--- tags: Apple --- # Apple System Extension slide: https://hackmd.io/@QSquirrel/BJTEAwPzK {%hackmd ryr9Ug6sd %} --- > 這邊只有列出可能和 system driver 有關的部分, 並以<span class="highlight3">紅字</span>做重點, 而有關 App 的部分還請查看官網說明, 尤其是 Xcode 上的設定有許多新規則. > 本篇筆記作為紀錄, 最新內容請查看[這篇筆記](https://hackmd.io/@QSquirrel/HyUlguwGF) > [name=Nick Xiao] [time=September, 2020] [color=#907bf7] ## Develop 1. 請先到 [Beta Software Downloads](https://developer.apple.com/download/) 下載最新版 macOS Big Sur 11 和 Xcode 12. 1. 環境架設好後, 目前想要開發及發布除了需要開發者帳號以外, 還需要額外申請 System Extension 相關的權限([申請網址](https://developer.apple.com/contact/request/system-extension/)) 1. [WWDC2019](https://developer.apple.com/videos/wwdc2019/) 的影片[(System Extensions and DriverKit)](https://developer.apple.com/videos/play/wwdc2019/702/) 有提到一個 USBApp 的範例程式, 可以先從編譯這個專案開始 - [GitHub](https://github.com/knightsc/USBApp) 1. 編譯前環境設定: - 禁用 SIP, 請參考 [Disabling and Enabling System Integrity Protection](https://developer.apple.com/documentation/security/disabling_and_enabling_system_integrity_protection?language=objc). 由於關閉 SIP 會有安全風險, 因此開發暫停或完成時請記得重新將 SIP 開啟 - 啟用開發人員模式 ```shell $ systemextensionsctl developer on ``` 1. Xcode 設定:( 這裡以USBApp為例 ) - 當 Framework 部分顯示紅字, 也就是路徑錯誤時, 最簡單的方式是移除後重新加入, 就會是正確的路徑了 - Driver 及 USBApp 請先以 <span class="highlight3">"Sign to Run Locally" </span>作為開發, 不用更動 "Signing & Capabilities" 頁面的設定 ![](https://hackmd.io/_uploads/HJnuaUzNw.png) - 假如想要認證, 需選擇有開通 DriverKit 的帳號並且修改對應的 Bundle ID, driver 及 app 要一致 ![](https://hackmd.io/_uploads/H1fghTlEP.png =400x) :::info 由於目前 Apple 在發布上的規則有點相矛盾, 以至於目前還不能直接透過 Xcode 認證並發布, 根據開發者論壇中 Apple 的回覆, 如果要在正式版發布前進行認證與發布, 需要額外向 Apple 提出申請. 因此, 建議都先以 local 的方式做開發. ::: 6. System Extension 應擺放位置在: Contents/Library/SystemExtensionsApplicationssystemextensionsctl 1. 執行結果 ![](https://hackmd.io/_uploads/S1cFgOfNv.png) ## macOS Big Sur 11 Beta Release Note: https://developer.apple.com/documentation/macos-release-notes/macos-big-sur-11-beta-release-notes ## Updates in macOS Big Sur 11 Beta 6 ### Kernel **Known Issues** - DriverKit extensions might not function due to a permission issue. (67594339) **Workaround**: After building the extension but before installing it, run the following command: <span class="highlight3">sudo -S chmod -R u=rw+X,go=r+X ./ <dext path> </span> - Third-party driver extensions don’t run after restarting your Mac. (67416908) **Workaround**: Reinstall the extension each time after you restart your Mac. ### Xcode **Known Issues** - Legacy Xcode versions prior to 11.5 might unexpectedly quit when launched. (59991056) **Workaround**: Run the following command in Terminal: defaults write com.apple.dt.Xcode DVTDisableMainThreadChecker 1, then deselect Main Thread Checker in the Diagnostic tab of the Run and Test actions for each scheme in your project. - You’re currently unable to launch Mac Catalyst and iOS apps using Xcode. (67356581) ## Updates in macOS Big Sur 11 Beta 3 ### Known Issues - **Workaround**: After building the extension but before installing it, run the following command: <span class="highlight3"> Installing a new kernel extension requires signing in as an Admin user.</span> You must also restart your Mac to load the extension. Kernel extensions using certain deprecated KPIs won’t be loaded. For more information, see [Deprecated Kernel Extensions and System Extension Alternatives](https://developer.apple.com/support/kernel-extensions/). (55068348) :::warning **Workaround**:During development, you can temporarily disable System Integrity Protection to allow these deprecated kernel extensions to load. ::: - New in macOS Big Sur 11 beta, the system ships with a built-in dynamic linker cache of all system-provided libraries. As part of this change, copies of dynamic libraries are no longer present on the filesystem. Code that attempts to check for dynamic library presence by looking for a file at a path or enumerating a directory will fail. Instead, check for library presence by attempting to dlopen() the path, which will correctly check for the library in the cache. (62986286) - kmutil install might fail to build a development kextcache. (63772702) **Workaround**: Copy the release .elides to the locations of the development .elides: ```shell sudo cp /path/to/livemount/System/Library/KernelCollections/BootKernelExtensions.kc.elides /path/to/livemount/System/Library/KernelCollections/BootKernelExtensions.kc.development.elides sudo cp /path/to/livemount/System/Library/KernelCollections/BootKernelExtensions.kc.elides /path/to/livemount/System/Library/KernelCollections/BootKernelExtensions.kc.kasan.elides sudo cp /path/to/livemount/System/Library/KernelCollections/BootKernelExtensions.kc.elides /path/to/livemount/System/Library/KernelCollections/BootKernelExtensions.kc.debug.elides sudo cp /path/to/livemount/System/Library/KernelCollections/SystemKernelExtensions.kc.elides /path/to/livemount/System/Library/KernelCollections/SystemKernelExtensions.kc.development.elides sudo cp /path/to/livemount/System/Library/KernelCollections/SystemKernelExtensions.kc.elides /path/to/livemount/System/Library/KernelCollections/SystemKernelExtensions.kc.kasan.elides sudo cp /path/to/livemount/System/Library/KernelCollections/SystemKernelExtensions.kc.elides /path/to/livemount/System/Library/KernelCollections/SystemKernelExtensions.kc.debug.elides ``` - Use only absolute paths with the --volume-root option of kmutil, and don’t use a trailing /. (63773848) - Symbols exported by both xnu and Apple kernel extensions will change. Recompile your kernel extension with each update to macOS Big Sur 11 beta to ensure compatibility. (64262563) - Moving a kernel extension bundle out of /Library/Extensions might not completely uninstall it. (64331929) :::warning **Workaround**: 1. Remove the extension from /Library/Extensions. 