Hi Stackoverflow Community.
Trying to run through the following tutorial - so I can learn how to code a driver util.
http://www.robertopasini.com/index.php/2-uncategorised/625-osx-creating-a-device-driver
I'm at the point where I'm trying to run kextutil on the kext file that my build produces. Per the instructions I copy it to my temp folder. But I'm getting the following error:
admins-Mac-mini:Debug admin$ kextutil -n -t /tmp/ssvac.kext
Skipping staging and system policy checks because not running as root, expect staging errors.
Kext rejected due to improper filesystem permissions: <OSKext 0x7f91d402f140 [0x7fff898b2cc0]> { URL = "file:///private/tmp/ssvac.kext/", ID = "myappleid.ssvac" }
Code Signing Failure: code signature is invalid
Authentication Failures:
File owner/permissions are incorrect (must be root:wheel, nonwritable by group/other):
/private/tmp/ssvac.kext
Contents
_CodeSignature
CodeResources
MacOS
ssvac
Info.plist
Diagnostics for /private/tmp/ssvac.kext:
Authentication Failures:
File owner/permissions are incorrect (must be root:wheel, nonwritable by group/other):
/private/tmp/ssvac.kext
Contents
_CodeSignature
CodeResources
MacOS
ssvac
Info.plist
admins-Mac-mini:Debug admin$
I tried to change the permissions / owner like so:
admins-Mac-mini:Debug admin$ chown root:wheel /tmp/ssvac.kext/
admins-Mac-mini:Debug admin$ ls -lah /tmp/ssvac.kext/
total 0
drwxrwxrwx 3 root wheel 96B 16 Oct 16:37 .
drwxrwxrwt 7 root wheel 224B 19 Oct 08:08 ..
drwxr-xr-x 5 admin wheel 160B 16 Oct 16:37 Contents
admins-Mac-mini:Debug admin$ kextutil -n -t /tmp/ssvac.kext
Not sure exactly how to resolve it. If you have any tips, I'd appreciate it.
Thanks!
EDIT 1
My mistake was when I copied from the debug folder to /tmp/, I didn't use the -r switch. Now that I have, this is the error I'm getting:
admins-Mac-mini:Debug admin$ cp -r ssvac.kext/ /tmp/
admins-Mac-mini:Debug admin$ sudo kextutil /tmp/
Contents/ com.apple.launchd.GufwRL5Sf0/ com.google.Keystone/ powerlog/ ssvac.kext/
admins-Mac-mini:Debug admin$ sudo kextutil /tmp/ssvac.kext/
Password:
Untrusted kexts are not allowed
Kext with invalid signature (-67050) denied: /private/var/db/KernelExtensionManagement/Staging/tmp.RLlmC1/59AFE9EA-12E3-42C0-B3FC-E98EF987D9B2.kext
Bundle (/private/tmp/ssvac.kext) failed to validate, deleting: /private/var/db/KernelExtensionManagement/Staging/tmp.RLlmC1/59AFE9EA-12E3-42C0-B3FC-E98EF987D9B2.kext
Unable to stage kext (/private/tmp/ssvac.kext) to secure location.
admins-Mac-mini:Debug admin$
As you can see from the ls output, kexts are really directories containing at minimum an Info.plist file, and code signing information in a predefined directory layout. (starting with a Contents subdirectory) Usually it also contains a binary executable. All files and subdirectories in the kext must have appropriate permissions for the kext to be considered for loading. This means permissions must be applied recursively with the -R flag when using chown.
Instead of using chown, I generally recommend simply copying the kext to a temporary location (for testing, prior to macOS 11) or /Library/Extensions (from macOS 11 onwards, or when deploying, or when testing the kext's boot time behaviour) as the root user as you then don't run into problems trying to replace it with an updated version as an unprivileged user during your code/compile/load/debug cycle:
# Copies kext to /tmp, owned by root
sudo cp -r "path/to/built.kext" "/tmp/"
# Attempts to load kext
sudo kextutil "/tmp/built.kext"
(Obligatory disclaimer pointing out that many types of kext are now deprecated, and you'll want to make sure that writing a kext really, really, really is the correct way forward for your project.)