DriverKit

RSS for tag

Develop device drivers that run in user space using DriverKit.

Posts under DriverKit tag

69 Posts

Post

Replies

Boosts

Views

Activity

DEXT receives zero-filled buffer from DMA, despite firmware confirming data write
Hello everyone, I am migrating a KEXT for a SCSI PCI RAID controller (LSI 3108 RoC) to DriverKit (DEXT). While the DEXT loads successfully, I'm facing a DMA issue: an INQUIRY command results in a 0-byte disk because the data buffer received by the DEXT is all zeros, despite our firmware logs confirming that the correct data was prepared and sent. We have gathered detailed forensic evidence and would appreciate any insights from the community. Detailed Trace of a Failing INQUIRY Command: 1, DEXT Dispatches the Command: Our UserProcessParallelTask implementation correctly receives the INQUIRY task. Logs show the requested transfer size is 6 bytes, and the DEXT obtains the IOVA (0x801c0000) to pass to the hardware. DEXT Log: [UserProcessParallelTask_Impl] --- FORENSIC ANALYSIS --- [UserProcessParallelTask_Impl] fBufferIOVMAddr = 0x801c0000 [UserProcessParallelTask_Impl] fRequestedTransferCount = 6 2, Firmware Receives IOVA and Prepares Correct Data: A probe in our firmware confirms that the hardware successfully received the correct IOVA and the 6-byte length requirement. The firmware then prepares the correct 6-byte INQUIRY response in its internal staging buffer. Firmware Logs: -- [FIRMWARE PROBE: INCOMING DMA DUMP] -- Host IOVA (High:Low) = 0x00000000801c0000 DataLength in Header = 6 (0x6) --- [Firmware Outgoing Data Dump from go_inquiry] --- Source Address: 0x228BB800, Length: 6 bytes 0x0000: 00 00 05 12 1F 00 3, Hardware Reports a Successful Transfer, but Data is Lost: After the firmware initiates the DMA write to the Host IOVA, the hardware reports a successful transfer of 6 bytes back to our DEXT. DEXT Completion Log: [AME_Host_Normal_Handler_SCSI_Request] [TaskID: 200] COMPLETING... [AME_Host_Normal_Handler_SCSI_Request] Hardware Transferred = 6 bytes [AME_Host_Normal_Handler_SCSI_Request] - ReplyStatus = SUCCESS (0x0) [AME_Host_Normal_Handler_SCSI_Request] - SCSIStatus = SUCCESS (0x0) The Core Contradiction: Despite the firmware preparing the correct data and the hardware reporting a successful DMA transfer, the fDataBuffer in our DEXT remains filled with zeros. The 6 bytes of data are lost somewhere between the PCIe bus and host memory. This "data-in-firmware, zeros-in-DEXT" phenomenon leads us to believe the issue lies in memory address translation or a system security policy, as our legacy KEXT works perfectly on the same hardware. Compared to a KEXT, are there any known, stricter IOMMU/security policies for a DEXT that could cause this kind of "silent write failure" (even with a correct IOVA)? Alternatively, what is the correct and complete expected workflow in DriverKit for preparing an IOMemoryDescriptor* fDataBuffer (received in UserProcessParallelTask) for a PCI hardware device to use as a DMA write target? Any official documentation, examples, or advice on the IOMemoryDescriptor to PCI Bus Address workflow would be immensely helpful. Thank you. Charles
2
0
102
7h
DriverKit DEXT Logs Only Once, Subsequent Logs Are Lost Despite Normal Functionality
