Understand the role of drivers in bridging the gap between software and hardware, ensuring smooth hardware functionality.

Drivers Documentation

Post

Replies

Boosts

Views

Activity

Adjust Latency Timer for the AppleUSBFTDI Driver
How do I adjust the latency timer for the AppleUSBFTDI driver? I am developing an app in Swift using Xcode on a MacBook Pro M1 running Big Sur, for clinical brain-computer interface (BCI) research. The app needs very low-latency streaming from an external USB device. The external device is a headset which connects via Bluetooth to an FT231X chip mounted on a USB-Serial dongle. The FT231X chip reads timestamped EEG data from the headset. The issue is that the AppleUSBFTDI driver is buffering the packets coming in from the headset, which causes jitter in the timestamps. Typically, with proprietary drivers from FTDI, the solution is to reconfigure them to reduce the latency timer to 1ms. The Info.plist is edited to add new key/value pairs. Is there a similar solution for Apple's built-in driver?
1
1
957
Sep ’21
Launching Network System Extension from LaunchAgent
In another question on this forum (https://developer.apple.com/forums/thread/124775) eskimo stated that launching a system extension from an daemon is not the right approach and that the OSSystemExtensionRequest.activationRequest API should be called from an App. My question is, does this same restriction apply to a LaunchAgent started App? If so, to ensure activation as soon as possible is the only option to use a SMLoginItemSetEnabled helper to start the App on login?
5
0
1.3k
Mar ’22
is XPC from app to CMIOExtension possible?
I built an app which hosts a CMIOExtension. The app works, and it can activate the extension. The extension loads in e.g. Photo Booth and shows the expected video (a white horizontal line which moves down the picture). I have a couple of questions about this though. The sample Camera Extension is built with a CMIOExtension dictionary with just one entry, CMIOExtensionMachServiceName which is $(TeamIdentifierPrefix)$(PRODUCT_BUNDLE_IDENTIFIER) This Mach service name won't work though. When attempting to activate the extension, sysextd says that the extensions has an invalid mach service name or is not signed, the value must be prefixed with one of the App Groups in the entitlement. So in order to get the sample extension to activate from my app, I have to change its CMIOExtensionMachServiceName to <my team ID>.com.mycompany.my-app-group.<myextensionname> Is this to be expected? The template CMIOExtension generates its own video using a timer. My app is intended to capture video from a source, filter that video, then feed it to the CMIOExtension, somehow. The template creates an app group called "$(TeamIdentifierPrefix)com.example.app-group", which suggests that it might be possible to use XPC to send frames from the app to the extension. However, I've been unable to do so. I've used NSXPCConnection * connection = [[NSXPCConnection alloc] initWithMachServiceName:, using the CMIOExtensionMachServiceName with no options and with the NSXPCConnectionPrivileged option. I've tried NSXPCConnection * connection = [[NSXPCConnection alloc] initWithServiceName: using the extension's bundle identifier. In all cases when I send the first message I get an error in the remote object proxy's handler: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named <whatever name I try> was invalidated: failed at lookup with error 3 - No such process." According to the "Daemons and Services Programming Guide" an XPC service should have a CFBundlePackageType of XPC!, but a CMIOExtension is of type SYSX. It can't be both. Does the CMIOExtension loading apparatus cook up a synthetic name for the XPC service, and if so, what is it? If none, how is one expected to get pixel buffers into the camera extension?
19
0
7.9k
May ’22
CoreMediaIO Camera Extension: custom properties?
