Example "com.example.apple-samplecode.dext-to-user-client" grief

I presume you’re working from the Communicating Between a DriverKit Extension and a Client App sample code. If so, you’ll note that CppUserClient target is actually an app target. That’s because:

• Accessing a DriverKit user client requires a restricted entitlement, com.apple.developer.driverkit.userclient-access.

• That entitlement must be authorised by a provisioning profile.

• The only way to include a profile with your executable is to embed the executable in an app-like wrapper.

Note For more info about what provisioning profiles do, see TN3125 Inside Code Signing: Provisioning Profiles.

The crash you’re seeing is most likely caused by an unauthorised entitlement, that is, your app is claiming the com.apple.developer.driverkit.userclient-access but it’s not actually authorised by your profile. For more on this, see Resolving Code Signing Crashes on Launch.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thanks for the help.

I have tried to run this locally (SIP off, developer on). A key step in the example is "4. In the "Build Settings" tab, change the "Code Signing Identity" value to "Sign to Run Locally" for all three targets.". This is not possible for the NullDriver target ( I get "Ad Hoc" signing not allowed in ... as a build error.) What am I missing?

Thanks again!

Gene

OK, it's working now! I don't know why, but it is. The Ad Hoc problem occurs when I have a provisioning profile for the NullDriver target.

I have applied for an entitlement so that I can get the example to work fully code signed.

Thanks again for the help, Quinn!

I have a followup question. When I add my iPad Air gen 5 as a potential destination, I get the error message "Ad Hoc signing is not allowed with SDK iOS 17". When I replace "Sign to Run Locally" with iOS development, I get the following Xcode error:

"Showing Recent Messages /Users/gene/Desktop/DriverKitExsample_Unsigned/CommunicatingBetweenADriverKitExtensionAndAClientApp/DriverKitUserClientSample/DriverKitUserClientSample.xcodeproj: Provisioning profile "iOS Team Provisioning Profile: *" doesn't include the com.apple.developer.driverkit.userclient-access entitlement."

Xcode pops up a bow saying to submit the error (which I Will do). Should this entitlement be part of automatic signing? If yes, then it is a bug. If no, then it seems liker there is a "catch-22" scenario trying to run "locally" on an iPad. What am I missing?

Gene

There are two uses of the term ad hoc when it comes to code signing:

• On macOS, Xcode’s Sign to Run Locally results in code with ad hoc signature.

• iOS and its child platforms support Ad Hoc distribution.

These aren’t the same thing. The former uses no code signing identity and the latter requires an Apple Distribution signing identity.

With regards entitlements, macOS is weird because:

• Some entitlements an unrestricted (remember that a restricted entitlement is one that must be authorised by a profile, which requires a stable signing identity).

• It’s possible to bypass macOS’s restricted entitlement checks by disabling SIP [1].

Neither of these apply to iOS and its child platforms. There, all entitlements are restricted and you can’t bypass that restriction [2].

When it comes to DriverKit entitlements, there are two things to watch out for:

• Some DriverKit entitlements vary between macOS and iOS.

• On iOS and its children, many DriverKit entitlements are set up so that you can create a Development provision profile without any special permission from Apple.

For more information about that last point, see Finding a Capability’s Distribution Restrictions.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] In some cases just disabling SIP is sufficient. In others, you have to mess around with boot arguments.

[2] Short of ‘unauthorised user modifications`.