Kernel Extension Not Loaded

0
votes

I built a self-made kernel extension (named KAuthTest.kext) and would like to test it out. So in a VM running macOS 10.12.3, I did the followings:

  • disable SIP by running csrutil disable in recovery mode, and reboot.
  • disable kext signing check by running sudo nvram kext-dev-mode=1 and reboot
  • give it permission: sudo chown -R root:wheel KAuthTest.kext

Then I load it using sudo kextload KAuthTest.kext.

However,

  1. in the system log, I didn't see the log from its start function
  2. when I run kextstat | grep -v com.apple to see all third party kexts, I didn't see my kernel extension.

So did I miss something? How I can successfully load this into the kernel?

Note:

  1. kextutil -n -print-diagnostics KAuthTest.kext gives this:

    Diagnostics for KAuthTest.kext: Code Signing Failure: code signature is invalid KAuthTest.kext appears to be loadable (including linkage for on-disk libraries).

  2. I did try rebooting, but still no luck
  3. If it matters, here's the source code for the kext
1
macoskerneldarwinkernel-extension
$ sudo nvram boot-args="kext-dev-mode=1" # Has No Effect ...l'L'l
@l'L'l ohh thanks for pointing out! My problem still exists tho :<hklel
Is your kext codesigned by chance?l'L'l
@l'L'l, nope, but I don't think it matters since I've disabled SIP, right? As Apple states here: "You can build unsigned kexts for internal testing, and disable System Integrity Protection on your test systems to allow unsigned kexts to load. "hklel
Well, according to the docs that's correct, although I've heard conflicting information from Apple devs... "All kexts must be signed and must live in /Library/Extensions since El Capitan. Only unsigned kexts could ever be in /System/Library/Extensions, but unsigned kexts are no longer allowed to load.", that coming from here: lists.apple.com/archives/darwin-kernel/2016/Jun/msg00010.html. So I'm guessing that it does need to be codesigned.l'L'l

1 Answers

1
votes

There's not enough info here just yet to work out what the problem is, so I'll give you a quick checklist:

  • Disabling SIP is sufficient for loading unsigned kexts. Check that it really is disabled using csrutil status on the target machine.
  • Don't use kextload to load kexts, use kextutil, without -n. What is the output of this?
  • You haven't added newline characters \n to all of your printf calls. Always terminate with a newline character, or the system log gets confused, and you might not find your messages.

As you're not seeing the kext in kextstat, that does suggest a problem at the loading stage. If your code could return something other than KERN_SUCCESS, that could be another source of error.

kextutil should tell you what went wrong.