激活无代码DEXT后,获取OSSystemExtensionErrorCodeSignatureInvalid [英] Getting OSSystemExtensionErrorCodeSignatureInvalid After Codeless DEXT is Activated
问题描述
我构建了一个无代码的DEXT来代替一个有效的无代码的KEXT-将无代码的KEXT迁移到无代码的DEXT .我引用了一些站点和GitHub存储库将它们放在一起,并得到了其他SO用户的帮助.
I built a codeless DEXT to replace a working codeless KEXT - Migrating a codeless KEXT to a codeless DEXT. I referenced a few sites and GitHub repositories to put it together and had help from other SO users.
我正在关闭SIP的情况下运行,开发人员模式已打开(systemextensionsctl开发人员已打开).我正在遵循此处概述的建议 https://github.com/knightsc/USBApp/issues/1 用于签署应用程序和 dex.
I am running with SIP turned off, developer mode is on (systemextensionsctl developer on). I am following the advice outlined here https://github.com/knightsc/USBApp/issues/1 for signing the app and dext.
当我运行该应用程序时,该应用程序已嵌入并要求扩展激活,该功能 似乎 成功.但是,我接到一个电话-
When I run the app it is embedded in and request activation for the extension, that function seems to succeed. However, I then get a call to -
request:didFailWithError:
当工作队列线程启动时,在我的OSSystemExtensionRequestDelegate派生的请求对象上
.错误是OSSystemExtensionErrorCodeSignatureInvalid.我认为线程与我用来构造OSSystemExtensionRequest的dispatch_queue_t有关.
on my OSSystemExtensionRequestDelegate-derived request object when a work-queue thread starts up. The error is OSSystemExtensionErrorCodeSignatureInvalid. I assume that thread is related to the dispatch_queue_t I used to construct the OSSystemExtensionRequest.
从周围搜索和Apple资料中,我了解OSSystemExtensionErrorCodeSignatureInvalid与权利和签名有关.当我运行systemextensionsctl list时,我得到-
From searching around and Apple source, I understand OSSystemExtensionErrorCodeSignatureInvalid is related to entitlements and signing. When I run systemextensionsctl list I get -
1 extension(s)
--- com.apple.system_extension.driver_extension
enabled active teamID bundleID (version) name [state]
* * <REDACTED> Home.MyUsbDrver (1.0/1) Home.MyUsbDrver [activated enabled]
当我运行codesign -d -vvv --entitlements:-时,我得到-
When I run codesign -d -vvv --entitlements :- , I get -
Executable=/Users/.../TestDequeueApp.app/Contents/MacOS/TestDequeueApp
Identifier=Home.TestDequeueApp
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20500 size=1055 flags=0x10000(runtime) hashes=24+5 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=HASH
CandidateCDHashFull sha256=LONG HASH
Hash choices=sha256
CMSDigest=DIGEST
CMSDigestType=2
CDHash=HASH
Signature size=4745
Authority=Apple Development: MY Apple ID STUFF
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Signed Time=Aug 6, 2020 at 10:51:41 AM
Info.plist entries=23
TeamIdentifier=TEAM ID
Runtime Version=10.15.6
Sealed Resources version=2 rules=13 files=7
Internal requirements count=1 size=188
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.files.user-selected.read-only</key>
<true/>
<key>com.apple.developer.system-extension.install</key>
<true/>
<key>com.apple.developer.system-extension.uninstall</key>
<true/>
</dict>
</plist>
不确定在此是否看到任何错误,并且代码签名脚本似乎正常运行.这是我的DEXT权利文件,其中为旧版设备(我的DEXT info.plist的IOKitPersonalities部分中列出的同一设备)设置了com.apple.developer.driverkit.transport.usb-
Not sure I see anything wrong there and the code signing script seems to run correctly. Here is my DEXT entitlement file with com.apple.developer.driverkit.transport.usb set for a legacy device (the same device listed in IOKitPersonalities section of my DEXT info.plist) -
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.developer.driverkit</key>
<true/>
<key>com.apple.developer.driverkit.transport.usb</key>
<array>
<dict>
<key>idVendor</key>
<integer>5843</integer>
<key>idProduct</key>
<integer>33</integer>
</dict>
</array>
<key>com.apple.security.app-sandbox</key>
<true/>
</dict>
</plist>
因此,该扩展程序似乎处于活动状态且已启用,但是在验证过程中出现了某些故障.
So it seems that the extension is active and enabled, but something fails during validation.
在此问题上的任何帮助或投入,将不胜感激.
Any help or input on this problem would be appreciated.
更新:
仅出于笑容,我运行了未安装系统扩展程序的生产应用程序,以查看它是否会导致我的硬件匹配.自从安装了驱动程序,它就安装了.但是,当我尝试访问设备时,我崩溃了.看来还是进步.
Just for grins, I ran my production app that does not install the system extension to see if it would cause my hardware to match. Since the driver was installed, it did. However, when I tried to access the device I got a crash. That still seems like progress.
推荐答案
经过一个星期的假期根本没有考虑工作,我解决了这个问题!我在如何设置`com中重新阅读了信息.apple.developer.driverkit.transport.usb的权利?,并且意识到我的权利文件格式不正确.
After a week of vacation not thinking about work at all, I figured this problem out! I re-read information in How to set `com.apple.developer.driverkit.transport.usb` entitlement? and realized my entitlements file was not correctly formatted.
这是我的旧文件,是在Xcode的编辑器中创建的:
Here is my old file, created in the editor in Xcode:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.developer.driverkit</key>
<true/>
<key>com.apple.developer.driverkit.transport.usb</key>
<array>
<dict>
<key>idVendor</key>
<integer>VID0</integer>
<key>idProductArray</key>
<array/>
<key>item 0</key>
<integer>PID0</integer>
<key>item 1</key>
<integer>PID1</integer>
<key>item 2</key>
<integer>PID2</integer>
<key>item 3</key>
<integer>PID3</integer>
<key>item 4</key>
<integer>PID4</integer>
</dict>
</array>
<key>com.apple.security.app-sandbox</key>
<true/>
</dict>
</plist>
由于某种原因,数组元素坚持使用键/值格式.查看帖子中的示例以及有关plist文件的其他信息,我对此进行了手工
For some reason, the array element insisted on having a key/value format. Looking at an example from the post as well as other information about plist files, I hand-edited to this:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.developer.driverkit</key>
<true/>
<key>com.apple.developer.driverkit.transport.usb</key>
<array>
<dict>
<key>idVendor</key>
<integer>VID0</integer>
<key>idProductArray</key>
<array>
<integer>PID0</integer>
<integer>PID1</integer>
<integer>PID2</integer>
<integer>PID3</integer>
<integer>PID4</integer>
</array>
</dict>
</array>
<key>com.apple.security.app-sandbox</key>
<true/>
</dict>
</plist>
现在,数组元素看起来正确,并且驱动程序已加载并运行,因此我可以从设备读取数据.
Now the array element looks correct, and the driver loads and functions so that I can read data from my device.
关于如何使Xcode编辑器运行的任何想法,还是只是我没有正确使用它?
Any ideas on how to make the Xcode editor behave, or is it just me not using it correctly?
这篇关于激活无代码DEXT后,获取OSSystemExtensionErrorCodeSignatureInvalid的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!