9
因此,我们有一个证书,允许我们签署kexts,但是当我们运行> sudo kextload friendly.kext时,它会失败 ,我们签署kext我们希望,并证明它的签署,这里的一些诊断输出:在Kextload期间对kext启用kext启用证书的代码签名失败,“代码签名无效”
协同设计--verify -vvvv friendly.kext
friendly.kext: valid on disk
friendly.kext: satisfies its Designated Requirement
SPCTL -a -vvvv friendly.kext
friendly.kext: accepted
source=Developer ID
origin=Developer ID Application: Friendly Corporation
/Library/Extensions
协同设计-dvvv friendly.kext
Executable=/Library/Extensions/friendly.kext/Contents/MacOS/friendly
Identifier=com.friendly.friendly
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20200 size=502 flags=0x0(none) hashes=18+3 location=embedded
Hash type=sha1 size=20
CDHash=a1e2bf8d53ea67c6cfe9fc3d6d2001fe56c838a7
Signature size=8528
Authority=Developer ID Application: Friendly Corporation
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Oct 9, 2014, 11:49:02 AM
Info.plist entries=21
TeamIdentifier=1234567890
Sealed Resources version=2 rules=12 files=1
Internal requirements count=1 size=180
协同设计--verify -vvvv friendly.kext
friendly.kext: valid on disk
friendly.kext: satisfies its Designated Requirement
它看起来像它的正确签名; 然而,当我运行>须藤kextutil -v friendly.kext:
Defaulting to kernel file '/System/Library/Kernels/kernel'
Diagnostics for /Library/Extensions/friendly.kext:
Code Signing Failure: code signature is invalid
/Library/Extensions/friendly.kext appears to be loadable (not including linkage for on-disk libraries).
ERROR: invalid signature for com.techsmith.friendly, will not load
我想无论是我下载的证书错误的(我们绝对得到批准KEXT签字),但我试图重新下载证书前一次所以这可能不是问题。否则,这是我签署的方式。我想也许它与我在kext上设置的权限有关,然后再签署它们?
有没有人见过这个问题?
在此先感谢!
是的,我有一个正在运行的shell脚本我忘了更新,但基本签署了我的正确签名。所以我签署的是正确的,但是shell脚本只会在无效的证书上签名。只是昨天没有在球上 – 2014-10-10 15:31:25
显然kext签名不再可用于新的证书......那些已经有他们,享受! http://stackoverflow.com/questions/26671885/codesigned-kext-but-why-not-load-in-yosemite10-10 – gimix 2014-11-23 23:27:39
@gimix据我所知,默认情况下从未在Developer ID证书上启用kext签名。 Kext签名检查是在OS X 10.9中引入的,当10.9仍处于测试阶段时,我的客户请求启用kext的Developer ID。 – pmdj 2014-11-24 07:57:24