Kext Signing

[Benjamin-Dobell]

As of Yosemite, Apple bans drivers that haven't received explicit approval from Apple. The only workaround I'm aware of is to set a system flag to globally allow all unsigned kernel extensions. This means WavTap will not work unless you've enabled kext-dev-mode, using something like this:

sudo nvram boot-args=kext-dev-mode=1
Yes, this sucks.

My apologies if you've already looked into this and been rejected by Apple, but in my experience this is a very easy problem to solve.

Apple aren't blocking third-party extensions, they're blocking unsigned extensions. If you're a registered Apple Developer you can simply contact Apple and ask them for Kext signing to be added to your Apple Developer account.

Just for reference, this isn't hearsay, Glass Echidna, my company, has Kext signing permissions for Heimdall, even though it simply uses a codeless kext.

[Birch-san]

Perhaps this is a big ask, but could you please compile this thing, sign it in Glass Echidna's name, and submit a release somewhere? (I suppose you could fork it and do so in your repository). It's MIT-licensed, so I think you're permitted.

Obviously it would be better for the project maintainer to do this, but I'm not seeing many signs of life.

I suspect a large number of people would be happy if a "just works" build were to be made available, even if it's unofficial. I'd much rather use a "signed but unofficial" build than turn off system integrity protection to get the official build.

[jsejcksn]

Here is information about code signing on macOS:

About Code Signing

macOS Code Signing In Depth

User-Approved Kernel Extension Loading