Hello everyone, I've encountered a very strange and persistent logging issue with my DriverKit DEXT and would appreciate any insights from the community. [Problem Summary] My DriverKit DEXT, along with its companion Swift app, is functionally working perfectly. I can repeatedly call methods in the DEXT from the app (e.g., a Ping-Pong test and a StaticProcessInbandTask call) and receive the correct response every time. However, the os_log messages within my IOUserClient subclass are only successfully recorded for the very first set of interactions. After that, all subsequent logs are completely missing. What's even stranger is that all successfully recorded logs are attributed to the kernel: process, even for purely user-space methods like ExternalMethod. [Development Environment] macOS: 15.7.1 Xcode: 16.4 Hardware: MacBook Pro M1 DEXT Logging Macro (Log.h): #include <os/log.h> #define Log(fmt, ...) \ do { \ os_log(OS_LOG_DEFAULT, "[%{public}s] " fmt, __FUNCTION__, ##__VA_ARGS__); \ } while (0) [Steps to Reproduce & Observed Behavior] The DEXT is successfully loaded via the companion app. I click the "Ping-Pong" button, then the "Process InBand" button in the app. The app's UI log correctly shows that the request was sent and a successful response was received from the DEXT. I repeat step 2 multiple times. Each interaction works flawlessly from the app's perspective. I then use the log show command to export the logs from this period, for example: log show --last 5m | grep "com.accusys.Acxxx.driver" > dext_logs.txt Observed Result (Log Content): In the dext_logs.txt file, I can only see the logs from the very first Ping-Pong and the very first Process InBand call. All subsequent, successful operations leave no trace in the logs. kernel: (com.accusys.Acxxx.driver.dext) [ExternalMethod] // { --- kernel: (com.accusys.Acxxx.driver.dext) [ExternalMethod] // --- } kernel: (com.accusys.Acxxx.driver.dext) [StaticPingPong] // { --- kernel: (com.accusys.Acxxx.driver.dext) [StaticPingPong] // --- } kernel: (com.accusys.Acxxx.driver.dext) [ExternalMethod] // { --- kernel: (com.accusys.Acxxx.driver.dext) [ExternalMethod] // --- } kernel: (com.accusys.Acxxx.driver.dext) [StaticProcessInbandTask] // { --- kernel: (com.accusys.Acxxx.driver.dext) [StaticProcessInbandTask] // --- } <--- END OF FILE (No new logs appear after this point) ---> [Core Questions] Why are logs in IOUserClient subclass only recorded once? Given the DEXT is clearly still running and processing requests, why would os_log calls only succeed in writing to the system log database on the first interaction? Why are all logs attributed to the kernel? Why would logs from 100% user-space code like ExternalMethod and StaticPingPong be attributed to the kernel process? [Solutions Attempted That Did Not Work] I have verified with ps aux that the DEXT process (com.accusys.Acxxx.driver) is running continuously in the background and has not crashed. Attempted to force-restart the logging service with sudo killall logd, but the issue persists. Performed the most thorough reset possible using systemextensionsctl reset followed by a full reboot, then reinstalled the DEXT. The issue remains exactly the same. Thank you for any possible help or suggestions Best, Charles
3
0
89
19h
How to allocate contiguous memory in DriverKit?
We want to allocate a block of contiguous memory (≤1M) for audio ring DMA usage, but we haven't found any explicit method in the DriverKit documentation for allocating contiguous memory. I'm aware that IOBufferMemoryDescriptor::Create can be used in DriverKit to allocate memory and share it with user space. However, is the allocated memory physically contiguous? Can it guarantee that when I subsequently call PrepareForDMA in IODMACommand, there will be only one segment? Could you please help review this? Thank you!
