How is Development-Signing Supposed to Work with DriverKit on macOS?

The release notes for Xcode 14 say: "Automatic signing is now supported for development-signed DriverKit drivers."

But when I try to get the sample code to work, Xcode 14 beta 5 complains that "Ad Hoc code signing is not allowed with SDK 'DriverKit 22.0'".

Explicit signing wants to have an entitlement that Apple seems to be very reluctant to hand out, but I think there should be no hurdles to just playing with DriverKit on my dev machine.

Is this a bug with the beta or am I missing something here?

Up vote post of nsc Down vote post of nsc
2.4k views
Posted by
nsc
Reply
Add a Comment

Accepted Reply

In order to build the sample with Xcode 14, you'll need to change the "Code Signing Identity" of the sample away from "Sign to Run Locally." This will allow you to use automatic signing with your developer account. We are in the process of updating the DriverKit samples to better support this change.

Alternatively, if you still wish to use ad hoc codesigning, you can add the AD_HOC_CODE_SIGNING_ALLOWED user-defined setting to your Dext's "Build Settings." Setting it to YES will allow you to continue running ad-hoc builds on macOS only. This behavior will not work for iPadOS.

Posted by
Drewbadour
Up vote reply of Drewbadour Down vote reply of Drewbadour
Post marked as solved
Add a Comment

Replies

A few days ago, I reported substantially the same issue as feedback item FB11064423 (which you probably cannot see). Having no workaround to allow debugging until real entitlements are available, in some indeterminate time, will put a kink in my development, for sure.

Posted by
jbrisbin
Up vote reply of jbrisbin Down vote reply of jbrisbin

  • FWIW with DriverKit on the Mac a temporary workaround is to use Xcode 12.5.1 on macOS 11.

    nsc
Add a Comment

In order to build the sample with Xcode 14, you'll need to change the "Code Signing Identity" of the sample away from "Sign to Run Locally." This will allow you to use automatic signing with your developer account. We are in the process of updating the DriverKit samples to better support this change.

Alternatively, if you still wish to use ad hoc codesigning, you can add the AD_HOC_CODE_SIGNING_ALLOWED user-defined setting to your Dext's "Build Settings." Setting it to YES will allow you to continue running ad-hoc builds on macOS only. This behavior will not work for iPadOS.

Posted by
Drewbadour
Up vote reply of Drewbadour Down vote reply of Drewbadour
Post marked as solved
Add a Comment

Thanks, allowing adhoc signing works! I have tried to use automatic signing with my developer account, but then the client fails to launch and taskgated says: "Unsatisfied entitlements: com.apple.developer.driverkit.userclient-access"

Posted by
nsc
Up vote reply of nsc Down vote reply of nsc

  • com.apple.developer.driver.userclient-access is a restricted entitlement, so you'll need to add it to your app's identifier manually from within the developer portal. After it is added, when Xcode pulls a new automatic provisioning profile, it should contain the entitlement and work correctly. This is true of all of the DriverKit entitlements that have custom values per-developer.

    Drewbadour

  • I have enabled all the DriverKit entitlements in the developer portal, but the generated profile does not include com.apple.developer.driver.userclient-access. There are eleven DriverKit entitlements, but the profile contains only nine of those. Am I doing it wrong?

    nsc
Add a Comment