I struggle to add custom properties to my streams as described in the WWDC22 video https://developer.apple.com/videos/play/wwdc2022/10022/ minute 28:17 The speaker describes using this technique in his CIFilterCam demo (would the source code be available please?) to let the app control which filter the extension should apply. Presumably, there's thus a way to: 1 - define a custom property in the camera extension's stream/device/provider? 2 - be able to use CoreMediaIO (from Swift?) in the app in order to set values of that custom property. This is not documented anywhere I could find. Help and sample code would be greatly appreciated. Thank you. Laurent
14
0
4.0k
Jun ’22
CoreMedia I/O Camera Extension Installation Error (Invalid Signature)
Hi! I'm trying to move from CoreMedio I/O DAL Plug-In to CoreMedia I/O camera extensions, announced in macOS 12.3. I created a test extension, placed it inside my app bundle into Contents/Library/SystemExtensions and signed with codesigning certificate. But when I try to install my extension from inside my app, using this code (Swift): func requestActivation() { guard case .idle = status else { fatalError("Invalid state") } print("Requesting activation of extension \"\(extensionIdentifier)\"") let req = OSSystemExtensionRequest.activationRequest(forExtensionWithIdentifier: extensionIdentifier, queue: DispatchQueue.main) req.delegate = self OSSystemExtensionManager.shared.submitRequest(req) status = .requested } I'm getting an error: OSSystemExtensionErrorDomain error 8: Code Signature Invalid which is rather generic. Can anybody tell me what I am doing wrong? Or at least propose some steps to find it out? I'm posting here entitlements and codesign output for my extension and containing application for further information. kdg@admins-Mac-mini SystemExtensions % codesign -d --entitlements - ./com.visicom.VirtualCamera.avextension.systemextension Executable=/Applications/VirtualCamera.app/Contents/Library/SystemExtensions/com.visicom.VirtualCamera.avextension.systemextension/Contents/MacOS/com.visicom.VirtualCamera.avextension [Dict] [Key] com.apple.security.app-sandbox [Value] [Bool] true [Key] com.apple.security.application-groups [Value] [Array] [String] 6SUWV7QQBJ.com.visicom.VirtualCamera kdg@admins-Mac-mini /Applications % codesign -d --entitlements - ./VirtualCamera.app Executable=/Applications/VirtualCamera.app/Contents/MacOS/VirtualCamera [Dict] [Key] com.apple.developer.system-extension.install [Value] [Bool] true [Key] com.apple.security.app-sandbox [Value] [Bool] true [Key] com.apple.security.application-groups [Value] [Array] [String] 6SUWV7QQBJ.com.visicom.VirtualCamera [Key] com.apple.security.files.user-selected.read-only [Value] [Bool] true kdg@admins-Mac-mini SystemExtensions % codesign -dvvv ./com.visicom.VirtualCamera.avextension.systemextension Executable=/Applications/VirtualCamera.app/Contents/Library/SystemExtensions/com.visicom.VirtualCamera.avextension.systemextension/Contents/MacOS/com.visicom.VirtualCamera.avextension Identifier=com.visicom.VirtualCamera.avextension Format=bundle with Mach-O universal (x86_64 arm64) CodeDirectory v=20500 size=1553 flags=0x10700(hard,kill,expires,runtime) hashes=37+7 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=25bd80657bfd6e0ab95467146c7b532817e9e520 CandidateCDHashFull sha256=25bd80657bfd6e0ab95467146c7b532817e9e5209fd50b0cb7ceef40dcfb40e8 Hash choices=sha256 CMSDigest=25bd80657bfd6e0ab95467146c7b532817e9e5209fd50b0cb7ceef40dcfb40e8 CMSDigestType=2 CDHash=25bd80657bfd6e0ab95467146c7b532817e9e520 Signature size=9006 Authority=Developer ID Application: Visicom Media Inc. (6SUWV7QQBJ) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=7 Jul 2022, 21:49:32 Info.plist entries=23 TeamIdentifier=6SUWV7QQBJ Runtime Version=12.3.0 Sealed Resources version=2 rules=13 files=0 Internal requirements count=1 size=200 kdg@admins-Mac-mini /Applications % codesign -dvvv ./VirtualCamera.app Executable=/Applications/VirtualCamera.app/Contents/MacOS/VirtualCamera Identifier=com.visicom.VirtualCamera Format=app bundle with Mach-O universal (x86_64 arm64) CodeDirectory v=20500 size=1989 flags=0x10700(hard,kill,expires,runtime) hashes=51+7 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=31e15fbbd436a67a20c5b58c597d8a4796a67720 CandidateCDHashFull sha256=31e15fbbd436a67a20c5b58c597d8a4796a6772020308fb69f4ee80b4e32788b Hash choices=sha256 CMSDigest=31e15fbbd436a67a20c5b58c597d8a4796a6772020308fb69f4ee80b4e32788b CMSDigestType=2 CDHash=31e15fbbd436a67a20c5b58c597d8a4796a67720 Signature size=9006 Authority=Developer ID Application: Visicom Media Inc. (6SUWV7QQBJ) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=7 Jul 2022, 21:58:09 Info.plist entries=20 TeamIdentifier=6SUWV7QQBJ Runtime Version=12.3.0 Sealed Resources version=2 rules=13 files=4 Internal requirements count=1 size=188 Thanks in advance!
