Hi, My goal is to enable this project https://github.com/evidlo/remarkable_mouse to provide native tablet inputs with full information to applications on MacOS, allowing me to reuse my reMarkable tablet for the computer instead of having to buy yet another device, such as a Wacom tablet or an iPad Pro for sidecar when the necessary hardware is already in my posession. I would like to understand whether it is possible to use DriverKit in order to simulate a graphics tablet input device with extra inputs such as pressure and tilt in user-space. Or is this something where IOKit or other comes into play, requiring the creation of a kernel space driver? In either case, what would be the right steps to take? How would I create a virtual device and what are the limitations? If you have the knowledge, how complex would you consider this project to be? The path should basically be some inter-process communication from remarkable_mouse, possibly file-based, triggering tablet events through the driver. At least in the first stage. I assume better performance would be achieved if the whole system was self-contained but porting the reMarkable communication is another challenge on its own. I am experienced developing in other environments but MacOS and driver development are fairly new to me. I've read through the documentation on how to handle the tablet events but creating them seems much murkier. I have searched around for this specific topic without getting much. An open-source tablet driver would be a great place to start but sadly I found none. I've also inquired with ChatGPT but only got high level tips and pseudocode. Any help is greatly appreciated, thank you!

May be trivial question, but I can't find a clear answer. What interface should ICA (scanner) driver implement to communicate with the application ? i.e. to receive acquisition request with parameters and transfer image[s]. Thanks

I am playing around with Endpoint Security using demo code. I tried to handle AUTH open event on specific folder in my Desktop,set to deny all, but whenever I set this extension, I successfully get deny all on the folder as well as all other files and documents in the Users space. static void handle_open_worker(es_client_t *client, const es_message_t *msg) { static const char *test_nnn = "/Users/myname/Desktop/endpoint_test/block_this_folder/"; static const size_t nnn_length = sizeof(test_nnn) - 1; if (strncmp(msg->event.open.file->path.data, test_nnn, nnn_length) == 0) { es_respond_flags_result(client, msg, 0, true); } else { // Allow everything else... es_respond_flags_result(client, msg, 0xffffffff, true); } } why the code applies to all other files rather than only deny open on /Users/myname/Desktop/endpoint_test/block_this_folder/

Is there a way to synchronously retrieve configuration information from the app or read configuration information from a file within the Start method of DriverKit? I have attempted to use OSMappedFile to read a file, but my driver crashes or I receive the error message "Sandbox: com.injection.epusbfilter.dext(20610) deny(1) file-read-data /private/tmp/driverkit_config.txt" in the console, even though I have set com.apple.security.app-sandbox to false. OSMappedFile *mappedFile; do { const char *path = "/private/tmp/cfg"; // 创建 OSMappedFile 实例 kern_return_t result = OSMappedFile::createFromPath(path, 0, 0, &mappedFile); if (result != KERN_SUCCESS) { Log("Failed to create and map the file."); ret = -1; break; } *size = mappedFile->size(); // 获取映射到内存中的数据 char *charData = reinterpret_cast<char *>(const_cast<void *>(mappedFile->data())); Log("get cfg:%s", charData); if (strlen(charData) > 0) { if (charData[0] == '1') { ret = 1; break; } } else { ret = -2; break; } } while(false); mappedFile->free();

Hi, I am an absolute beginner at IOKit registry and have a usecase to obtain the device manufacturer name, device serial number and device USB vendor name progrmatically. I m able to obtain the same using ioreg command but I wanted to get these values within my program. Thanks in advance. Device serial number: ioreg -rd1 -c IOPlatformExpertDevice | grep 'IOPlatformSerialNumber' Device manufacturer name: ioreg -rd1 -c IOPlatformExpertDevice | grep 'manufacturer' USB device vendor names: ioreg -rd1 -c IOUSBHostDevice | grep "USB Vendor Name"

I am trying to build Endpoint Security demo app on xcode, when I run sudo launchctl list 3xxxxxxxx6.com.example.apple-samplecode.SampleEndpointApp.Extension i get { "LimitLoadToSessionType" = "System"; "MachServices" = { "3FB5H67G96.com.example.apple-samplecode.SampleEndpointApp3FB5H67G96.Extension.xpc" = mach-port-object; }; "Label" = "3FB5H67G96.com.example.apple-samplecode.SampleEndpointApp3FB5H67G96.Extension"; "OnDemand" = false; "LastExitStatus" = 9; "Program" = "/Library/SystemExtensions/24197CF7-F318-4968-87D5-B869AAF544F5/com.example.apple-samplecode.SampleEndpointApp3FB5H67G96.Extension.systemextension/Contents/MacOS/com.example.apple-samplecode.SampleEndpointApp3FB5H67G96.Extension"; }; when I run the app i get Successfully installed the extension ✅ but noting happens. what should I do from here? plz halp