1
0
54
20h
Xcode Signing Fails: Provisioning Profile "doesn't match" com.apple.developer.driverkit.userclient-access entitlement
Hello everyone, I am migrating a legacy KEXT to a DriverKit (DEXT) architecture. While the DEXT itself is working correctly, I am completely blocked by a code signing issue when trying to establish the UserClient connection from our SwiftUI management app. Project Goal & Status: Our DEXT (com.accusys.Acxxx.driver) activates successfully (systemextensionsctl list confirms [activated enabled]). The core functionality is working (diskutil list shows the corresponding disk device node). The Core Problem: The userclient-access Signing Error To allow the app to connect to the DEXT, the com.apple.developer.driverkit.userclient-access entitlement is required in the app's .entitlements file. However, as soon as this entitlement is added, the build fails. Both automatic and manual signing fail with the same error: `Provisioning profile ... doesn't match the entitlements file's value for the ... userclient-access entitlement.` This build failure prevents the generation of an .app bundle, making it impossible to inspect the final entitlements with codesign. What We've Confirmed: The necessary capabilities (like DriverKit Communicates with Drivers) are visible and enabled for our App ID on the developer portal. The issue persists on a clean system state and on the latest macOS Sequoia 15.7.1. Our Research and Hypothesis: We have reviewed the official documentation "Diagnosing issues with entitlements" (TN3125). According to the documentation, a "doesn't match" error implies a discrepancy between the entitlements file and the provisioning profile. Given that we have tried both automatic and manual profiles (after enabling the capability online), our hypothesis is that the provisioning profile generation process on Apple's backend is not correctly including the approved userclient-access entitlement into the profile file itself. The build fails because Xcode correctly detects this discrepancy. Our Questions: Did we misunderstand a step in the process, or is the issue not with the entitlement request at all? Alternatively, are there any other modifications we can make to successfully connect our App to the DEXT and trigger NewUserClient? Thank you for any guidance.
11
0
237
5d
CreateMemoryDescriptorFromClient can't write data to user?
We've developed a PCIDriverKit driver for the capture card on macOS and have identified an issue: CreateMemoryDescriptorFromClient can only read data from the user space to the driver, but cannot write data back to the user. typedef struct _MWCAP_EDID_DATA { uint64_t size; uint64_t uaddr; } MWCAP_EDID_DATA; // App size_t xxx::GetEdid(void *buff, size_t size) { MWCAP_EDID_DATA edid; edid.size = size; edid.uaddr = (uint64_t)buff; kr = IOConnectCallStructMethod( connect, kUserGetEdid, &edid, sizeof(MWCAP_EDID_DATA), NULL, NULL ); // kr is 0. But However, the data in the buffer remains unchanged; // it does not reflect the EDID copied from the DEXT. return size; } // Driver MWCAP_EDID_DATA *edid = (MWCAP_EDID_DATA *)input; IOMemoryDescriptor *user_buf_mem = NULL; IOAddressSegment segment; segment.address = edid->uaddr; segment.length = edid->size; // We have verified that the values in edid->uaddr and edid->size are consistent with what was set by the application. ret = CreateMemoryDescriptorFromClient(kIOMemoryDirectionOutIn, 1, &segment, &user_buf_mem); if (ret != kIOReturnSuccess) { os_log(OS_LOG_DEFAULT, "Failed to create memdesc with error: 0x%08x", ret); break; } IOMemoryMap* user_buf_map = nullptr; ret = user_buf_mem->CreateMapping(0, 0, 0, 0, 0, &user_buf_map); if (ret != kIOReturnSuccess) { os_log(OS_LOG_DEFAULT, "Failed to create mapping with error: 0x%08x", ret); OSSafeReleaseNULL(user_buf_mem); break; } // ... fill the user_buf_map with edid data ... // For example: // memcpy(user_buf_map->GetAddress(), source_edid_data, edid->size); // At this point we have also verified the data in user_buf_map->GetAddress(), which matches our expectations. OSSafeReleaseNULL(user_buf_map); OSSafeReleaseNULL(user_buf_mem); Please help take a look, thank you!
1
0
59
6d
Custom USB Network Device Driver on iPhone
Hi, We are using the AX88772C as a USB->Ethernet bridge in a product we are developing. Due to the chip not following the NCM protocol, it is not supported by the default networking drivers on the iPhone. Initially, we intended on using DriverKit to develop a userspace driver for this device. However, we have been informed DriverKit is only available on iPad OS, not iOS. As such is the case, we have found two possible alternatives. First being IOkit, and the second being External Accessory Session (EASession). What are the limitations of each of these options? We need the ability to send and receive USB packets to Control and Bulk endpoints. Is this possible with either of the options defined above? Would either of these options require the device to be MFi certified? We have read that some APIs within IOkit require the apple device to be jailbroken. Is there a list of features that can be used without a jailbroken device? Documentation on these 2 options is limited, so any official documentation would be great. Thanks!
