unsigned kexts on Yosemite

René J.V. Bertin rjvbertin at gmail.com
Sat Jun 6 01:53:19 PDT 2015


On Friday June 05 2015 17:45:22 Landon Fuller wrote:

>It’s easy to runtime patch kextd to accept kexts signed with additional anchors, but that’s probably not shippable as a general solution.
Shippable no, but it seems the lesser "evil" compared to deactivating signing support altogether at boot time - supposing the patching can be done reliably. Any solution would be "replacing upstream" so not going to happen anyway ;)

>It may also be possible to bypass kextd by just calling OSKextLoadWithOptions() directly

That sounds shippable via a modified kextload utility. 

>but if that does work in Yosemite, it seems very likely to break in Yosemite+1 of OS X when they start applying additional iOS-style restrictions based on code signing entitlements + MAC.

Which would probably render kextd patching useless too? The code that enforces all these things wouldn't be available via opensource.apple.com, would it?

>
>Personally, I’m just staying with Mavericks.

If it had been feasible I'd have stayed with 10.6 but sadly Apple know how to make you update, and now that OS updates are free 3rd party providers are adopting the attitude that there's nothing keeping you from doing so (this was just discussed on a Qt ML).
[OT]
For me personally that means I may be leaving the Apple ecosystem sooner than I'd have thought, also because I wouldn't even know what to buy to replace my current MBP if I had to. Not that the situation appears to be any different with other manufacturers: apparently it's gone out of vogue to want a compact laptop with solid build quality, a powerful CPU (i7 style), upgradable RAM and 2.5" form-factor HDD/SDD, a good selection of ports including wired ethernet and at least the possibility not to add a $$$ fancy display because one already has a fine external display. All for the price of an MBP 13" ... minus the Apple Tax if possible.
For a while I thought I'd found a suitable OS X replacement in Linux + KDE4, but "KDE5" is becoming unavoidable while still far from production-ready IMO, and the same Ivvy Johnny style short-sighed design decisions have been made there that will almost unavoidably lead to yet another overhaul when they go out of fashion in 9 months or so.
All this really makes me feel ripe for retirement while being far from ready for it :-/
(IT is great - pass the prozac and I'll have a dab of Botax too :))
[/OT]


More information about the macports-dev mailing list