Hi Apple support, We requested the DriverKit Entitlement via below link back in early June. https://developer.apple.com/contact/request/system-extension/ Unfortunately the request is NOT processed for months. Every time we check with Apple support, we just get boilerplate reply, and we have no idea whether the request is being processed or is stuck somewhere. No SLA is shared. This unexpected delay really impacts our product development/release schedule. We are anxiously finding a way to escalate. Can anyone from Apple in this forum help? I can share more details with the request. Thank you. Thanks, Jason

My company is distributing a DriverKit System Extension as part of our software. As of recently (perhaps around a month or two ago -- I'm not sure on the exact timing), activating the System Extension only triggered one prompt to the user: the standard "System Extension Blocked" message that includes an option to open Security settings and allow the System Extension. Now however for some reason there is suddenly a second prompt that comes before: a dialog opens with a message saying that my application is trying to "modify" a System Extension, and it asks for an admin username and password. Then once that's supplied, they get the other prompt requiring them to go into System Settings. (This new prompt is in fact the same one that appears when trying to deactivate the System Extension.) At first I thought this was a new aspect of macOS Sonoma, but then I discovered that this prompt now appears in macOS Ventura and Monterey as well. Why is this prompt now appearing when it wasn't there before? Did this come about as a result of a system update to Ventura and Monterey? And more to the point, why is it there at all? Is this a bug, or is there otherwise anyway to avoid it? The user already has to enter their username and password to activate the System Extension. Why is there an additional prompt creating even more friction for this process? (Note that System Extension activation accounts for a sizeable portion of my company's macOS support requests, due to users not understanding what's going on or misunderstanding the steps necessary for activation. More friction to this process means more headaches for us!)

Dear Sirs, I've written a driver extension that can be configured through a user mode application. Now when the system reboots I'd like to start the dext again with the latest configuration right from the beginning and before the user mode applications is started (if it is started at all). What is the recommended way to do this and is there an example available? Should I do this using configuration files and through a special file API inside the dext or is there a kind of registry, or should I use sysctl variables and sysctlbyname? Thanks and best regards, Johannes

Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.yOSaDQ/extracted/SimpleAudio.app/SystemExtensions/com.xreal.nrsdk.driver.demo.Driver.dext : 0xe8008015 (A valid provisioning profile for this executable was not found.) Verify that the Developer App certificate for your account is trusted on your device. Open Settings on the device and navigate to General -> VPN & Device Management, then select your Developer App certificate to trust it.

Hello, I get the following error while compiling software, which is related to Apple libs. /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.sdk/usr/include/c++/v1/__memory/unique_ptr.h:173:32: error: member 'nullptr_t' declared as a template _LIBCPP_CONSTEXPR unique_ptr(nullptr_t) _NOEXCEPT : _ptr(__value_init_tag(), __value_init_tag()) {} What should I do?

Using IOHIDManagerCopyDevices to get a list of keyboards and mice attached to Mac, triggers the user facing "Input Monitoring" request. Because I'm NOT monitoring the users input, the result of the user selection makes no difference to the result, but the privacy warning dialog makes my app look suspicious. All it is doing is checking to make sure that the customer has a non-Bluetooth keyboard or mouse, before they click the button to disable Bluetooth. Is there a way a safe way (no private API please) to enumerate HID devices without this warning, or should I file a feedback asking Apple to reconsider what triggers this dialog?

I have developed a kernel extension (KEXT) for driving SCSI devices and I am able to successfully use it to send commands to the underlying device. The driver class overrides the newUserClient method which gets called whenever IOServiceOpen is called from the user space so that apps can make use of the driver. Is there any way to restrict access to this kernel extension such that only my app would be able to open a user client to access the driver and communicate with it using IOConnectCallMethod?

macOS, really, so there are a bunch of things that may be running during various types of sleep. I know I can get notifications from IOKit about the system going to sleep or waking up, but if I've got a daemon that crashed, and is then relaunched automatically, can I tell whether the machine is awake, or in some sort of sleep state other than hibernation?

