Mac OS High Sierra kext签名
[英]Mac OS High Sierra kext signing
问题描述
Apple recently introduced a new security feature in Mac OS High Sierra for ' User Approved Kernel Extension Loading '. 
苹果公司最近在Mac OS High Sierra中为“ 用户批准的内核扩展加载 ”引入了一项新的安全功能。
" ...a new feature that requires user approval before loading newly-installed third-party kernel extensions (KEXTs). When a request is made to load a KEXT that the user has not yet approved, the load request is denied. Apps or installers that treat a KEXT load failure as a hard error will need to be changed to handle this new case. " “ ...一项新功能,在加载新安装的第三方内核扩展(KEXT)之前需要用户批准。当请求加载用户尚未批准的KEXT时,加载请求被拒绝。Apps或将KEXT加载失败视为硬错误的安装程序将需要更改以处理这种新情况。 ”
Does this mean developers can sign kexts with their own developer certificates, and no longer need specific Apple approved certificates to ship kexts to users? 这是否意味着开发人员可以使用自己的开发人员证书对kexts进行签名,而不再需要经过Apple认可的特定证书才能将kexts交付给用户?
2 个解决方案
解决方案1
2 已采纳 2017-09-25 21:28:58
从苹果公司那里得知,这不会改变kext代码签名过程,您仍然需要它们提供的证书才能对kext进行签名。
解决方案2
1 2017-10-05 10:46:18
https://developer.apple.com/library/content/technotes/tn2459/_index.html
Secure Kernel Extension Loading is a new security feature of macOS High Sierra. 安全内核扩展加载是macOS High Sierra的一项新安全功能。 macOS now requires you to manually approve the installation of third party kernel extensions. macOS现在要求您手动批准第三方内核扩展的安装。 Everything remains the same at developer side to sign kext with apple approved certificate. 在开发人员方面,使用Apple认可的证书签署kext的一切都保持不变。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.