Hi all, I got the entiltlements for the DriverKit PCI (primary match). so I added it to my driver app ID. so, I can show the ~~transport.pci entitlement item on my provision profile. However, macOS system still block the my driver, and log show the " Unsatisfied entitlements: com.apple.developer.driverkit.transport.pci"

I am trying to sign a DriverKit extension for distribution using a Developer ID provisioning profile, but when I try to import the profile to sign the dext I get the error "Platform: MacOS doesn't match platform DriverKit". We requested the entitlement from Apple a few months ago and according to Apple Support it was approved (though we did not get any email directly from the DriverKit approval process). The App ID we are using appears to have the DriverKit capabilities that we need under "Additional Capabillities". Our process right now is this: Go to Certificates, Identifiers, and Profiles Create a new Provisioning Profile and select Developer ID Distribution Select the correct App ID After creating and downloading the profile, import it into Xcode Receive the error "Platform: MacOS does not match DriverKit" According to https://developer.apple.com/documentation/driverkit/requesting_entitlements_for_driverkit_development#3557213, there should perhaps be a prompt adding DriverKit to the provisioning profile and not just the identifier, but we do not see this. Has anybody else run into a similar issue and resolved it? I see a similar thread at https://developer.apple.com/forums/thread/710713, but that one is eight months old and doesn't appear to have a solution.

Hi there, I am using Core NFC and I established the connection with the card, (it means that the info.plist is correct and the entitlement should be correct as well). The app detects the card, but after sending the command 'tag.sendCommand()' I receive this message: [CoreNFC] -[NFCTagReaderSession transceive:tagUpdate:error:]:879 Error Domain=NFCError Code=2 "Missing required entitlement" UserInfo={NSLocalizedDescription=Missing required entitlement} So, what is missing or what am I doing wrong? Here is the code: func tagReaderSession(_ session: NFCTagReaderSession, didDetect tags: [NFCTag]) { guard !tags.isEmpty else { return } let hexString = //... if case let .iso7816(tag) = tags[0] { session.connect(to: tags[0]) { error in if let error = error { print("Error: \(error.localizedDescription)") return } let apdu = hexString.convertToAPDU() tag.sendCommand(apdu: apdu) { (response: Data, sw1: UInt8, sw2: UInt8, error: Error?) in // -> here is when the error appears, in the completion print([UInt8](response)) // print -> [] } } } }

Dear Apple, We are in the process of enhancing our DP+ to support Apple devices and we would like to integrate with Apple Lookup server. Could you please guide us as we are struggling to find data on the developer site ? Many thanks.

