years ago

I know one guy with a cert. They do seem to be very slow and negligent in responding to requests. It seems you need a connection to get anyone to look at them.

mattingalls commented 9 years ago

ok thanks -- fyi, my request was granted today (a week after my first request), now let's see if i can actually get this thing to load.. :)