Unable to sign kext on Mac 10.9.5

1
votes

I have two kexts, built on the same machine with the same Xcode. When I try signing each kext with a kext enabled certificate from Apple on 10.9.5, one succeeds and gets a V2 certificate, the other fails - see below:

codesign -f -s "Developer ID Application: myCompanyname" kextname.kext/
kextname.kext/: replacing existing signature
kextname.kext/: main executable failed strict validation

When I print out code sign -dvvv it shows the signature is V2.

I compared the info.plist files for both of the kexts and also ensured that the required fields as specified by Apple are present. I am not using resource-rules in the codesign command but yet one of the two kexts is still failing.

I have searched forums/Google but have no idea what "strict validation" is, can anyone help?

1
macososx-maverickscode-signingkernel-extensionosx-gatekeeper
Seems it already was signed (See "replacing existing signature"). Perhaps the V2 codesign tool has problems to replace the old V1 signatures?? I would try to sign newly built (unsigned) kext.mity

1 Answers

0
votes

Yes I had this problem last week and found out that you now need a special certificate to sign kexts. see https://developer.apple.com/developer-id/ on the bottom right, that's where you can apply for the certificate.

For now, as a temporary workaround you can type this command in your terminal: sudo nvram boot-args="kext-dev-mode=1" and restart your computer. It basically tells your machine to ignore invalid signatures on kexts.