Hello. (hold for a moment, I'll get to the point) I'm developing addon for Blender and I'm trying to make it work on MacOS m1 too. I'm using hppfcl library for the addon and whenever I'm trying to import it from python I get the error below. Error: Python: Traceback (most recent call last): File "<string>", line 1, in <module> File "/Users/m1/Library/Application Support/Blender/3.6/scripts/addons/blenderbim/libs/site/packages/hppfcl/__init__.py", line 34, in <module> from .hppfcl import * ImportError: dlopen(/Users/m1/Library/Application Support/Blender/3.6/scripts/addons/blenderbim/libs/site/packages/hppfcl/hppfcl.cpython-310-darwin.so, 0x0002): Symbol not found: __ZN5boost6python15instance_holder8allocateEP7_objectmm Referenced from: /Users/m1/Library/Application Support/Blender/3.6/scripts/addons/blenderbim/libs/site/packages/hppfcl/hppfcl.cpython-310-darwin.so Expected in: /Applications/Blender.app/Contents/Resources/lib/libboost_python310.dylib The error is caused by the fact that /Applications/Blender.app/Contents/Resources/lib/libboost_python310.dylib is incompatible with hppfcl. I have compatible version in /Users/m1/Library/Application Support/Blender/3.6/scripts/addons/blenderbim/libs/libboost_python310.dylib. ❓Mine question is how to make scripts/addons/blenderbim/libs/libboost_python310.dylib either main library to be loaded for hppfcl or for the entire Blender (this will work too)? What I've tried and researched: If I check hppfcl library with otool -l hppfcl.cpython-310-darwin.so it's referring to the correct library that should be compatible given that /scripts/addons/blenderbim/libs/site/packages/hppfcl/../../../libboost_python310.dylib => /scripts/addons/blenderbim/libs/libboost_python310.dylib. Load command 20 cmd LC_RPATH cmdsize 40 path @loader_path/../../../ (offset 12) If i run otool -l /Applications/Blender.app/Contents/MacOS/Blender I see why error is referring to /Resources/lib/libboost_python310.dylib. So it seems that hppfcl @loader_path is overriden by Blender's @loader_path. Load command 65 cmd LC_RPATH cmdsize 48 path @loader_path/../Resources/lib (offset 12) I tried to use export DYLD_LIBRARY_PATH="/Users/m1/Library/Application Support/Blender/3.6/scripts/addons/blenderbim/libs/:$DYLD_LIBRARY_PATH" (and same thing with DYLD_FALLBACK_LIBRARY_PATH) before starting Blender which lead to no success - DYLD_LIBRARY_PATH is purged when I start Blender (deduced it by checking os.environ from python). I guess it's because Blender is protected process and the only way around it so either rebuild with different build settings or to disable system integrity protection (both are very bad options for the addon).

By creating a provisioning profile on the dashboard or let Xcode (14.3.1) do an automatic signing to obtain that profile, the Network Extensions contains now additional "relay" item, which is not available, when capabilities are added in the Xcode (tried on Xcode Beta 15.2 as well) The relay is visible though in the web inspector, when provisioning profile is created via developer dashboard That said, the provisioning profile file (.mobileprovision) has this: and in the raw XML: if I would try to manually modify XML entitlements in the Xcode by adding relay, the Signing and Capabilities page of the Xcode project does not reflect this change and eventually removes this additional code line, if I try to select a proper item, for instance DNS Proxy Is it a new Bug introduced recently? Is it that just Xcode "forgot" to get this update (in Beta as well). The problem is that old profiles stopped working as they do not contain relay

Hi, I'm trying to sign/notarize a command line application packaged as .pkg which accesses USB devices through libusb. When nothing is sign/notarized everything works like a charm and the command line tool can be started without elevated mode (sudo). Once the binary, its libraries, and the .pkg are signed (hardened runtime set) and finally notarized/stappled with success I noticed that, once the .pkg is installed, the bin/libs are owned by root:wheel. Nobody else can execute it. Means sudo is required to execute the tool, which is obviously not what I need to distribute the software to end-users... As far as I understand I must have to configure some entitlements when invoking the codesign command. Am I wrong? If not, before struggling with them I need some advises about which one should I select ? com.apple.security.app-sandbox ? com.apple.security.device.usb ? com.apple.vm.device-access (?) others ? Thanks by advance for your help.

Hi, I am running into a strange issue where my universal links work fine on devices when using USB, simulators and TestFlight, it works with no problem on all test environments But once I submit it for App Review, they don't work. And I have no way to replicate it. At some point they get it working somehow but every resubmission the process repeats where I go back and forth for days until they finally get it working. Anyone run into this strange issue or has a clue what might be going on?

I am using Xcode 14 and multiplatform app project. I have received the CarPlay entitlements from Apple and everything works on iOS. However I do have to share the same entitlements.plist file with macOS (multiplatform project uses the same file) and the CarPlay entitlement crashes the Mac app. If I remove those lines from it everything works fine: <key>com.apple.developer.carplay-audio</key> <true/> How to handle this? I have tried to add iphoneos on the end of the key but it keeps crashing even then.