8
0
2.4k
Jul ’22
ASUS XONAR PCI Audio Card kext signing/distribution
hi, so i have a little bit of work left on the Asus Xonar family of audio devices. thanks to APPUL's samplepciaudiodriver code and their excellent documentation, Evegeny Gavrilov's kxAudio driver for MAC and Takashi Iwai's exceptional documentation of the ALSA API i have something that is ready for testing. the stats look good, but unfortunately i this is my second HDAV1.3 deluxe. the other one is also in the same room consuming all of my devices with powered audio outputs. no matter, i am in the process of acquiring another xonar sound card in this family. which brings me to my question: what is the benefit of getting an apple developer account for 99 dollars a year? will i be able to distribute a beta kext with my signature that will allow people to test the binary? i don't think others could run a self-signed kext built on one machine, on another, correct? so would a developer license allow others to test a binary built on my machine, assuming they're x86? my hope is that the developer program would allow me to test the binaries and solicit input from enthusiast mac pro owners WORLD WIDE. i them hope to create a new program that will give us the wealth mixers/controls this fantastic line is capable of providing.
6
0
2.4k
Jan ’23
DriverKit driver doesn't appear in Settings when installed with iPad app
I'm working on a DriverKit driver. I have it running on macOS, including a very simple client app written in SwiftUI. Everything is working fine there. I've added iPadOS as a destination for the app as demonstrated in the WWDC video on DriverKit for iPadOS. The app builds and runs on my iPad, as expected (after a little work to conditionalize out my use of SystemExtensions.framework for installation on macOS). However, after installing and running the app on an iPad, the driver does not show up in Settings->General, nor in the app-specific settings pane triggered by the inclusion of a settings bundle in the app. I've confirmed that the dext is indeed being included in the app bundle when built for iPadOS (in MyApp.app/SystemExtensions/com.me.MyApp.MyDriver.dext). I also can see in the build log that there's a validation step for the dext, and that seems to be succeeding. I don't know why the app isn't being discovered -- or in any case surfaced to the user -- when the app is installed on the iPad. Has anyone faced this problem and solved it? Are there ways to troubleshoot installation/discovery of an embedded DriverKit extensions on iOS? Unlike on macOS, I don't really see any relevant console messages.
4
1
1.6k
Feb ’23
Subclassing from IOUserUSBSerial
Hey! I'am trying to write my own driver for usb serial device. I'am trying to subclass from IOUserUSBSerial #include <DriverKit/IOService.iig> #include <USBSerialDriverKit/IOUserUSBSerial.iig> class NewDriver: public IOUserUSBSerial { public:     virtual kern_return_t     Start(IOService * provider) override; }; but get a lot of errors such as   "IOUserUSBSerial::handleRxPacket(unsigned char*&, unsigned int&)", referenced from:       vtable for NewDriver in NewDriver.iig.o   "IOUserUSBSerial::handleInterruptPacket(unsigned char const*, unsigned int)", referenced from:       vtable for NewDriver in NewDriver.iig.o   "IOUserUSBSerial::free()", referenced from:       vtable for NewDriver in NewDriver.iig.o   "IOUserUSBSerial::init()", referenced from:       vtable for NewDriver in NewDriver.iig.o   "IOUserUSBSerial::initWith(IOBufferMemoryDescriptor*)", referenced from:       vtable for NewDriver in NewDriver.iig.o   "IOUserUSBSerial::_Dispatch(IOUserUSBSerial*, IORPC)", referenced from:       NewDriver::Start_Impl(IOService*) in NewDriver-e6d71af2158103084ce0c1eba7c6088d.o       NewDriver::_Dispatch(NewDriver*, IORPC) in NewDriver.iig.o   "vtable for IOUserSerial", referenced from:       IOUserSerial::IOUserSerial() in NewDriver.iig.o   NOTE: a missing vtable usually means the first non-inline virtual member function has no definition.   "vtable for IOUserUSBSerial", referenced from:       IOUserUSBSerial::IOUserUSBSerial() in NewDriver.iig.o   NOTE: a missing vtable usually means the first non-inline virtual member function has no definition.   "non-virtual thunk to IOUserUSBSerial::free()", referenced from:       vtable for NewDriver in NewDriver.iig.o   "non-virtual thunk to IOUserUSBSerial::init()", referenced from:       vtable for NewDriver in NewDriver.iig.o   "non-virtual thunk to IOUserUSBSerial::initWith(IOBufferMemoryDescriptor*)", referenced from:       vtable for NewDriver in NewDriver.iig.o   "non-virtual thunk to IOUserUSBSerial::handleRxPacket(unsigned char*&, unsigned int&)", referenced from:       vtable for NewDriver in NewDriver.iig.o   "non-virtual thunk to IOUserUSBSerial::handleInterruptPacket(unsigned char const*, unsigned int)", referenced from:       vtable for NewDriver in NewDriver.iig.o ld: symbol(s) not found for architecture x86_64 If I making any implementations of this methods errors staying on. What Im doing wrong? Is there anywhere examples for USBSerialDriverKit? Didn't find anything on github
2
0
1.1k
Mar ’23
Suspending USB Device
I'm working on a system management tool that should be able to Allow/Deny mass storage and portable devices. In case if it is a USB flash drive I can detect Mount events using Endpoint Security framework. Then using IOServiceGetMatchingServices I can find the actual device that is trying to mount new volume, check if it is an allowed device and Allow or Deny mount. But in case if it is an iPhone/iPad or Android device I can't rely on that solution as they don't mount new volumes but user can copy files to the phone. To cover this case I could respond with Deny for the ES_EVENT_TYPE_AUTH_IOKIT_OPEN event. But at that moment I know nothing about the device, only its class which is the same for a mouse and for iPhone. I can add a notification for adding new USB devices, but then I would need somehow to understand that it is a phone/tablet and disconnect or suspend needed USB Device. How could I disconnect or suspend a USB Device having only io_object_t?
6
0
1.1k
Nov ’23
Check from installing app if Full Disk Access has been enabled?
I have a macOS app that installs an endpoint system extension. After the user clicks "Allow" to allow it to be installed, the user must still scroll up to the "Full Disk Access" section and enable full disk access for the system extension. It is easy for the user to forget to do this. Is there an API (or other easy way) for the installing app to check whether the endpoint system extension has been granted full disk access? I would like to display some big message in the GUI saying "You must enable Full Disk Access" until they do.
1
0
772
Nov ’23
Driver kit issue with OS 17.1
In my application, I have used DriverKit USB Transport - VendorID. Now whenever I am trying to install my application using driver kit development profile, it throws me error that profile is not valid. Now, If I try to install the app using Adhoc profile, then I am able to install it. Can you update us, is there any changes are there in 17.1 OS with development profile.
