Search code examples

DriverKit Driver is failing to launch on iPadOS due to an entitlements check failure, what am I missing?

We have a DriverKit application connected to a Teensy 4.1. The driver works fine on macOS, but we're attempting to get it working in iPadOS. Everything builds, the driver seems to be installing correctly, and I've enabled it in settings. Upon connecting the Teensy, it locates the correct dext and tries to launch it, but then fails with error:

DK: CDCDriver-0x100002543: provider entitlements check failed

I've done my best to verify we have entitlements configured correctly but I'm new to DriverKit and it's not clear to me what I'm missing. Could be something obvious.

We have targets for iOS and macOS. We're using different code signing and entitlements in the build settings for each SDK.

The local entitlements plist file for the iPadOS built driver is just:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
<plist version="1.0">

I've also tried adding/removing App Sandbox = YES based on Apple's example project to no avail.

ID Capabilities enabled for the driver on

  • DriverKit (Development)
  • DriverKit Communicates with Drivers
  • DriverKit USB Transport (Development)

Signing identity on iOS is Apple Development.

Provisioning Profile was set to DriverKit App Development with the above mentioned ID and capabilities.

The bundle ID prefix is the same as the parent app.

Any obvious mistakes here or ideas of things I could check?


  • For a USB driver you need to add the USB transport entitlement. When using the self-serve default development USB transport entitlement, you need to set the Vendor ID to a string containing just an asterisk to match the provisioning profile, and leave the Product ID out of the entitlements altogether. For a release build that you deploy with ad hoc or app store (or on macOS Developer ID) signing, you'll need to request the entitlement for the relevant purposes and platforms from Apple and match the granted provisioning profile's vendor ID value(s). This is identical to how it's done on macOS, and indeed you can load the same binary on both if suitably signed. If you didn't need the entitlement on macOS you likely have SIP disabled or custom boot-args.

    You should also remove the "communicates-with-drivers" entitlement from the dext, and instead add "communicates-with-drivers" to the app that's going to open a user client connection. (And yes, the latter is different from macOS, where the dext requires a [different] entitlement to allow user client access.)