1. Boot to macOS Recovery. 1. Run Terminal. 1. Enter the command kmutil trigger-panic-medic --volume-root /Volumes/<YourVolumeName>. 1. Restart your Mac. ::: ## Xcode 12.2 Beta Release Notes: https://developer.apple.com/documentation/xcode-release-notes/xcode-12_2-beta-release-notes/ ## Xcode 12 Release Notes: https://developer.apple.com/documentation/xcode-release-notes/xcode-12-release-notes ### Apple Clang Compiler **Deprecations** - <span class="highlight3">The stand-alone system assemblers for i386, x86_64, and arm are deprecated and may be removed in a future Xcode release.</span> Using the as command with the -Q flag shows a warning that instructs you to transition to Clang’s integrated assembler and the -q flag. The as(1) driver will remain, as a standard way to invoke Clang’s integrated assembler, as well as any assemblers installed by the developer. (61299833) ## Updates in Xcode 12 Beta 3 ### Signing and Distribution **New Features** - Xcode now supports automatic and manual signing for development and distribution of iPhone and iPad apps on Macs with Apple silicon. You must register your Mac with Apple silicon on the [Developer website](https://developer.apple.com/) in order to run Mac, Mac Catalyst, iPhone, or iPad apps. Registration requires your Mac’s hardware identifier, which you can find in Xcode’s error message or in the System Information app’s Hardware > Provisioning UDID field. (54476962, 65752056) **Resolved** - Automatic signing can now enable the Sign in with Apple capability for App Clip targets. (64452719) ## Deprecated Kernel Extensions and System Extension Alternatives https://developer.apple.com/support/kernel-extensions/ System extensions on macOS Catalina (10.15) allow software like network extensions and endpoint security solutions to extend the functionality of macOS without requiring kernel-level access. At [WWDC19](https://developer.apple.com/videos/wwdc2019/), we <span class="highlight3">announced the deprecation of kernel extensions </span> as part of our ongoing effort to modernize the platform, improve security and reliability, and enable more user-friendly distribution methods. Kernel programming interfaces (KPIs) will be deprecated as alternatives become available, and future OS releases will no longer load kernel extensions that use deprecated KPIs by default. ### Transitioning Your Kernel Extensions - If your software uses deprecated and supported KPIs, you’ll need to factor out deprecated components into a stand-alone system extension. If your software uses new system extensions and legacy kernel extensions, you can distribute to supported operating systems. Software that supports a broad range of macOS versions should continue to use kernel extensions for older versions and run system extensions where supported. - Below is a list of deprecated KPIs as of macOS 10.15. In macOS 10.15.4, use of deprecated KPIs triggers a notification to the user that the software includes a deprecated API and asks the user to contact the developer for alternatives. ### IOUSBFamily IOUSBFamily has been deprecated and headers removed from SDK since macOS El Capitan (10.11). All clients should move to IOUSBHostFamily or [USBDriverKit](https://developer.apple.com/documentation/usbdriverkit), where appropriate and outlined below. ### USB Serial The combination of using any IOSerialFamily KPI as well as any USB KPI (IOUSBHostFamily or IOUSBFamily) is deprecated. USB KPIs have alternatives in USBDriverKit. Clients of IOSerialFamily KPIs should use SerialDriverKit or [USBSerialDriverKit]( https://developer.apple.com/documentation/serialdriverkit) instead. ### USB Vendor Specific IPC Any kernel extension using USB KPI (IOUSBHostFamily or IOUSBFamily) that does not tie into the IO Family subsystem and uses <span class="highlight3">IOUserClient</span>, or subclasses, for IPC is deprecated. USB KPIs have alternatives in [USBDriverKit](https://developer.apple.com/documentation/usbdriverkit) or consider [IOUSBHost](https://developer.apple.com/documentation/iousbhost). [DriverKit](https://developer.apple.com/documentation/driverkit) also has mechanisms for communication channels. ### Contacting Us **Entitlements** To deploy drivers built with DriverKit, allow other developers to use your system extensions, or use the EndpointSecurity API, you’ll need an entitlement from Apple. [Request an entitlement >](**https://developer.apple.com/contact/request/system-extension/**) --- ## 待整理內容: - [Requesting Entitlements for DriverKit Developmen](https://developer.apple.com/documentation/driverkit/requesting_entitlements_for_driverkit_development?language=objc) - [Debugging and Testing System Extensions](https://developer.apple.com/documentation/driverkit/debugging_and_testing_system_extensions?language=objc) - [Disabling and Enabling System Integrity Protection](https://developer.apple.com/documentation/security/disabling_and_enabling_system_integrity_protection?language=objc) - 開發者論壇提到沒有支援 SCSI 相關 https://developer.apple.com/forums/thread/650611