I would like to write a driver that supports our custom USB-C connected device, which provides a serial port interface. USBSerialDriverKit looks like the solution I need. Unfortunately, without a decent sample, I'm not sure how to accomplish this. The DriverKit documentation does a good job of telling me what APIs exist but it is very light on semantic information and details about how to use all of these API elements. A function call with five unexplained parameters just is that useful to me.
Does anyone have or know of a resource that can help me figure out how to get started?
DriverKit
RSS for tagDevelop device drivers that run in user space using DriverKit.
Posts under DriverKit tag
57 Posts
Sort by:
Post
Replies
Boosts
Views
Activity
I have a DriverKit system extension (dext) that uses PCIDriverKit. I would like to get the build environment straightened out to successfully distribute the dext and associated software to end users.
There are three types of software involved:
The Dext-hosting application - this is the application that must be installed to /Applications/, and will perform the registration of the dext. The dext is deployed "within" this application, and can be found in the /Contents/Library/SystemExtensions folder of the app bundle.
The dext itself - this is the actual binary system extension, which will be registered by its owning application, and will operate in its own application space independent of the hosting application.
Additional applications that communicate with the dext - these are applications which will connect to the dext through user clients, but these applications do not contain the dext themselves.
There are multiple locations where settings need to be exactly correct for each type of software to be signed, provisioned, and notarized properly in order to be distributed to users:
developer.apple.com - where "identifiers" and "provisioning profiles" are managed. Note that there are differences in access between "Team Agent", "Admin", and "Developer" at this site.
Xcode project's Target "Signing & Capabilities" tab - this is where "automatically manage signing" can be selected, as well as team selection, provisioning profile selection, and capabilities can be modified.
Xcode project's Target "Build Settings" tab - this is where code signing identity, code signing development team, code signing entitlements file selection, Info.plist options and file selection, and provisioning profile selection.
Xcode's Organizer window, which is where you manage archives and select for distribution. In this case, I am interested in "Developer ID" Direct Distribution - I want the software signed with our company's credentials (Team Developer ID) so that users know they can trust the software.
Choosing "automatically manage signing" does not work for deployment. The debug versions of software include DriverKit (development) capability (under App ID configuration at developer.apple.com), and this apparently must not be present in distributable provisioning. I believe this means that different provisioning needs to occur between debug and release builds?
I have tried many iterations of selections at all the locations, for all three types of binaries, and rather than post everything that does not work, I am asking, "what is supposed to work?"
I have two different USB devices with different vendor IDs I would like to connect to. I submitted two separate requests for the com.apple.developer.driverkit.transport.usb entitlement for each vendor ID. However I am noticing the provisioning profile only has one of the vendor IDs.
How do I submit a request for the USB Transport entitlement to support more than one vendor ID? I'm new to writing a DriverKit driver, so is this even possible?
I want to install a driver package without internet access and the installation fail. This I think it is due to it need internet to check for signature with Apple Server.
The workaround is to disable System Integrity Protection, but I do not have the administrator password to disable it.
How to install a driver and allow a driver to run without internet access and administrator account? This driver is develop by ourself but how to by pass the code signing and security check for others to use this driver on their Mac PC?
Currently I am following
https://developer.apple.com/documentation/systemextensions/ossystemextensionrequest/activationrequest(forextensionwithidentifier:queue:)
to activate the system extension
If the extension is inactive, the system may need to prompt the user for approval. Which others API can I use which do not need prompt user for approval?
Beside in order to validate the code signing, it need to communicate with Apple server which required internet access. Any method to by pass this validation?
Hello,
I'm developing a custom AU plugin that needs to connect to a DriverKit driver. Using the DriverKit sample (https://github.com/DanBurkhardt/DriverKitUserClientSample.git), I was able to get a standalone app to connect to the driver successfully. However, the AU plugin, running in a sandboxed host, isn't establishing the connection. I’ve already added the app sandbox entitlement, but it hasn’t helped. Any advice on what might be missing?
TIA!
I have an app that includes a DriverKit extension that up until now I've been building without issue using Xcode 13.
It was time to regenerate my Developer ID Application certificate so I needed to rebuild the app. However, I'm now running macOS Ventura and Xcode 14.3.1, and cannot get it to build in this later version of Xcode for reasons that are totally inscrutable to me. I've tried using both the newly generated provisioning profiles I've manually created in the "Certificates, Identifiers & Profiles" developer page, and the (still valid) provisioning profiles I already had installed.