I'm working on a System Extension that uses the EndpointSecurity framework to monitor various events. For some events, we're using ES_EVENT_TYPE_AUTH_* events, and actively preventing certain changes. All this works fine, while the extension is running. This is not an anti-virus product, but is similar enough that it might help to think of it that way for purposes of this discussion. Much like any anti-malware tool, we'd like for the System Extension to be resilient to malicious processes, even processes running as root. If any random process that gets root can do the equivalent of kill -9 <my extension>, or systemextensionsctl uninstall <my extension>, then it's easy enough for them to kill the extension, then do something we would otherwise prevent. It's also possible for an end user to drag-uninstall the app, which disables the extension immediately, before we even have a chance to respond to any changes. I know that various anti-virus software for Macs address this, and prevent a user from, for example, using sudo kill -9 <pid> to disable them. How is that typically done? Some possible approaches could be: Have two processes that watch each other, and restart each other if killed. There's a timing issue there that I'm not sure is easy to resolve, and I haven't tried launching a detached process from a system extension - that might not even work. I could have a separate launchdaemon which periodically checks to see if the extension (and app) are installed, and reinstalls them if they're missing. That leaves plenty of time for mischief to occur, but at least I'd have a window to detect it. It sounds like the NSEndpointSecurityRebootRequired Info.plist key might have some effect here, in that it prevents an extension from being replaced until a reboot. I should check and see what effect if any this has on removing the app or killing the extension. Maybe there's a System Profile setting that could be set through an MDM to prevent the application from getting uninstalled? I don't know my way around profiles very well, and I doubt this would address the "kill" issue, in any case. Probably there's some lower-level BSD or Mach API that could prevent attempts to kill the process. I could make a kernel extension for just this one thing, maybe using kauth(), but that seems overkill, and kernel extensions are not the Apple-suggested way to do anything these days. If EndpointSecurity is intended to replace using kexts for anti-malware and detection uses, there must be a way to do this inside a system extension, right? So, yeah - preventing the user from doing something is going against the spirit of "do what you like with your own computer, especially if you have admin powers", but this software is typically going to be installed by corporate IT, not end users, and some end users "need" admin permissions (e.g. software developers)... Any suggestions would be appreciated.

After DriverKit being released last year, I wonder if the background mode External accessory communication in Background Modes applies also for drivers made with DriverKit. Is this mode only for products in the MFi group? If so, is there any plans to include DriverKit in this group in order to get data from an external device in the background, which is not in the MFi group?

Hello, I try to get notifications when the display is turned off (not the screensaver). I've tried the following code (part of it), but it don't work at all (the callback is never called).. I don't get where I did something wrong. Any help or relevant documentation link would be very appreciated .. Thank, volfo io_object_t disp_notifierObject; void* disp_refCon = NULL; kern_return_t disp_registerCode; notifyPortRef = IONotificationPortCreate(kIOMainPortDefault); display_wrangler = IOServiceGetMatchingService( kIOMainPortDefault, IOServiceNameMatching("IODisplayWrangler")); // register to receive display sleep notifications disp_registerCode = IOServiceAddInterestNotification( notifyPortRef, display_wrangler, kIOGeneralInterest, CBDisplaySleep, NULL, &disp_notifierObject); if ( disp_registerCode != kIOReturnSuccess ) { printf("IOServiceAddInterestNotification failed\n"); return 2; } CFRunLoopAddSource( CFRunLoopGetCurrent(), IONotificationPortGetRunLoopSource(notifyPortRef), kCFRunLoopCommonModes ); IOObjectRelease (display_wrangler);

After downloading the sample code from the provided link to Download, I performed the steps per the documentation: You can set up the project to build with or without entitlements. To build without entitlements, do the following: Temporarily turn off SIP, as described in the article Disabling and Enabling System Integrity Protection. After you’ve done this, confirm that SIP is disabled with the Terminal command csrutil status, and enter dext development mode with systemextensionsctl developer on, as described in the article Debugging and testing system extensions. scott@Mac-mini-M1:CommunicatingBetweenADriverKitExtensionAndAClientApp $ csrutil status System Integrity Protection status: disabled. scott@Mac-mini-M1:CommunicatingBetweenADriverKitExtensionAndAClientApp $ systemextensionsctl developer Developer mode is on Select the DriverKitUserClientSample project and use the “Signing & Capabilities” tab to set the DriverKitSampleApp and CppUserClient targets to automatically managed code signing. While still in the “Signing & Capabilities” tab, set the NullDriver target to manual code signing. In the “Build Settings” tab, change the “Code Signing Identity” value to “Sign to Run Locally” for all three targets. When I then go to build the NullDriver, I get the following failure: error: Ad Hoc code signing is not allowed with SDK 'DriverKit 22.4' (in target 'NullDriver' from project 'DriverKitUserClientSample') Something must be wrong in the combined effects of steps 3 and 4 in the settings for NullDriver given the resulting error. What is the correct procedure for DriverKit 22.4?

I have applied for DriverKit for PCI transport entitlements. Selected Additional Capabilities DriverKit PCI (PrimaryMatch) for the app ID， then made a profile and download. Check the profile, which also includes com. apple. developer. driverkit. transport. pci. But when install this driverkit, log show the error:Unsatisfied entitlements: com.apple.developer.driverkit.transport.pci

Hi, I am developping an app for IOS using React Native. I want to write a native modules in Swift and use Objective C to bridge the React Native JS functions with native component. In particular, i want to use IOKit framework to access such information as Battery Temperature and Battery Level. I read in many stackoverflow articles and in ChatGPT that the usage of IOS Private APIs are forbidden andd Apple will reject the app from AppStore and block the account. Is it true? Is there any legal way to use low level APIs and avoid to be rejected or blocked by Apple? The official Apple Technical Support is not responding me. I would really appreciate your help and support. Best Regards, Kamran