Allow Unsigned Kext Installation
| Originator: | tternes | ||
| Number: | rdar://19933525 | Date Originated: | 23-Feb-2015 |
| Status: | Open | Resolved: | |
| Product: | OS X | Product Version: | 10.10.1 |
| Classification: | Enhancement | Reproducible: | Always |
Summary: Kext signing requirements of Mavericks and Yosemite require users to enable kext-dev-mode in order to install unsigned kexts. While a reasonable requirement for kernel extension developers, end-users receiving a driver from a trusted source should not be required to completely disable system kext signing checks merely for a single extension. A more convenient approach would be to allow users to install (with appropriate privileges) one-off kexts. This would facilitate the installation of self-signed kernel extensions without requiring kext-dev-mode be enabled. Steps to Reproduce: 1. sudo kextload osx-pl2303.kext 2. observer kext not loaded Expected Results: kextload should allow for unsigned drivers to be loaded (with appropriate warnings, of course). Actual Results: kexts that are not signed by an Apple-provided certificate are not loadable on Yosemite without kext-dev-mode. It appears that these certificates are only provided to hardware manufacturers. Version: 10.10.1
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!