jeudi 26 février 2015

Options for signing kernel extensions for loading under Yosemite without apple-issued certificate?


Has anyone tried to use codesign to self-sign a previously-unsigned kext for personal use under Yosemite (10.10)? Self-signing is discussed in this apple technote, but not for kernel extensions specifically.


In my case, I have an unsigned kext that I'm willing to trust, but I also like the idea of the safety net only loading signed kexts provides in the general case. I'd rather specifically allow this one that I trust rather than just turn off verification wholesale with the dev mode boot option.


ALTERNATIVELY


Does anybody know where the trusted CA certificate(s) are stored for the kernel? Creating one's own CA and installing that in the kernel's cert db would be another way to accomplish the same thing. I could then sign that kext myself.





Aucun commentaire:

Enregistrer un commentaire