The trouble is that, when I select a provisioning profile I made for the DriverKit extension, Xcode won't accept it for the following reason:
Platform: macOS
Doesn't match platform DriverKit
This makes no sense to me! There is no way to create a distribution provisioning profile for the "DriverKit" platform. All I can select is either "Mac" or "Mac Catalyst". So there's seemingly no way out of this. What am I missing?
In iPadOS 17.7 my driver shows up in settings just fine. After recompiling with Xcode 16 and installing my app (containing my driver) on iPadOS 18, the app shows up in settings but the driver-enable button is missing from Settings. When I plug-in my custom USB device, the app cannot detect it and I am left with no way to manually enable the driver, as I did in the previous version of iPadOS.
I am porting a working kernel extension IOKit driver to a DriverKit system extension. Our device is a PCI device accessed through Thunderbolt. The change from IOPCIFamily to PCIDriverKit has some differences in approach, though.
Namely, in IOKit / IOPCIFamily, this was the correct way to become Bus Leader:
mPCIDevice->setBusLeadEnable(true); // setBusMasterEnable(..) deprecated in OS 12.4
but now, PCIDriverKit's IOPCIDevice does not have that function. Instead I am doing the following:
// Set Bus Leader and Memory Space enable
uint16_t commandRegister = 0;
ivars->mPCIDevice->ConfigurationRead16(kIOPCIConfigurationOffsetCommand, &commandRegister);
commandRegister |= (kIOPCICommandBusLead | kIOPCICommandMemorySpace);
ivars->mPCIDevice->ConfigurationWrite16(kIOPCIConfigurationOffsetCommand, commandRegister);
But I am not convinced this is working (I am still experiencing unexpected errors when attempting to DMA from our device, using the same steps that work for the kernel extension).
The only hint I can find in the online documentation is here, which reads:
Note
The endpoint driver is responsible for enabling the Memory Space Enable and Bus Master Enable settings each time it configures the PCI device. When a crash occurs, or when the system unloads your driver, the system disables these features.
...but that does not state directly how to enable bus leader status. What is the "PCIDriverKit approved" way to become bus leader?
Is there a way to verify/confirm that a device is bus leader? (This would be helpful to prove that bus leadership is not the issue for DMA errors, as well as to confirm that bus leadership was granted).
Thanks in advance!
I'm working on an app that contains a USB Driver Kit extension for iPad (NOT MAC). The app contains two targets, the core app and the DriverKit extension target. I can run the app just fine using a dev cert and provisioning profile. ** What is the step-by-step process for signing the release build?** There seems to be no way to create a release profile for the Driver Kit target. I've tried multiple avenues, but come to a dead end on each. I have requested and received the correct entitlements.
Also, on a separate note, has anyone achieved this process using Fastlane? It seems particularly resistant to building the app with the driverkit extension, even for dev builds. It complains about the driverkit dev profile not being an iOS profile.
Thanks!
Hello team,
I am using USBDriverKit and Driverkit framework in my application for communication of USB device. After updating my iPad OS to 18 public beta, I am unable to get option to enable drivers in my setting page of my application. However, I am able to see that options in developer beta version of iPad OS 18.
Can anyone guide me, how should I proceed further as I am unable to use my USB devices.
I have an Xcode project with a main app target, and a dext target which builds a DriverKit driver which is embedded in the main app.
That all works, if I build the DriverKit target first, then switch to the app target and build that. The app and the driver work.
If I make the Driver target a dependency of the App target, building the Driver fails because a header is not found, thus building the app fails.
This doesn't make much sense - why does building a target as a consequence of dependence on another target produce a different result from building the same target manually?
Has anyone else seen behavior like this? Have any hints on how to fix it?
I've tried comparing the detailed build logs, but they don't shed much light - the lines are very long and the build steps appear to be executed in a different order. One strange thing I notice is that although I am building on an M1 Mac, with "build active architectures only" set to YES for both targets, in the Driver-target-only case, Driver.cpp is compiled for arm64, while in the failure case, Driver.cpp is compiled for x86_64. That doesn't make any sense to me either.
