macOS 10.14 AppleKextExcludeList

App & System Services Core OS
IPv6Freely OP
Created Jun ’18
Replies 12
Boosts 0
Views 9.3k
Participants 4

macOS 10.14 Beta has a new version of AppleKextExcludeList that breaks every version of Oracle Virtualbox (currently they are on 5.2.12).


<key>org.virtualbox.kext.VBoxDrv</key>
      <string>LT 5.3</string>


In High Sierra, it was set to LE 4.3.24. Why would Apple have changed it to LT 5.3? I have tried everything I can think of, including disabling SIP, to get the VBoxDrv.kext loaded and macOS just simply refuses to do it.


sudo kextutil -v -t /Library/Application\ Support/VirtualBox/VBoxDrv.kext
Kext rejected due to presence on exclude list: <OSKext 0x7fce9af5b5d0 [0x7fff884448d0]>


I also added the Oracle Team ID to the whitelist, still with no luck:


[~]
cjones@cjones-mbp$ sudo spctl kext-consent list
Allowed Team Identifiers:
VB5E2TV963

[~]
cjones@cjones-mbp$ sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy "SELECT team_id,bundle_id,allowed,developer_name,flags from kext_policy"
VB5E2TV963|org.virtualbox.kext.VBoxDrv|1|Oracle America, Inc.|8
VB5E2TV963|org.virtualbox.kext.VBoxNetAdp|1|Oracle America, Inc.|8
VB5E2TV963|org.virtualbox.kext.VBoxNetFlt|1|Oracle America, Inc.|8
VB5E2TV963|org.virtualbox.kext.VBoxUSB|1|Oracle America, Inc.|8


From what I can conclude at this point is that either Apple will need to un-do the change they made to the AppleKextExcludeList or Oracle is going to have to update their kext to 5.3.


The issue is being tracked by Oracle as ticket #17805: https://www.virtualbox.org/ticket/17805


Any other suggestions?

Replies  12
Boosts  0
Views  9.3k
Participants  4
IPv6Freely OP
Jun ’18

Tracking as bug #41021597

0
kvn OP
Jun ’18

Thanks. I've also submitted a bug report.

0
IPv6Freely OP
Jun ’18

What is the bug ID for your report?

0
IPv6Freely OP
Jun ’18

Apple closed my bug report with the following:


This is an issue for a third party to resolve based on the following:


The kext is blocked because it will panic the machine if allowed to load. Oracle is aware of what changes need to be made, it was communicated to them already. This is Oracle's issue to resolve, please contact them with any additional feedback.


We are closing this report.


If you have questions about the resolution, or if this is still a critical issue for you, then please update your bug report with that information.


Please be sure to regularly check new Apple releases for any updates that might affect this issue.


I suppose that's that, then. I'd love to know why it will panic the machine but I guess that's for Oracle to explain, not Apple.

0
IPv6Freely OP
Jun ’18

Apple has been really useless on this. They closed the bug report and told me to open a Developer help request ticket. I did so and they closed that too, saying they don't support beta OS questions. Umm... then what is the point of having beta access as a developer if Apple will not assist developers who need to update their software for the latest OS beta so it can be functional BEFORE the OS goes public?


I don't understand why Apple refuses to just tell us exactly what needs updating for Mojave...

0
kode54 OP
Jun ’18

Apple has told Oracle exactly what they need to do to fix their kernel extensions. It's out of your control, unless you too have a kernel extension signing key, or want to run unsigned kernel extensions.

0
IPv6Freely OP
Jun ’18

Virtualbox is an open source project, so I am working on the patch. "Apple has told Oracle" is nonsense since the Oracle developers don't know anything about it. So it's not out of my control.


again I don't understand why Apple is so hesitant to help with this.

0
IPv6Freely OP
Jun ’18

Looks like we now have a working patch we're testing. It ***** that because of Apple's short-sightedness the new software will have to be released as a major version 5.3 despite it being a minor revision, but it is what it is.


For anyone reading this because they've encountered this issue, know that a fix is coming to the public soon-ish!

0
Yaroon OP
Jun ’18

Do you know how to edit "/System/Library/Extensions/AppleKextExcludeList.kext/Contents/Info.plist"


Changing VBoxDrv's Info.plist to read 5.3.13 instead of 5.2.13 does not help because other kexts like VBoxUSB depend on VBoxDrv 5.2.13 so if you change VBoxDrv's version number then the other kexts don't find it.


I've changed AppleKextExcludeList.kext to read:


<key>org.virtualbox.kext.VBoxDrv</key>

<string>LT 5.2.12</string>


which I assume is "Lower Than 5.2.12" so 5.2.13 should work. It's just that... when I make this change and load the VBoxDrv kext it keeps saying:


(kernel) Kext org.virtualbox.kext.VBoxDrv is in exclude list, not loadable


So I need to know how to edit it, and how to have macOS re-read its AppleKextExcludeList.

0
IPv6Freely OP
Jun ’18

I don't know of a way to modify AppleKextExcludeList.kext but if you simply update the version for VBoxDrv.kext then it will load. To resolve the dependencies for the other VirtualBox kexts, you need to modify those as well and then specify the dependencies manually when loading them. The VirtualBox postflight script the installer uses already does this, you just have to now do it manually.


Check out VirtualBox Bug #17805 for more information and a procedure. Keep in mind you must be using the patched version of VirtualBox (which is still in testing) or else the kext will fail to start even if you do manage to get it loaded. https://www.virtualbox.org/ticket/17805

0
IPv6Freely OP
Jul ’18

VirtualBox 5.2.14 is out that contains the fix for the issue Apple blocked the kext for. Unfortunately that now means we have to wait for Apple to update AppleKextExcludeList for it to actually work, unless you modify and load the kexts manually (SIP protection must be disabled to load the modified kexts):


sudo sed -i '' 's/5\.2/5\.3/g' '/Library/Application Support/VirtualBox/VBoxDrv.kext/Contents/Info.plist'
sudo sed -i '' 's/5\.2/5\.3/g' '/Library/Application Support/VirtualBox/VBoxUSB.kext/Contents/Info.plist'
sudo sed -i '' 's/5\.2/5\.3/g' '/Library/Application Support/VirtualBox/VBoxNetAdp.kext/Contents/Info.plist'
sudo sed -i '' 's/5\.2/5\.3/g' '/Library/Application Support/VirtualBox/VBoxNetFlt.kext/Contents/Info.plist'

sudo kextload '/Library/Application Support/VirtualBox/VBoxDrv.kext'
sudo kextload -d '/Library/Application Support/VirtualBox/VBoxDrv.kext' '/Library/Application Support/VirtualBox/VBoxUSB.kext'
sudo kextload -d '/Library/Application Support/VirtualBox/VBoxDrv.kext' '/Library/Application Support/VirtualBox/VBoxNetFlt.kext'
sudo kextload -d '/Library/Application Support/VirtualBox/VBoxDrv.kext' '/Library/Application Support/VirtualBox/VBoxNetAdp.kext'
0
IPv6Freely OP
Jul ’18
Accepted Answer

For anyone interested, Apple finally fixed the AppleKextExcludeList to be LT 5.2.14 which means Virtualbox kexts will now load. You will need to upgrade Virtualbox to 5.2.14 or later.

0
macOS 10.14 AppleKextExcludeList
First post date Last post date
 
 
Q