Mac OS High Sierra kext signing
Question
Apple recently introduced a new security feature in Mac OS High Sierra for ' User Approved Kernel Extension Loading '.
" ...a new feature that requires user approval before loading newly-installed third-party kernel extensions (KEXTs). When a request is made to load a KEXT that the user has not yet approved, the load request is denied. Apps or installers that treat a KEXT load failure as a hard error will need to be changed to handle this new case. "
Does this mean developers can sign kexts with their own developer certificates, and no longer need specific Apple approved certificates to ship kexts to users?
2 answers
solution1
2 ACCPTED 2017-09-25 21:28:58
从苹果公司那里得知,这不会改变kext代码签名过程,您仍然需要它们提供的证书才能对kext进行签名。
solution2
1 2017-10-05 10:46:18
https://developer.apple.com/library/content/technotes/tn2459/_index.html
Secure Kernel Extension Loading is a new security feature of macOS High Sierra. macOS now requires you to manually approve the installation of third party kernel extensions. Everything remains the same at developer side to sign kext with apple approved certificate.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.