Install driver without internet or administrator right

I want to install a driver package without internet access and the installation fail. This I think it is due to it need internet to check for signature with Apple Server.

The workaround is to disable System Integrity Protection, but I do not have the administrator password to disable it.

How to install a driver and allow a driver to run without internet access and administrator account? This driver is develop by ourself but how to by pass the code signing and security check for others to use this driver on their Mac PC?

Currently I am following https://developer.apple.com/documentation/systemextensions/ossystemextensionrequest/activationrequest(forextensionwithidentifier:queue:)

to activate the system extension If the extension is inactive, the system may need to prompt the user for approval. Which others API can I use which do not need prompt user for approval?

Beside in order to validate the code signing, it need to communicate with Apple server which required internet access. Any method to by pass this validation?

Answered by DTS Engineer in 809017022

You definitely need some sort of admin rights. There are two ways to activate a DriverKit driver:

  • Programmatically, via the System Extensions framework

  • With MDM

The first will prompt for admin authentication. The second only works if an admin user has enrolled the Mac into MDM in the first place.

On the Internet access front, I’m less certain. In most cases macOS will trust the notarised ticket stapled to your app. I talk about this more in Notarisation Fundamentals and The Pros and Cons of Stapling DevForums. I’m not sure if the system does additional checks for DriverKit drivers.

However, it seems like this is something you can confirm for yourself:

  1. Run the testing described in Testing a Notarised Product, initially starting with just your app.

  2. Assuming that works, try installing your driver.

  3. Assuming that fails, re-enable networking on your VM and try again.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Isn’t this the same issue as in your other thread?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Is different questions, that is silent install but this is more on need internet access or administrator right for the process in

https://developer.apple.com/documentation/systemextensions/installing-system-extensions-and-drivers

Is it a must have internet access and administrator right or there are others method can by pass the need for internet access and administrator right for driver installation and activation?

Accepted Answer

You definitely need some sort of admin rights. There are two ways to activate a DriverKit driver:

  • Programmatically, via the System Extensions framework

  • With MDM

The first will prompt for admin authentication. The second only works if an admin user has enrolled the Mac into MDM in the first place.

On the Internet access front, I’m less certain. In most cases macOS will trust the notarised ticket stapled to your app. I talk about this more in Notarisation Fundamentals and The Pros and Cons of Stapling DevForums. I’m not sure if the system does additional checks for DriverKit drivers.

However, it seems like this is something you can confirm for yourself:

  1. Run the testing described in Testing a Notarised Product, initially starting with just your app.

  2. Assuming that works, try installing your driver.

  3. Assuming that fails, re-enable networking on your VM and try again.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Install driver without internet or administrator right
 
 
Q