Guys I'm the account holder of my company and we are working on a new EPP solution. Approx two months go I requested an Endoint Security entitlement so we can develop our product and then requested it again about a month ago. Is there a way to see what is the status of the request and whether this time frame is indeed the one we should expect? Thanks a lot!

Hi guys, I am trying to get webcredentials for associated domains to work on a standalone watchOS-app that I am working on. The AASA-file is hosted correctly, and the keychain autofill works fine on the iOS-app within the same workspace using the same associated domain. The setup on the watchOS-app is close to identical to the iOS-app. The textContentType-modifiers are correctly added onto the textfields. Within the watchOS-app, the textfields allow me to browse my keychain but it doesn't filter the credentials linked to my associated domain. The developer docs say: For watchOS apps, you must add the Associated Domains capability to the WatchKit Extension target. I assume that this doesn't apply to standalone watchOS-apps that do not have the WatchKit Extension. Has anyone encountered this issue? Appreciate any ideas.

On June 25, 2023, I received approval letter "User Assigned Device Name entitlement confirmation". I then tried to enable this entitlement on the developer portal with the following steps. Login to https://developer.apple.com/ with my login. Note I am the account holder and admin Then go to Account Click "Identifiers" on Certificates, IDs &amp;amp; Profiles Select my app identifier Click "Additional Capabilities" I only found two previously approved entitlements. I don't see the new “User Assigned Device Name”. I then logged out and logged in with various web browsers and devices and had the same result. Entitlement "User Assigned Device Name” is missing. I since worked with Apple Developer Support (https://developer.apple.com/contact/) for over 2 weeks. They confirmed that this entitlement was added to my account (with correct team id). They asked for screenshots, screen capture videos, and browser versions repeatedly but offered no real help. I also sent email to email address that sent out the original entitlement approval letter but I did not receive any response. Any support avenue that I can use for resolve this issue?

I'm porting my VPN app to tvOS 17. Here's some code which works just fine in iOS but doesn't in tvOS 17: func toggleVPN() { let vpnManager = NEVPNManager.shared() vpnManager.loadFromPreferences { (error) in if let error = error { print("Could not load VPN Configurations: \(error.localizedDescription)") return } if vpnManager.connection.status == .connected || vpnManager.connection.status == .connecting { vpnManager.connection.stopVPNTunnel() } else { vpnManager.isEnabled = true vpnManager.isOnDemandEnabled = true vpnManager.localizedDescription = "tvpn" let p = NEVPNProtocolIPSec() p.authenticationMethod = .sharedSecret // or .certificate p.serverAddress = <REDACTED> p.username = "client" p.useExtendedAuthentication = true // Retrieve password and shared secret references from the keychain let secretData = <REDACTED>.data(using: .utf8)! let passData = <REDACTED>.data(using: .utf8)! p.sharedSecretReference = try! VPNKeychain.persistentReferenceFor(service: "vpn", account: "SharedSecret", password: secretData) // I took this part from Apple dev forums, it's tested in iOS p.passwordReference = try! VPNKeychain.persistentReferenceFor(service: "vpn", account: "Password", password: passData) vpnManager.protocolConfiguration = p vpnManager.saveToPreferences { (error) in if let error = error { print("Could not save VPN Configurations: \(error.localizedDescription)") return } do { try vpnManager.connection.startVPNTunnel() } catch { print("Could not start VPN Connection: \(error.localizedDescription)") } } } } } in iOS the VPN connects successfully, however in tvOS saveToPreferences returns error Code 1: Could not save VPN Configurations: Missing protocol or protocol has invalid type Another thing I noticed, that there's no com.apple.developer.networking.vpn.api entitlement for tvOS, but NEVPNManager is available there according to documentation. Could you advise what's the problem with my code?

I implemented "com.apple.developer.device-information.user-assigned-device-name" on app, it's don't work.

