I built a codeless DEXT to replace a working codeless KEXT - Migrating a codeless KEXT to a codeless DEXT. I referenced a few sites and GitHub repositories to put it together and had help from other SO users.
I am running with SIP turned off, developer mode is on (systemextensionsctl developer on). I am following the advice outlined here https://github.com/knightsc/USBApp/issues/1 for signing the app and dext.
When I run the app it is embedded in and request activation for the extension, that function seems to succeed. However, I then get a call to -
request:didFailWithError:
on my OSSystemExtensionRequestDelegate-derived request object when a work-queue thread starts up. The error is OSSystemExtensionErrorCodeSignatureInvalid. I assume that thread is related to the dispatch_queue_t I used to construct the OSSystemExtensionRequest.
From searching around and Apple source, I understand OSSystemExtensionErrorCodeSignatureInvalid is related to entitlements and signing. When I run systemextensionsctl list I get -
1 extension(s)
--- com.apple.system_extension.driver_extension
enabled active teamID bundleID (version) name [state]
* * <REDACTED> Home.MyUsbDrver (1.0/1) Home.MyUsbDrver [activated enabled]
When I run codesign -d -vvv --entitlements :- , I get -
Executable=/Users/.../TestDequeueApp.app/Contents/MacOS/TestDequeueApp
Identifier=Home.TestDequeueApp
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20500 size=1055 flags=0x10000(runtime) hashes=24+5 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=HASH
CandidateCDHashFull sha256=LONG HASH
Hash choices=sha256
CMSDigest=DIGEST
CMSDigestType=2
CDHash=HASH
Signature size=4745
Authority=Apple Development: MY Apple ID STUFF
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Signed Time=Aug 6, 2020 at 10:51:41 AM
Info.plist entries=23
TeamIdentifier=TEAM ID
Runtime Version=10.15.6
Sealed Resources version=2 rules=13 files=7
Internal requirements count=1 size=188
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.files.user-selected.read-only</key>
<true/>
<key>com.apple.developer.system-extension.install</key>
<true/>
<key>com.apple.developer.system-extension.uninstall</key>
<true/>
</dict>
</plist>
Not sure I see anything wrong there and the code signing script seems to run correctly. Here is my DEXT entitlement file with com.apple.developer.driverkit.transport.usb set for a legacy device (the same device listed in IOKitPersonalities section of my DEXT info.plist) -
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.developer.driverkit</key>
<true/>
<key>com.apple.developer.driverkit.transport.usb</key>
<array>
<dict>
<key>idVendor</key>
<integer>5843</integer>
<key>idProduct</key>
<integer>33</integer>
</dict>
</array>
<key>com.apple.security.app-sandbox</key>
<true/>
</dict>
</plist>
So it seems that the extension is active and enabled, but something fails during validation.
Any help or input on this problem would be appreciated.
Update:
Just for grins, I ran my production app that does not install the system extension to see if it would cause my hardware to match. Since the driver was installed, it did. However, when I tried to access the device I got a crash. That still seems like progress.
After a week of vacation not thinking about work at all, I figured this problem out! I re-read information in How to set `com.apple.developer.driverkit.transport.usb` entitlement? and realized my entitlements file was not correctly formatted.
Here is my old file, created in the editor in Xcode:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.developer.driverkit</key>
<true/>
<key>com.apple.developer.driverkit.transport.usb</key>
<array>
<dict>
<key>idVendor</key>
<integer>VID0</integer>
<key>idProductArray</key>
<array/>
<key>item 0</key>
<integer>PID0</integer>
<key>item 1</key>
<integer>PID1</integer>
<key>item 2</key>
<integer>PID2</integer>
<key>item 3</key>
<integer>PID3</integer>
<key>item 4</key>
<integer>PID4</integer>
</dict>
</array>
<key>com.apple.security.app-sandbox</key>
<true/>
</dict>
</plist>
For some reason, the array element insisted on having a key/value format. Looking at an example from the post as well as other information about plist files, I hand-edited to this:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.developer.driverkit</key>
<true/>
<key>com.apple.developer.driverkit.transport.usb</key>
<array>
<dict>
<key>idVendor</key>
<integer>VID0</integer>
<key>idProductArray</key>
<array>
<integer>PID0</integer>
<integer>PID1</integer>
<integer>PID2</integer>
<integer>PID3</integer>
<integer>PID4</integer>
</array>
</dict>
</array>
<key>com.apple.security.app-sandbox</key>
<true/>
</dict>
</plist>
Now the array element looks correct, and the driver loads and functions so that I can read data from my device.
Any ideas on how to make the Xcode editor behave, or is it just me not using it correctly?