Ship signed kext - Githubissues

droe / xnumon

monitor macOS for malicious activity

https://www.roe.ch/xnumon

Open Software License 3.0

230 stars 30 forks source link

Ship signed kext #6

Closed droe closed 6 years ago

droe commented 6 years ago

A signed kext is needed for deployments with reliable acquisition of executable image hashes and code signature information. Prerequisite is that I receive a kext signing certificate from Apple. As a workaround, a holder of a kext signing certificate could volunteer to sign xnumon.kext.

droe commented 6 years ago

Also investigate the exact user approval requirements on High Sierra and how to deploy in enterprises without depending on user approval. https://developer.apple.com/library/archive/technotes/tn2459/_index.html

droe commented 6 years ago

Timeline of communication with Apple:

2018-02-09 [684724033] First request to grant kext signing certificate to team C9BFEG985N, for still unreleased xnumon kext
2018-02-26 [684724033] Canned "request denied" message without giving specific reasons
2018-02-27 [684724033] Follow-up message to Apple explaining that xnumon meets the requirements and asking for specific reasons for denying the request
2018-03-25 [687763423] Second request to grant kext signing certificate to team C9BFEG985N, for still unreleased xnumon kext
2018-06-18 [693392828] Third request to grant kext signing certificate to team C9BFEG985N, for the released xnumon kext
2018-06-29 [100573865816] Phone call to Apple Developer Support following a recommendation from Product Security, could not resolve, promised follow-up by mail

droe commented 6 years ago

2018-06-29 [100573865816] Follow-up by mail, again explained the need for a kext as well as the business need for xnumon

droe commented 6 years ago

2018-07-02 [100573865816] Apple replies that they cannot read the text/plain body of my message; re-sent them a PDF printout done using Mail.app, which incidentally, can read my message just fine

droe commented 6 years ago

2018-07-04 [100573865816] Apple replies that they are reviewing the inquiry and will get back soon.

droe commented 6 years ago

2018-08-07 [100573865816] Asked for an update after a month without any news.

droe commented 6 years ago

2018-08-09 [100573865816] Received update that they are reviewing the request and will get back accordingly.

droe commented 6 years ago

2018-09-19 [100573865816] Request for kext signing certificate granted

Expect a point release with signed kext soon.

droe commented 6 years ago

Should verify identity of userspace process attaching to the kext (#45) along with shipping a signed kext.

droe commented 6 years ago

The required infrastructure changes are in develop-0.1.7, to be released after some more testing. Closing this issue.