5
0
129
2w
Should UserSendCBD work on UAS interfaces?
The device I am trying to develop a firmware updater for is an NVMe drive with a USB4 interface. It can connect in USB4 mode (tunneled NVMe), in USB 3 mode or in USB 2 mode. In USB 2 and USB 3 mode, the device descriptor shows one interface with two alternates. Alternate 0 uses the bulk-only protocol, with one IN and one OUT pipe. Alternate 1 uses the UAS protocol, with two IN and two OUT pipes. I use identical code in my driver to send custom CDBs. I can see using IORegistryExplorer that in USB 2 mode, macOS chooses alternate 0, the bulk-only protocol. My custom CDBs and their accompanying data pay loads are put on the bus, more or less as expected. In USB 3 mode, macOS chooses alternate 1, the UAS protocol. My custom CDB is put on the bus, but no payload data is transferred. Is this expected behavior? If so, is there a way to force the OS to choose alternate 0 even when on USB 3, perhaps with another dext? I'll file a bug about this when Feedback Assistant lets me.
4
0
129
2w
Blocking USB Devices on macOS – DriverKit or Other Recommended Approach
Hi Apple, We are working on a general USB device management solution on macOS for enterprise security. Our goal is to enforce policy-based restrictions on USB devices, such as: For USB storage devices: block mount, read, or write access. For other peripherals (e.g., USB headsets or microphones, raspberry pi, etc): block usage entirely. We know in past, kernel extension would be the way to go, but as kext has been deprecated. And DriverKit is the new advertised framework. At first, DriverKit looked like the right direction. However, after reviewing the documentation more closely, we noticed that using DriverKit for USB requires specific entitlements: DriverKit USB Transport – VendorID DriverKit USB Transport – VendorID and ProductID This raises a challenge: if our solution is meant to cover all types of USB devices, we would theoretically need entitlements for every VendorID/ProductID in existence. My questions are: Is DriverKit actually the right framework for this kind of general-purpose USB device control? If not, what framework or mechanism should we be looking at for enforcing these kinds of policies? We also developed an Endpoint Security product, but so far we haven’t found a relevant Endpoint Security event type that would allow us to achieve this. Any guidance on the correct technical approach would be much appreciated. Thanks in advance for your help.
6
0
123
3w
IOS alternatives to DriverKit
Hi, We were planning on using DriverKit to develop a USB Driver on IOS for iPhone. Within the DriverKit website, it say 'IOS16.0+' which lead us to believe it was compatible with iPhones running IOS16.0+. However, it appears DriverKit is only available for iPads running iPadOS, and computers running macOS. Are there any alternatives that would allow us to create a device specific USB driver for an iPhone running IOS?
1
0
100
Sep ’25
How do I use IOUserSCSIPeripheralDeviceType00?
I am having similar problems to this guy on Stack Overflow over a year ago: https://stackoverflow.com/questions/77627852/functions-of-iouserscsiperipheraldevicetype00-class-in-scsiperipheralsdriverkit There are also a few questions on this forum about this object, none of which have answers. I can get my driver to match and instantiate, but nobody calls my UserDetermineDeviceCharacteristics (which does nothing, just returns kIOReturnSuccess) I can attempt to call UserSuspendServices(), UserResumeServices() or UserReportMediumBlockSize() and all of them return kIOReturnUnsupported. It doesn't matter if I've unmounted the disk or not. Is the custom driver supposed to be instantiated beside the kernel's IOSCSIPeripheralDeviceType00, or should it replace it? What should its IOProviderClass be? What should its IOClass be - IOUserService, or something else? see FB19678139 and FB19677920
5
0
136
Sep ’25
Trouble with OSDeclareDefaultStructors.
