Reputation: 22255
Is it feasible to write a macOS kernel-extension for Ventura?
I am planning to write a kernel extension for macOS Ventura to control sleep mode during some states that are not fully available from user land, such as lid-closing, power source change, etc. Also more control of the external displays.
There's a lot of old tutorials on the subject of writing kernel extensions for macOS, but only a few recent sources that claim that Apple had started to be very strict with kernel extensions.
So I'm wondering, what shall one do to load a kernel extension on Ventura? And is it even possible without changing the boot loader?
Upvotes: 0
Views: 720
Answers (1)
Reputation: 23428
You have 3 main obstacles:
- Code signing. To deploy kexts to Macs which don't have SIP disabled altogether, Apple needs to provide you with a special extension to the Developer ID signing certificate. You need to contact Apple about this and explain why you need to deploy a kext. They may or may not grant you the special certificate.
- Usability. Apple has made it increasingly awkward for users to install and approve third-party kexts:
- Users must explicitly approve kexts on a per-developer (code signing team) basis via a fairly hostile user interface in System Preferences by entering an admin password. Guiding users through this can be tricky.
- On arm64 (Apple Silicon, M1/M2/… series) Macs, the overall system security level must be lowered in order to install third party kexts. This requires the user to boot into recovery mode and change the setting. The UI for this could be worse, but some users will understandably balk at the scary warnings.
- Since macOS 11, changing the kext configuration always requires a reboot, because all kernel-executable code is loaded and sealed at boot time.
- Deprecation schedule. Apple has recently been deprecating, and usually one major OS release later, disabling kexts that use certain kernel API combinations altogether. If you develop a new kext now, even if it uses non-deprecated APIs, assume that the APIs it uses will soon become deprecated.
So, it's definitely possible to develop a new kext in 2023, but you really need a good reason to do so and convince both Apple and your users that they should trust you.
Upvotes: 4
Related Questions
- You don't have write permissions for the /Library/Ruby/Gems/2.3.0 directory. (mac user)
- How can I check for an active Internet connection on iOS or macOS?
- "Failed to bind" while loading a kernel extension on macOS 13 Ventura
- macOS: Unable to resolve symbols for custom kernel extensions
- Mount/Unmount filesystem from macOS kernel extension
- Using synchronization efficiently in macOS kernel extension
- Read file extended attributes from macOS kernel extension
- load kernel extension through C API?
- Why isn't my kernel extension writing to kernel.log
- How to determine if process has root privileges in a network kernel extension?