I'm using the following code to find the dext service. The driver is enabled in iOS settings prior to launching the app.
io_service_t mService = IO_OBJECT_NULL;
kern_return_t ret = kIOReturnSuccess;
io_iterator_t iterator = IO_OBJECT_NULL;
if (__builtin_available(iOS 15.0, *)) {
ret = IOServiceGetMatchingServices(kIOMainPortDefault, IOServiceNameMatching("MyDriver"), &iterator);
} else {
// Fallback on earlier versions
}
if (ret != kIOReturnSuccess)
{
printf("Unable to find service");
}
while ((mService = IOIteratorNext(iterator)) != IO_OBJECT_NULL)
{
//Only able to find service if launching the app first and then connecting the device
..........
}
I noticed the call IOServiceNameMatching doesn't return the same result for the following workflows:
Launch the app first and then connect the device, IOServiceGetMatchingServices can find the service.
Connect the device to USB-C port first, then launch the app, the same call can't find a matching service (iterator is null). I would need to disconnect and reconnect the device while the app is running in order to find the matching dext.
Any suggestion on how to find the matching dext service for workflow #2?
Thanks
Is there a way to detect at run-time whether the device supports USBDriverKit?
Currently system extension need to be activate through an .app, and then need to manual allow in System Settings, Privacy and Security Pane with root user password
How to install driver extension/system extension without any manual user click and just to install and allow all the permission using script?
I am developing a PCIDriverKit dext, and testing on Sequoia Beta (Version 15.0 Beta, 24A5298h). Both the dext and the "owning" application build on Xcode 16.0 beta 4. I can run the owning application and register the dext.
When the OS attempts to load the dext, though, code signing validation errors occur:
2024-07-30 15:54:02.386 Df kernel[0:ae6a] Driver com.company.Dext-Loader.dext has crashed 0 time(s)
2024-07-30 15:54:02.386 Df kernel[0:ae6a] DK: Dext_Loader_Driver-0x100001464 waiting for server com.company.Dext-Loader.dext-100001464
2024-07-30 15:54:02.388 Df kernelmanagerd[112:abb5] Found 1 dexts with bundle identifier com.company.Dext-Loader.dext
2024-07-30 15:54:02.388 Df kernelmanagerd[112:abb5] Using unique id a0cf49ca3ea45f5d54a3e8644e2dde6b0e8666c649c1e9513ca4166919038b53 to pick dext matching bundle identifier com.company.Dext-Loader.dext
2024-07-30 15:54:02.388 Df kernelmanagerd[112:abb5] Picked matching dext for bundle identifier com.company.Dext-Loader.dext: Dext com.company.Dext-Loader.dext v34 in executable dext bundle com.company.Dext-Loader.dext at /Library/SystemExtensions/B1BF8CDC-CB24-4F25-A8CA-D7A60D814861/com.company.Dext-Loader.dext.dext
2024-07-30 15:54:02.389 I kernel[0:ae71] igmp_domifreattach: reattached igmp_ifinfo for ifp XHC
2024-07-30 15:54:02.389 I kernel[0:ae71] mld_domifreattach: reattached mld_ifinfo for ifp XHC2
2024-07-30 15:54:02.389 Df kernelmanagerd[112:abb5] DextRecordTable read from plist: {
com.company.Dext-Loader.dext:
MRS-> Optional(( path: /Library/SystemExtensions/B1BF8CDC-CB24-4F25-A8CA-D7A60D814861/com.company.Dext-Loader.dext.dext; state: loaded ))
history-> [
( path: /Library/SystemExtensions/B1BF8CDC-CB24-4F25-A8CA-D7A60D814861/com.company.Dext-Loader.dext.dext; state: loaded )
]
}
2024-07-30 15:54:02.389 Df kernelmanagerd[112:abb5] Launching dext com.company.Dext-Loader.dext com.company.Dext-Loader.dext 0x100001464 a0cf49ca3ea45f5d54a3e8644e2dde6b0e8666c649c1e9513ca4166919038b53
2024-07-30 15:54:02.390 I kernelmanagerd[112:abb5] [com.apple.km:DextLaunch] Skipping addBreadcrumbForDextWithIdentifier for <private> 0
2024-07-30 15:54:02.389 Df kernel[0:ae71] ifnet_attach: Waiting for all kernel threads created for interface XHC2 to get scheduled at least once.
2024-07-30 15:54:02.389 Df kernel[0:ae71] ifnet_attach: All kernel threads created for interface XHC2 have been scheduled at least once. Proceeding.