Hi guys! OK, reaching out for some help here. I am having all kinds of trouble with OSDeclareDefaultStructors. I have seriously been at this for nearly a week now and have come to the conclusion that I need to reach out for help from people that are more experience using Xcode. I believe entirely that my issue is just that I can't for whatever reason see how to set up includes and libraries and things like that. I have this line: OSDeclareDefaultStructors(NukeVirtualGamepad) No matter what I do, Xcode will not recognize OSDeclareDefaultStructors. The project builds a DriverKit &gt; Driver extension. I have literally tried absolutely everything with this. I am at a loss for words. I even set up a new blank project and it still will not recognize OSDeclareDefaultStructors. I did a lot of research and it looks like expo needs OSDeclareDefaultStructors in order for the extension to build with a binary in it instead of being just a codeless extension. Here is the code with the issue: #pragma once #include &lt;DriverKit/OSMetaClass.h&gt; #include &lt;HIDDriverKit/IOUserHIDDevice.h&gt; #include &lt;DriverKit/OSData.h&gt; class NukeVirtualGamepad : public IOUserHIDDevice { OSDeclareDefaultStructors(NukeVirtualGamepad) // The problem is right here! This line! public: // Keep it minimal; no 'override' keywords since the .h types may not mark them virtual bool init(); void free(); kern_return_t Start(IOService* provider); void Stop (IOService* provider); OSData* newReportDescriptor(); // (Optional) helper you’ll use later to inject input matching your report kern_return_t PostInput(uint16_t buttons, int8_t x, int8_t y); }; I do have to mention to everyone that I am still very new with Xcode. So there is a ton that I don't know yet or might be misunderstanding. Has anyone seen this before? Thank you in advance.
4
0
163
Aug ’25
driverkit.transport.usb
I’m creating my first DriverKit extension and I ran into an entitlement issue when trying to load my driver. Error 0x0 8397 7 taskgated-helper: (ConfigurationProfiles) [com.apple.ManagedClient:ProvisioningProfiles] App.Dext: Unsatisfied entitlements: com.apple.developer.driverkit.transport.usb I have already registered the entitlement com.apple.developer.driverkit.transport.usb with my vendor ID in the Apple Developer portal. However, when I download the provisioning profile, it doesn’t include the idVendor value. Screenshot from the developer portal (provisioning profile without idVendor) ? <key>com.apple.developer.driverkit.transport.usb</key> <array> <dict> <key>idVendor</key> <integer>1356</integer> </dict> </array> -Is this error caused by me registering the vendor ID incorrectly? -Or is there an issue with how the entitlement is reflected in the provisioning profile? Any guidance would be appreciated.
1
0
90
Aug ’25
Unable to localize driver name or description
I am trying to localize the CFBundleDisplayName and OSBundleUsageDescription of a driver that is part of an app. I am able to use InfoPlist.strings files to localize the Bundle display name for the app, but when I try to use the same file as part of the driver, the name displayed in settings for the app does not change correctly. In fact, it seems to follow the default language set in the xcode project. If the default language is not included in the suite of InfoPlist.strings files, it seems to take the string from the info.plist file. sometimes it just seems to take the English version regardless of the default language or tablet language. Has anyone had success with this?