2
0
529
Nov ’23
Connection between client and DriverKit
In a project, I'm using the DriverKit(and HIDDriverKit) framework. I have encountered a problem in the connection between the client app and the driver, which is implemented by the "IOKit" framework. By calling the function "IOServiceGetMatchingServices" the value of "iterator" returns correctly and then communication with the driver is done. However, after releasing the version on the TestFlight, on some systems, the value of the "iterator" returned 0 and it is not possible to communicate with the driver. I checked the status of the activated driver with the command "systemextensionsctl list" and there are no problems on the driver side and the values of "Enabled" and "Active" are starred. AppSandbox = True, SIP: enable ret = IOServiceGetMatchingServices(kIOMainPortDefault, IOServiceNameMatching(dextIdentifier), &iterator); if (ret != kIOReturnSuccess) { goto fail; } while ((service = IOIteratorNext(iterator)) != IO_OBJECT_NULL) { ret = IOServiceOpen(service, mach_task_self(), 0, &connection); if(ret == kIOReturnSuccess) { break; } else { syslog(LOG_WARNING, "IDmelonLog LIB: Can't open service"); } IOObjectRelease(service); }
3
0
834
Nov ’23
Capturing ipv6 traffic with AppProxyProvider on MacOS
I have implemented an AppProxyProvider (NETransparentProxyProvider) and I am able to capture traffic with it. I am also able to define network rules allowing me to exclude some traffic: let settings = NETransparentProxyNetworkSettings(tunnelRemoteAddress: "127.0.0.1:8080") settings.includedNetworkRules = [ NENetworkRule(remoteNetwork: NWHostEndpoint(hostname: "0.0.0.0", port: "0", remotePrefix: 0, localNetwork: nil, localPrefix: 0, protocol: .TCP, direction: .outbound) ] Now the documentation states that if I want to capture localhost traffic, I need to explicitly add the following rule: NENetworkRule(remoteNetwork: NWHostEndpoint(hostname: "127.0.0.0", port: "0", remotePrefix: 8, localNetwork: nil, localPrefix: 0, protocol: .TCP, direction: .outbound) and if I want to capture ipv6 localhost address: NENetworkRule(remoteNetwork: NWHostEndpoint(hostname: "::1", port: "0", remotePrefix: 128, localNetwork: nil, localPrefix: 0, protocol: .TCP, direction: .outbound) All this works great. Now I am having trouble capturing external ipv6 traffic. For example my ISP supports ipv6 and facebook.com resolves to 2a03:2880:f128:181:face:b00c:0:25de on my machine. I am unable to write any rule allowing me to capture with the system extension such traffic. Either I get errors that the network mask cannot be greater than 32 or the traffic simply doesn't flow through the extension. Here's an example request that I would like to capture: curl https://facebook.com -kvp * Trying [2a03:2880:f128:181:face:b00c:0:25de]:443... * Connected to facebook.com (2a03:2880:f128:181:face:b00c:0:25de) port 443 (#0) * ALPN: offers h2,http/1.1 * (304) (OUT), TLS handshake, Client hello (1): * (304) (IN), TLS handshake, Server hello (2): * (304) (IN), TLS handshake, Unknown (8): * (304) (IN), TLS handshake, Certificate (11): * (304) (IN), TLS handshake, CERT verify (15): * (304) (IN), TLS handshake, Finished (20): * (304) (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 * ALPN: server accepted h2 * Server certificate: * subject: C=US; ST=California; L=Menlo Park; O=Meta Platforms, Inc.; CN=*.facebook.com * start date: Aug 26 00:00:00 2023 GMT * expire date: Nov 24 23:59:59 2023 GMT * issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA * SSL certificate verify ok. * using HTTP/2 * h2 [:method: GET] * h2 [:scheme: https] * h2 [:authority: facebook.com] * h2 [:path: /] * h2 [user-agent: curl/8.1.2] * h2 [accept: */*] * Using Stream ID: 1 (easy handle 0x7fcb5c011e00) &gt; GET / HTTP/2 &gt; Host: facebook.com &gt; User-Agent: curl/8.1.2 &gt; Accept: */* &gt; &lt; HTTP/2 301 &lt; location: https://www.facebook.com/ &lt; strict-transport-security: max-age=15552000; preload &lt; content-type: text/html; charset="utf-8" &lt; x-fb-debug: uWVEw8FZUIXozHae5VgKvIDY5lgH/4Aph+h+nJNJpIr7jFZIFGy9LRLGCSwPudcFBdi4Mf4rLaKsNGCBxHDmrA== &lt; content-length: 0 &lt; date: Fri, 17 Nov 2023 14:14:03 GMT &lt; alt-svc: h3=":443"; ma=86400 &lt; * Connection #0 to host facebook.com left intact Can this be achieved?