2024-07-30 15:54:02.390 Df kernelmanagerd[112:abb5] Launching driver extension: Dext com.company.Dext-Loader.dext v34 in executable dext bundle com.company.Dext-Loader.dext at /Library/SystemExtensions/B1BF8CDC-CB24-4F25-A8CA-D7A60D814861/com.company.Dext-Loader.dext.dext
2024-07-30 15:54:02.479 E kernel[0:a9fb] (Sandbox) 1 duplicate report for Sandbox: imagent(633) deny(1) mach-lookup com.apple.contactsd.persistence
2024-07-30 15:54:02.479 E kernel[0:a9fb] (Sandbox) Sandbox: taskgated-helper(2985) deny(1) user-preference-read kCFPreferencesAnyApplication
2024-07-30 15:54:02.483 Df kernel[0:ae73] (AppleMobileFileIntegrity) AMFI: code signature validation failed.
2024-07-30 15:54:02.483 Df kernel[0:ae73] (AppleMobileFileIntegrity) AMFI: bailing out because of restricted entitlements.
2024-07-30 15:54:02.483 Df kernel[0:ae73] (AppleMobileFileIntegrity) AMFI: When validating /Library/SystemExtensions/B1BF8CDC-CB24-4F25-A8CA-D7A60D814861/com.company.Dext-Loader.dext.dext/com.company.Dext-Loader.dext:
Code has restricted entitlements, but the validation of its code signature failed.
Unsatisfied Entitlements:
2024-07-30 15:54:02.483 Df kernel[0:ae73] mac_vnode_check_signature: /Library/SystemExtensions/B1BF8CDC-CB24-4F25-A8CA-D7A60D814861/com.company.Dext-Loader.dext.dext/com.company.Dext-Loader.dext: code signature validation failed fatally: When validating /Library/SystemExtensions/B1BF8CDC-CB24-4F25-A8CA-D7A60D814861/com.company.Dext-Loader.dext.dext/com.company.Dext-Loader.dext:
Code has restricted entitlements, but the validation of its code signature failed.
Unsatisfied Entitlements:
2024-07-30 15:54:02.483 Df kernel[0:ae73] validation of code signature failed through MACF policy: 1
2024-07-30 15:54:02.483 Df kernel[0:ae73] check_signature[pid: 2984]: error = 1
2024-07-30 15:54:02.483 Df kernel[0:ae73] proc 2984: load code signature error 4 for file "com.company.Dext-Loader.dext"
2024-07-30 15:54:02.485 Df kernelmanagerd[112:abb5] [com.apple.libxpc.OSLaunchdJob:all] <OSLaunchdJob | handle=46B92B57-A90A-4EBD-8EF4-54313C6EE332>: submitAndStart completed, info=spawn failed, error=162: Codesigning issue
2024-07-30 15:54:02.483 Df kernel[0:ae73] (Sandbox) /Library/SystemExtensions/B1BF8CDC-CB24-4F25-A8CA-D7A60D814861/com.company.Dext-Loader.dext.dext/com.company.Dext-Loader.dext[2984] ==> com.apple.dext
2024-07-30 15:54:02.485 E kernelmanagerd[112:abb5] [com.apple.libxpc.OSLaunchdJob:all] <OSLaunchdJob | handle=46B92B57-A90A-4EBD-8EF4-54313C6EE332>: job failed to spawn, plist={
ProcessType => Driver
_ManagedBy => com.apple.kernelmanagerd
CFBundleIdentifier => com.company.Dext-Loader.dext
_JetsamPropertiesIdentifier => com.company.Dext-Loader.dext
LimitLoadToSessionType => System
_DextCheckInPort => <mach send right: 0xbd486ccc0> { name = 15679, right = send, urefs = 2 }
UserName => _driverkit
_NullBootstrapPort => true
ReslideSharedCache => false
LaunchOnlyOnce => true
Label => com.company.Dext-Loader.dext-0x100001464
RunAtLoad => true
ProgramArguments => [<capacity = 8>
0: /Library/SystemExtensions/B1BF8CDC-CB24-4F25-A8CA-D7A60D814861/com.company.Dext-Loader.dext.dext/com.company.Dext-Loader.dext
1: com.company.Dext-Loader.dext
2: 0x100001464
3: com.company.Dext-Loader.dext
]
SandboxProfile => com.apple.dext
}
The Xcode project uses these signing options:
Automatically manage signing
Team: Company
Provisioning Profile: Xcode Managed Profile
Signing Certificate: Apple Development: ()
The same project, with the same signing options, builds and loads its dext without issues from Xcode 15.3 on Sonoma 14.5. That same dext binary from Xcode 15.3 loads and passes the signature checks on Sequoia, but using Xcode on Sequoia is when the signature validation fails.