4
7
152
Aug ’25
driverkit.transport.usb
I’m creating my first DriverKit extension and I ran into an entitlement issue when trying to load my driver. Error 0x0 8397 7 taskgated-helper: (ConfigurationProfiles) [com.apple.ManagedClient:ProvisioningProfiles] App.Dext: Unsatisfied entitlements: com.apple.developer.driverkit.transport.usb I have already registered the entitlement com.apple.developer.driverkit.transport.usb with my vendor ID in the Apple Developer portal. However, when I download the provisioning profile, it doesn’t include the idVendor value. Screenshot from the developer portal (provisioning profile without idVendor) ? <key>com.apple.developer.driverkit.transport.usb</key> <array> <dict> <key>idVendor</key> <integer>1356</integer> <!-- Sony --> <!-- Có thể bổ sung: <key>idProduct</key> <integer>XXXXX</integer> --> </dict> </array>
1
0
95
Aug ’25
libclang_rt.profile_driverkit.a' not found
Hi guys! I have gone through an absolute nightmare, trying to solve the issue that I am about to tell you about. As the title says, I am getting the error: Library '/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/17/lib/darwin/libclang_rt.profile_driverkit.a' not found I trimmed off part of that directory as I did not want to reveal that information about my computer. From what I can tell, the file in question is no longer even a part of Xcode. I have searched, it is not on my computer anywhere. I have also downloaded older versions of Xcode to search with it. None of them have it. I have literally tried everything under the Son to solve this issue. I have been stuck on it for two days. I have even resorted to doing something I hate, which is asking for ChatGPT to assist me with solving the issue. No help there. I am at my wits end. So I am coming to you guys, have you seen this error? Any ideas at all? The odds are pretty good whatever you recommend I have probably already tried 200 times over. But I am still open to hearing anything. Have any of you had this error? Any ideas? I am on the latest version of macOS. The project is for a macOS app. M4 Mac mini. Any additional information I can provide, that will be helpful? At this point, I am leaning more towards this being a bug with Xcode than anything.
2
0
100
Aug ’25
Using alternate DriverKit SDKs in Xcode
After some experimentation with copying multiple DriverKit SDKs into /Applications/Xcode.app/Contents/Developer/Platforms/DriverKit.platform/Developer/SDKs/DriverKit, it's become clear that Xcode only supports the DriverKit version that ships with it. There is no way to configure an alternative SDK within a project and changing to a different one results in strange build warnings and errors. This begs the question - how are developers supposed to develop and support dexts? Here's one example scenario: SCSIDriverKit introduced a breaking change in DriverKit 24.4 (macOS 15.4 and Xcode 16.3) due to a new feature. Once a dext is built against that kit, it will not function on macOS 15.0-15.3 whether that feature is implemented or not. We found a similar thing with NetworkingDriverKit as well. So, over the course of maintaining a Sequoia product while working in Sequoia itself, simply updating Xcode breaks the product. Not to mention trying to maintain a Sequoia product in Tahoe when it is released. How is this a good developer experience? Are developers resigned to having a myriad of Xcode versions which may require booting into multiple macOS versions to use? That would in turn produce a myriad of product versions that would need to be deciphered by the user or an installer? Shouldn't developers be able to use the latest tooling while still being able to produce products for OSes that are just a year or two old? Or should DriverKit files be conditionalized so configuring a deployment version in Xcode actually builds the right thing even with the latest SDK? I just don't get it. Help me understand. Replacing kexts with dexts seems like a development nightmare.
1
0
84
Aug ’25
Is it possible to create a virtual NPU device on macOS using Hypervisor.framework + CoreML?
Is it possible to expose a custom VirtIO device to a Linux guest running inside a VM — likely using QEMU backed by Hypervisor.framework. The guest would see this device as something like /dev/npu0, and it would use a kernel driver + userspace library to submit inference requests. On the macOS host, these requests would be executed using CoreML, MPSGraph, or BNNS. The results would be passed back to the guest via IPC. Does the macOS allow this kind of "fake" NPU / GPU
1
0
329
Aug ’25
Use 3rd party USB drivers in iPadOS?
Hi everyone, I'm working with a third party to integrate their USB driver into our app and I'm wondering if iPadOS supports bundling a prebuilt .systemextension file with the entitlement com.apple.developer.system-extension.redistributable into our app that has the com.apple.developer.driverkit.communicates-with-drivers entitlement? If not, is there a way to bundle a third party USB driver into our iPad app?
