所以我们有一个证书,可以让我们对kexts进行签名,
但是当我们运行> sudo kextload friendly.kext时,它将失败
我们对所需的kext进行了签名,并证明它已签名,这是一些诊断输出:
👉codesign --verify -vvvv friendly.kext
friendly.kext: valid on disk
friendly.kext: satisfies its Designated Requirement
👉spctl -a -vvvv friendly.kext
friendly.kext: accepted
source=Developer ID
origin=Developer ID Application: Friendly Corporation
/Library/Extensions
👉codesign -dvvv friendly.kext
Executable=/Library/Extensions/friendly.kext/Contents/MacOS/friendly
Identifier=com.friendly.friendly
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20200 size=502 flags=0x0(none) hashes=18+3 location=embedded
Hash type=sha1 size=20
CDHash=a1e2bf8d53ea67c6cfe9fc3d6d2001fe56c838a7
Signature size=8528
Authority=Developer ID Application: Friendly Corporation
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Oct 9, 2014, 11:49:02 AM
Info.plist entries=21
TeamIdentifier=1234567890
Sealed Resources version=2 rules=12 files=1
Internal requirements count=1 size=180
👉codesign --verify -vvvv friendly.kext
friendly.kext: valid on disk
friendly.kext: satisfies its Designated Requirement
看起来已经正确签名;
但是,当我运行> sudo kextutil -v friendly.kext时:
Defaulting to kernel file '/System/Library/Kernels/kernel'
Diagnostics for /Library/Extensions/friendly.kext:
Code Signing Failure: code signature is invalid
/Library/Extensions/friendly.kext appears to be loadable (not including linkage for on-disk libraries).
ERROR: invalid signature for com.techsmith.friendly, will not load
我在想我是否下载了错误的证书(我们肯定已经批准了kext签名),尽管我以前尝试过重新下载一次证书,所以可能不是问题。
否则,这就是我签名的方式。我在想,也许这与我在对kext进行签名之前设置的权限有关?
有人看过这个问题吗?
提前致谢!
最佳答案
kext签名证书必须列出扩展名“(1.2.840.113635.100.6.1.18)”-这就是将其指定为启用kext的证书的原因。您可以通过在Keychain Access.app中查看它来轻松验证这一点。 (它列在底部附近,在扩展名“(1.2.840.113635.100.6.1.13)”下方,我认为该扩展名用于应用程序,因此出现在所有开发人员ID证书中)
关于macos - 与启用了kext的证书的Kext协同设计在kextload期间 "code signature invalid"失败,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/26283158/