ACME

I am sending DeclarativeManagement with the MDM command, but it seems that it is not valid even if I send it to declaration-items What can you think of? iOS 16 MDM Command Command Data eyJTeW5jVG9rZW5zIjp7IlRpbWVzdGFtcCI6IjIwMjMtMTAtMThUMTE6MDY6MDJaIiwi RGVjbGFyYXRpb25zVG9rZW4iOiJiNjU0NDAyN2EzMTVjZDAwODVkNGNmMDgxNzQ2MjRj MmQxNDI0NDQ4MDQzMGE4N2IxNzZhMjcyN2U3MzY2MDA5In19 RequestType DeclarativeManagement CommandUUID 3398d0c0-8b36-4647-86ab-6a63f26d1576 UDID XXXXXXX-ZZZZZZZZZZZZZz declaration-items Rersponse(json) { DeclarationsToken: 1429e356-c51a-42a3-aff2-22963df30202, Declarations: { Assets: [ ], Management: [ { Type: com.apple.management.organization-info, Identifier: e07d18d6-4ec6-432a-b474-9b8816d029a2, ServerToken: 4922d69c-c231-426d-9598-c3acb612069e, Payload: { Email: email@example.com, Name: Acme Inc, URL: https://www.example.com } } ], Configurations: [ { Type: com.apple.configuration.legacy, Identifier: 84fe24b1-ac21-4a29-b279-70f715b3ac82, ServerToken: 0283b145-5791-4d7a-8a8e-769

This is my entitlements.plist: com.apple.security.app-sandbox com.apple.security.device.usb Check signing result, I run codesign -d --entitlements :- ./dist/My.app codesign -vv ./dist/My.app and I get this Executable=/dist/My.app/Contents/MacOS/main Warning: Specifying ':' in the path is deprecated and will not work in a future release com.apple.security.app-sandboxcom.apple.security.device.usbcom.apple.security.network.clientcom.apple.security.network.servercom.apple.security.temporary-exception.files.absolute-path.read-only/private/etc/apache2/mime.types ./dist/My.app: valid on disk ./dist/My.app: satisfies its Designated Requirement But when I run my app, I got ['/dev/cu.Bluetooth-Incoming-Port', 'n/a', 'n/a'] ['/dev/cu.usbmodem23401', 'GD32 USB CDC ACM in FS Mode', 'USB VID:PID=28E9:018A SER=GD32F30X-3.0.0-7z8x9yer LOCATION=2-3.4'] (1, could not open port /dev/cu.usbmodem23401: [Errno 1] Operation not permitted: '/dev/cu.usbmodem23401') My app can't access to my usb device, how can I solve this

I'm trying to implement ACME managed device attestation, I have ACME server code written in C# and I've been able to get all of the steps working except for the very last one - issuing the certificate. I so far have not been able to get the device to accept the certificate, the device logs show: Got certificate {length = ......} ACME request flow failed at step 9: Error Domain=NSOSStatusErrorDomain Code=-67673 failed to obtain certificate UserInfo={NSLocalizedDescription=failed to obtain certificate} The certificate is issued by an internal CA and the correct root certificate is in the device's trusted certs. I have tried returning the certificate chain as a file response or content response to the device as a application/pem-certificate-chain mime type (as outlined as the default in the ACME RFC), returning just the leaf certificate as PEM, returning the leaf certificate as DER with mime type application/pkix-cert, application/pkcs7-mime, application/x-pkcs12 or applicatio

Hi, I'm looking into ACME Managed Deice Attestation and was wondering about one of the values in the payload - AllowAllAppsAccess. From the documentation: If true, all apps have access to the private key but what is the case that you would have this set to true? seems like it opens up the device to potentially malicious software. Also, if this were set to true, how would an app access this private key when it is stored in the Secure Enclave? is there a specific tag that it is stored with?

I am attempting to communicate over serial with a USB-C device and an M-Series iPad. I have proven the device to communicate as expected (baud rate, parity, etc) via a Swift app on Mac using a third party library (IOKit) that utilizes the AppleUSBACM (v5.0.0) driver on macOS. I am looking to recreate this communication via iPadOS and a custom DriverKit driver that provides this same interface. There is not an example from Apple for serial communication and DriverKit but there is a couple for communicating from an app to the dext, and for other networking examples. There are also other mentions in WWDC videos but they are incomplete and do not provide the needed structure. Communicating between a driver extension and a client app Connecting a network driver Bring your driver to iPad with DriverKit System Extensions and DriverKit My question revolves around architecture and how to set up a driver for these needs. I have gotten the examples to run and understand what is needed for entitlements and other local si

I'm trying to implement managed device attestation, I have written server code in Go. So far, I have been able to implement all the steps except finalizing order by sending the Certificate url in the json response from where the client can download the certificate. ACME request flow failed at step 8: Error Domain=NSURLErrorDomain Code=-1002 unsupported URL UserInfo={NSLocalizedDescription=unsupported URL, NSErrorFailingURLStringKey=} For server, I am using localhost with https. The URL in certificate field of json response is working in browser/postman. I am not able to figure out what is the exact the cause of this error. As there is no FailingURLStringKey I suspect there might be some issue with key in the json response. Can anyone point me to the correct direction to figure out what is the issue?

Current Apple ACME Profile does not support EAB. Do you have any plan to support it?

I received two different emails from Apple regarding my developer account: An App Store invitation email stating: You're invited to join a development team, Acme Corp, in the Apple Developer Program so you can help develop, distribute, and manage their apps. The company name here correctly shows Acme Corp. A TestFlight invitation email with the subject line: TechSolutions LLC has invited you to test ShopEasy. In this email, TechSolutions LLC appears as the company name, but it should be either Acme Corp or simply the app name, ShopEasy. For context, I have two apps in my account: ShopEasy and TechApp. They are created as separate apps under Acme Corp, which is the entity registered in my Apple Developer account membership. Despite this, when I build ShopEasy for TestFlight, the email subject uses TechSolutions LLC as the company name, which is confusing for testers. Could someone help me understand where TechSolutions LLC is coming from, and how I can fix this so that the c