2
0
194
Jul ’25
DriverKit issue with TestFlight
Hi, We’re developing a DriverKit extension for iPadOS. In local Debug and Release builds, everything works as expected, but the same build uploaded to TestFlight fails at IOServiceOpen with the following errors: -536870212 (0xE00002EC) kIOReturnUnsupported -536870201 (0xE00002F7) kIOReturnNotPermitted What we’ve verified so far App entitlements We checked our main app entitlements file, and it has the correct capabilities for the driverkit communication &lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"&gt; &lt;plist version="1.0"&gt; &lt;dict&gt; &lt;key&gt;com.apple.developer.driverkit.communicates-with-drivers&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.developer.driverkit.userclient-access&lt;/key&gt; &lt;array&gt; &lt;string&gt;abc.def.ABCDriver&lt;/string&gt; &lt;/array&gt; &lt;key&gt;com.apple.developer.system-extension.install&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.app-sandbox&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.device.usb&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.files.user-selected.read-write&lt;/key&gt; &lt;true/&gt; &lt;/dict&gt; &lt;/plist&gt; we also checked the Provisioning profile (as shown on the portal) and the “Enabled Capabilities” seems to have the correct DriverKit Capabilities enabled. Enabled Capabilities Access Wi-Fi Information, DriverKit, DriverKit (development), DriverKit Communicates with Drivers, DriverKit USB Transport (development), DriverKit USB Transport - VendorID, DriverKit UserClient Access, iCloud, In-App Purchase, Sign In with Apple, System Extension When we download and inspect the provisioning profile as plain text, we notice that some expected DriverKit entitlements appear to be missing from the section. &lt;key&gt;Entitlements&lt;/key&gt; &lt;dict&gt; &lt;key&gt;beta-reports-active&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.developer.networking.wifi-info&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.developer.driverkit&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.developer.driverkit.communicates-with-drivers&lt;/key&gt; &lt;true/&gt; &lt;key&gt;application-identifier&lt;/key&gt; &lt;string&gt;ABC123456.abc.def&lt;/string&gt; &lt;key&gt;keychain-access-groups&lt;/key&gt; &lt;array&gt; &lt;string&gt;ABC123456.*&lt;/string&gt; &lt;string&gt;com.apple.token&lt;/string&gt; &lt;/array&gt; &lt;key&gt;get-task-allow&lt;/key&gt; &lt;false/&gt; &lt;key&gt;com.apple.developer.team-identifier&lt;/key&gt; &lt;string&gt;ABC123456&lt;/string&gt; &lt;key&gt;com.apple.developer.ubiquity-kvstore-identifier&lt;/key&gt; &lt;string&gt;ABC123456.*&lt;/string&gt; &lt;key&gt;com.apple.developer.icloud-services&lt;/key&gt; &lt;string&gt;*&lt;/string&gt; &lt;key&gt;com.apple.developer.icloud-container-identifiers&lt;/key&gt; &lt;array&gt;&lt;/array&gt; &lt;key&gt;com.apple.developer.icloud-container-development-container-identifiers&lt;/key&gt; &lt;array&gt;&lt;/array&gt; &lt;key&gt;com.apple.developer.ubiquity-container-identifiers&lt;/key&gt; &lt;array&gt;&lt;/array&gt; &lt;key&gt;com.apple.developer.driverkit.transport.usb&lt;/key&gt; &lt;array&gt; &lt;dict&gt; &lt;key&gt;idVendor&lt;/key&gt; &lt;integer&gt;1234&lt;/integer&gt; &lt;/dict&gt; &lt;/array&gt; &lt;key&gt;com.apple.developer.applesignin&lt;/key&gt; &lt;array&gt; &lt;string&gt;Default&lt;/string&gt; &lt;/array&gt; &lt;/dict&gt; We have a couple of questions: Could the missing com.apple.developer.driverkit.userclient-access entitlement in the provisioning profile alone explain the kIOReturnUnsupported / kIOReturnNotPermitted failures from IOServiceOpen? Why do some DriverKit capabilities appear in the Apple Developer portal UI but vanish from the actual profile we download? Is there an extra step we’re overlooking when regenerating profiles after toggling those capabilities? Thanks
8
0
213
Jul ’25