9

所以我们有一个允许我们签署 kexts 的证书,但是当我们运行 > sudo kextloadfriendly.kext 时,它失败了,我们签署了我们想要的 kext,为了证明它已经签署,这里有一些诊断输出:

codesign --verify -vvvv friendly.kext

friendly.kext: valid on disk
friendly.kext: satisfies its Designated Requirement

spctl -a -vvvv friendly.kext

friendly.kext: accepted
source=Developer ID
origin=Developer ID Application: Friendly Corporation 
/Library/Extensions 

代码设计-dvvv friendly.kext

Executable=/Library/Extensions/friendly.kext/Contents/MacOS/friendly
Identifier=com.friendly.friendly
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20200 size=502 flags=0x0(none) hashes=18+3 location=embedded
Hash type=sha1 size=20
CDHash=a1e2bf8d53ea67c6cfe9fc3d6d2001fe56c838a7
Signature size=8528
Authority=Developer ID Application: Friendly Corporation
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Oct 9, 2014, 11:49:02 AM
Info.plist entries=21
TeamIdentifier=1234567890
Sealed Resources version=2 rules=12 files=1
Internal requirements count=1 size=180

codesign --verify -vvvv friendly.kext

friendly.kext: valid on disk
friendly.kext: satisfies its Designated Requirement 

看起来签名正确;但是,当我运行 > sudo kextutil -v friendly.kext 时:

Defaulting to kernel file '/System/Library/Kernels/kernel'
Diagnostics for /Library/Extensions/friendly.kext:
Code Signing Failure: code signature is invalid
/Library/Extensions/friendly.kext appears to be loadable (not including linkage for on-disk libraries).
ERROR: invalid signature for com.techsmith.friendly, will not load 

我想要么我下载了错误的证书(我们肯定获得了 kext 签名的批准),尽管我之前尝试过重新下载证书一次,所以这可能不是问题。否则,这就是我签名的方式。我在想这可能与我在签署之前在 kext 上设置的权限有关?

以前有人见过这个问题吗?

提前致谢!

4

1 回答 1

13

kext 签名证书必须列出扩展名“( 1.2.840.113635.100.6.1.18 )” - 这就是将其指定为启用 kext 的证书的原因。您可以通过在 Keychain Access.app 中查看来轻松验证这一点。(它列在底部附近,在扩展名“(1.2.840.113635.100.6.1.13)”下方,我认为它用于应用程序,因此存在于所有开发者ID证书中)

于 2014-10-10T14:42:57.747 回答