-1

I am planning to write a kernel extension for macOS Ventura to control sleep mode during some states that are not fully available from user land, such as lid-closing, power source change, etc. Also more control of the external displays.

There's a lot of old tutorials on the subject of writing kernel extensions for macOS, but only a few recent sources that claim that Apple had started to be very strict with kernel extensions.

So I'm wondering, what shall one do to load a kernel extension on Ventura? And is it even possible without changing the boot loader?

c00000fd
  • 20,994
  • 29
  • 177
  • 400

1 Answers1

2

You have 3 main obstacles:

  • Code signing. To deploy kexts to Macs which don't have SIP disabled altogether, Apple needs to provide you with a special extension to the Developer ID signing certificate. You need to contact Apple about this and explain why you need to deploy a kext. They may or may not grant you the special certificate.
  • Usability. Apple has made it increasingly awkward for users to install and approve third-party kexts:
    1. Users must explicitly approve kexts on a per-developer (code signing team) basis via a fairly hostile user interface in System Preferences by entering an admin password. Guiding users through this can be tricky.
    2. On arm64 (Apple Silicon, M1/M2/… series) Macs, the overall system security level must be lowered in order to install third party kexts. This requires the user to boot into recovery mode and change the setting. The UI for this could be worse, but some users will understandably balk at the scary warnings.
    3. Since macOS 11, changing the kext configuration always requires a reboot, because all kernel-executable code is loaded and sealed at boot time.
  • Deprecation schedule. Apple has recently been deprecating, and usually one major OS release later, disabling kexts that use certain kernel API combinations altogether. If you develop a new kext now, even if it uses non-deprecated APIs, assume that the APIs it uses will soon become deprecated.

So, it's definitely possible to develop a new kext in 2023, but you really need a good reason to do so and convince both Apple and your users that they should trust you.

pmdj
  • 22,018
  • 3
  • 52
  • 103
  • Yeah, thanks. That's one big headache. I wonder how do others do it? Say, antivirus companies that need their products to run on the Apple Silicon. – c00000fd May 25 '23 at 16:06
  • [Endpoint Security Framework](https://developer.apple.com/documentation/endpointsecurity) – pmdj May 25 '23 at 16:09
  • But OK, there's a ton of other applications for writing a kernel driver. Anything from hardware support to enhancing the OS. How do they do it? – c00000fd May 25 '23 at 17:18
  • There aren't that many these days. Device drivers are mostly DriverKit or pure userspace (`IOUSBLib`). Firewalls and VPNs use Network System Extensions and Network Extensions. Virtualisation software uses `Hypervisor.framework`. But yeah, anything that does still rely on kexts does it the hard way unless they can get it integrated into macOS directly. (Writing kexts used to be a major part of the job for me; I've not touched any kext code at all since early/mid 2021 I think.) – pmdj May 26 '23 at 11:00
  • Interesting. Thanks. So for my specific requirement - I need to control, or block sleep when the lid is closed on a MacBook, and also during other conditions, such as a change of power source, or unplugging of the external monitor with the closed lid (if the laptop is not sleeping) - how shall I go about implementing it? (Other than the kernel extension.) I checked and the user-mode accessible methods don't cover it all. [This](https://github.com/Frizlab/Insomnia/tree/main) seems to be the only 100% way of doing it. – c00000fd May 26 '23 at 13:15
  • I don't think I can give any specific advice based on the very limited amount of information provided about the problem you're ultimately trying to solve here. The original question was already on the border of what's on-topic on Stack Overflow; Software product strategy advice certainly isn't. I will point out that blocking sleep could be something of a safety (overheating when in a bag, etc.) issue, and also would make it very easy to drastically reduce battery life on MacBooks, so I could imagine those are two reasons why Apple hasn't provided an outright API for it. – pmdj May 27 '23 at 08:40
  • (I should clarify: there very much *is* an API for preventing sleep - [power assertions](https://developer.apple.com/documentation/iokit/iopmlib_h/iopmassertiontypes?language=objc) - but I assume you decided this wasn't good enough if you're seriously considering a kext.) – pmdj May 27 '23 at 15:19
  • Power assertions don't do anything for sleep when lid is closed and for other cases that I named. – c00000fd May 27 '23 at 15:31