3
0
590
Nov ’23
How to develop a driver extension for a USB mass storage device
I am currently in the process of developing a DEXT for a USB based external mass storage device using the USBDriverKit framework. IOUSBHostInterface is used as the provider to communicate with the interface's endpoints and I am successful in it. As per the IOUSBHostInterface documentation, To use a host interface object, call Open to create a new session between the interface and your driver. After successfully opening your session, you can request information from the interface and set up pipes to communicate with the interface's endpoints. Remember to close the session you opened in the Stop method of your driver. However, calling Open gains exclusive access to the USB interface and does not allow other services to access the interface. Also, to let go of the exclusive access, Close method can be called but in the Stop method which is called only once during the lifecycle of the extension (when the DEXT is unloaded). As a result of this, Apple's mass storage related KEXTs (media and partition related specifically) do not match the interface and so the filesystem of the drive in question does not get mounted whenever the DEXT has matched the interface. Is this exclusive access a limitation of USBDriverkit or is there any way to get around this issue in this case?
2
0
827
Nov ’23
IOHIDDeviceSetReport only works one time
I'm using IOKit to connect to a custom USB HID device. I'm using XCode 14 and running Swift/SwiftUI. So far I have had great success reading from the device with IOHIDDeviceGetReport and this can be done repeatedly with no issues. However, when I use IOHIDDeviceSetReport, I can only successfully set the report to the device one time correctly but any subsequent call to this function would just end up with an I/O Timeout. Any calls using IOHIDDeviceGetReport still works fine so the USB Device is still functioning correctly, but I couldn't receive any additional IOHIDDeviceSetReport call. If I unplug the USB and plug it in again, I can once again successfully send a command. This is, of course, not very practical for the end user to have to unplug and plug the device in after a single set command, and I don't quite understand what's going on with this. Here's my SetOutputReport function to call the IOHIDDeviceSetReport. The IOHIDDevice must already be connected and opened before calling this function so it's not nil. I don't have this "one shot send command" problem on the PC (Windows 7, 10, 11) or Android (v.11,12,13,14) implementation of this Custom USB HID device. It seems like there's something at the lower level of IOHIDDeviceSetReport on macOS which might be done differently than what's available on the PC or Android. Many searches on the web yielded no useful results. There's an IOHIDDeviceSetReportWithCallback function and it also seems only to work one time as well. private func SetOutputReport(dev: IOHIDDevice? ,reportID: Int, data:[UInt8], reportLength: Int) -&gt; String{ let inputReportID = reportID var buffer = data buffer[0] = UInt8(inputReportID) let bufferPointer = UnsafeMutablePointer&lt;UInt8&gt;.allocate(capacity: buffer.count) bufferPointer.initialize(from: &amp;buffer, count: buffer.count) //print(bufferPointer[0]) let bufferLength: CFIndex = buffer.count var success: IOReturn = kIOReturnError if(dev != nil){ success = IOHIDDeviceSetReport(dev!, kIOHIDReportTypeOutput, CFIndex(buffer[0]), bufferPointer, bufferLength) } print("Set report result \(krToString(success))") return krToString(success) }
1
0
902
Nov ’23
Removing a system extension from a correctly-signed and setup "uninstaller" app fails
Hey folks, I have an application that ships a CoreMedia I/O system extension to create a virtual camera. We separately ship an "uninstaller" app, which is a notarised AppKit app. This uninstaller removes the app, containers, and the system extension via the following API: let request = OSSystemExtensionRequest.deactivationRequest(forExtensionWithIdentifier: pluginIdentifier, queue: .main) request.delegate = self OSSystemExtensionManager.shared.submitRequest(request) The OSSystemExtensionRequest API does correctly deliver metadata via propertiesRequest(forExtensionWithIdentifier: …), but when we attempt to remove the extension using the above snippet, we get a failure OSSystemExtensionError.extensionNotFound. The uninstaller app is signed with the same entitlements and certificate as the host app. It also embeds a copy of the system extension as required by the API. I think the crux of the issue is: Should this be expected to work? We're all code-signed correctly etc, and the only difference is that the removal request is coming from an app with a different bundle identifier to the one that installed it start with. Thanks!
2
0
731
Nov ’23