Can anyone suggest a way to resolve these signature validation errors? (Other than just developing on Sonoma and testing on Sequoia?)
Here is project I am researching: https://developer.apple.com/documentation/hiddriverkit/handling_stylus_input_from_a_human_interface_device
I have a Touch screen and I want:
can control this screen, I can enable extension and control Touch screen successfully.
can pen on this screen. To do this, I need to send X,Y to StylusApp(AppKit) But I Can not send X, Y to Swift StylusApp
Eventhough I can log X,Y it by default code:
But I don't know how to send it to AppKit to Pen.
I have research about communicate Driver and Client: https://developer.apple.com/documentation/driverkit/communicating_between_a_driverkit_extension_and_a_client_app#4324306 but seem HID driver don't support inheritance from IOUserClient:
In my account, there is already a driver kit usb transport vendor id(4070) in the Identifiers capability . I posted a new request for new usb vendor id(14203) , and there are now 2 driver kit usb transport vendor id entitlement in the account's identifiers, one is for old id (4070), another is not for new id(14203).
so how can I add a new usb vendor id ? or change the old one?
Hi,
I'm trying to test "https://developer.apple.com/documentation/networkingdriverkit/connecting_a_network_driver" on MacBook Pro M3 with 14.5 Sonoma, XCode 15.4, SIP is disabled.
Build steps are succesful, after running App, "Install Dext" is succesful, there is no error in XCode; "systemextensionctl list" show a record for "com.apple.system_extension.driver_extension" with [ activated enabled ] tag.
But, "ioreg" doesn't show any service for the dext; and no new interface with name "enXX" appears in System Settings in contrast to what the document describes. In addition, seldomly my device experiences crash when the dext remains installed where crash report points "IOReg" function.
I tried also Driver Kit Sample ( https://developer.apple.com/documentation/driverkit/driverkit_sample_code ) and a github project based on this sample having last commits 9 months ago. However, Dext installation reveals similar behavior and "Communicate with Dext" step is unsuccessful with the message "Driver is not connected".
Is there an updated version of Networking Driver Kit documentation to reach a running sample app for Sonoma 14.5?
Thanks.
Hi,
I'm trying to test the NetworkingDriverKitSampleApp at https://developer.apple.com/documentation/networkingdriverkit/connecting_a_network_driver for a while but I couldn't reach the final steps described in the documentation.
My setup: Xcode 15.4, MacBook Pro M3 with Sonoma 14.5, SIP is disabled.
I prepared the required provisinning profiles with required entitelements.
Dext and app builds successfully. Build path starts with "/Applications".
"Install Dext" operation is successful without any error after allowing necessary permission.
However, neither System Settings shows any new enXX interface, nor ioreg command shows a registered service while "systemextensionctl list" shows the expected result as a com.apple.system_extension.driver_extension record with [ activated enabled ].
I repeated the same steps for "Driver Kit Sample" at https://developer.apple.com/documentation/driverkit/driverkit_sample_code, "Install Dext" step succesful but "Communicate With Dext" results in "Driver is not connected" message. Similar to previous project, ioreg doesn't show any service for the dext while systemextensionctl lists [activeted enabled]. I also test an updated version of DriverKitSample at https://github.com/DanBurkhardt/DriverKitUserClientSample, which reproduced the same results.
Finally, my device experiences seldom crashes after passing sleep state when the dext remains installed; where crash report points "IOReg".
Is there any lacking steps on Apple documentation for Sonoma 14.5 or XCode 15.4 versions?
Thanks.
I'm trying to build an XCode project that contains an app and another target for the DriverKit, and run into the following linker issue:
ld: file cannot be open()ed, errno=2 path=/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/15.0.0/lib/darwin/libclang_rt.profile_driverkit.a in '/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/15.0.0/lib/darwin/libclang_rt.profile_driverkit.a'
clang: error: linker command failed with exit code 1 (use -v to see invocation)
My project has Code Coverage enabled. I noticed that if I disabled Code Coverage for all targets, I would be able to build successfully, and the driverKit would work as expected.
I wonder if it would be possible to build DriverKit without disabling code coverage.
Thanks