I had a code signing on kext in Yosemite. But kextload is failed.
It was version2 codesign. codesign --verify
is true.
But kextload is failed. Why not load in Yosemite?
Here is my log.
I have checked with codesign -dvvv ./myKext.kext
And It's all right.
codesign -dvvv ./myKext.kext
returned following:
Executable=/Path/to/myKext
Identifier=com.myKext.kext.Firewall
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20100 size=317 flags=0x0(none) hashes=9+3 location=embedded
Hash type=sha1 size=20
CDHash=d0ff68bd8b49c650f45349c2d1570d45a8c1f148
Signature size=8544
Authority=Developer ID Application: My Kext Co., Ltd. (R2PBZJ465V)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=2014. 10. 31. 오전 11:09:35
Info.plist entries=18
TeamIdentifier=not set
Sealed Resources version=2 rules=12 files=1
Internal requirements count=1 size=188
It shows that the version 2.
But sudo kextload ./myKext.kext
is returning the following:
/Path/to/myKext.kext failed to load - (libkern/kext) not loadable (reason unspecified); check the system/kernel logs for errors or try kextutil(8).
cat /var/log/system.log
returns:
com.apple.kextd[19]: ERROR: invalid signature for com.myKext.kext.Firewall, will not load
sudo kextutil -l ./myKext.kext
returns:
Diagnostics for ./myKext.kext:
Code Signing Failure: code signature is invalid
ERROR: invalid signature for com.myKext.kext.Firewall, will not load
Why are invalid signature?!
I have signed with version2 codesign in Yosemite.
What I did wrong sign? Somebody teach me please.
I had the same problem too. And I got the solution sharing with you.
Apple changed the Mac Developer Program, and removed certification for kext from it. So even you are member of Mac Developer Program, you will not get certification for kext development unless you request it at Developer ID and Gatekeeper.
BTW, Apples says,
"KEXT signing is intended for signing commercially shipping kexts or projects broadly distributed in a large organization."
So what we can do is run our Kext on the KEXT Development Mode by adding the "kext-dev- mode=1" boot-arg. Like,
sudo nvram boot-args="debug=0x146 kext-dev-mode=1"
And reboot.
I wish this will be helpful for you.