As I am aware in ios 14 and later version, Applications which are using broadcasting and multicasting needs to add multicast entitlement into their profile. Our organization have an app in App Store that was deployed in 2017 which was using multicast and broadcast in which it needs to detect a device. Now onwards, They have started the development on that application again and I had to build the code for that app, I tried deploying it in ios 16 and it was not able to detect the device. As I think I need to add the multicast entitlement in it, But when I downloaded our app from AppStore which was deployed in 2017, It was able to detect the required device and working well (off course some UI got messed up which I have to fix but detection is working fine.) So I am not able to make sense out of this thing and one more thing arises once the ios 14 came some years back, So there were many apps who were using broadcast without having this entitlement, So did all of them stopped working in ios? or they all immediately had to give the release with this?

Hi, Our project utilizes push notifications via OneSignal SDK. Everything looks correct and conforms with the documentation: The Push Notifications capability is enabled in XCode. The entitlements do contain the "aps-environment" key with the "production" value. I unpacked the resulting IPA and explored embedded.mobileprovision file - it does contain the "aps-environment" key with the "production" value in the Entitlements section too. The App ID and provision profiles used do include the Push Notification capability. So there's literally nothing to fix. Despite of that, when uploading the IPA to AppStore Connect, we receive an email with the warning "ITMS-90078: Missing Push Notification Entitlement..." that says there's no "aps-environment" entry. Moreover, the OneSignal dashboard indicates "Missing Push Capabilities" for all the iOS devices that run our application. Consequently, the push messages are not received. What could be wrong with the IPA and where to look at? Thanks in advance!

Hi, I'd like to understand better the differences between the entitlements "com.apple.security.cs.debugger" and "task_for_pid-allow." According to documentation, both entitlements authorize the application to call "task_for_pid()." Is that correct? What are the limitations that differentiate these entitlements? Will the application be able to call "task_for_pid()" for any third-party and unsigned application? Or are there any other conditions? (such as specific entitlements for the target application). Would it be necessary to run the application as root? And lastly, I wondered if any other entitlements enable using "task_for_pid()"? Thank you for your help!

I am implementing the NFC feature from the iOS side and wanted to know that can we read the data from mentioned technologies here NfcA, MifareClassic, and NdefFormatable. can we implement NFC using core NFC that can read the data from MifareClassic tags?

I am implementing iOS APP with to read NFC tag with these mentioned technologies NfcA, MifareClassic, NdefFormatable so is there a way that I can access these types of tags. Can I access MifareClassic tags with iOS using coreNFC ?

Hi, I'm developing my own PCIe device driver, the log shows error message below when driver executing. 2023-07-31 13:43:47.031012+0800 0x1d41ce Error 0x0 12158 0 taskgated-helper: (ConfigurationProfiles) [com.apple.ManagedClient:ProvisioningProfiles] com.asix.dext.pciedevice: Unsatisfied entitlements: com.apple.developer.driverkit.transport.pci 2023-07-31 13:43:47.031048+0800 0x1d41ce Error 0x0 12158 0 taskgated-helper: (ConfigurationProfiles) [com.apple.ManagedClient:ProvisioningProfiles] Disallowing: com.asix.dext.pciedevice 2023-07-31 13:43:47.062775+0800 0x1d436e Error 0x0 103 0 kernelmanagerd: Error occurred while handling request "DextLaunch(arguments: Optional(["Check In Token": 12087, "kOSBundleDextUniqueIdentifier": <04642bc8 90788071 c2a02259 c624ba81 3bebbf55 f9f2db7e f9fbbdd5 1f2ed99d>, "Driver Extension Server Tag": 4294982732, "DriverKit Reslide Shared Cache": 0, "Driver Extension Server Name": com.asix.dext.pciedevice, "CFBundleIdentifier": com.asix.dext.pciedevice]))": Error Domain=NSPOSIXErrorDomain Code=8 "Exec format error" **How to match device's PID & VID to driver and make it work successfully? Please help me, Thanks** errorcode.txt