According to Apple it is necessary to reboot macOS when loading (or updating the KEXT). I have already disabled SIP. However, it is still cumbersome to do a reboot, especially for development. I know that KEXTs are deprecated and that the KEXT cache has to be rebuilt. However, is there some (undocumented) possibility to load/update the KEXT without having to reboot?
I did some research and tried some boot-args options without success.
No, from Big Sur onwards, all loadable kexts are linked into a single pre-linked kernel image, and it's not possible to mark kernel pages as executable after a certain stage has been reached during boot.
Attempting to load a kext which is not in that image adds it to the list to be included in the prelinked image. The reboot then causes the new pre-linked kernel to be loaded.
Yes, it's annoying, but no, there's no workaround, other than using 10.15/Catalina for debugging/testing when you're not specifically dealing with 11.0/Big Sur issues.
Related
I would like to perform a clean installation of MacOS Big Sur on my MacBook Air 2017. I've read two articles on how to do this, one said I don't need a USB installer, the other one said it is required. I just want to make sure before I do anything, do I need USB installer or is it possible to download Big Sur from the internet when performing clean installation?
Thank you.
Internet recovery is my first choice for reinstalling OS X. From time to time there are problems with internet recovery. Corrupt recovery partitions, firmware passwords, and a lot of misc hardware problems are what will usually prevent you from using internet recovery.
If you don't have another machine to write your USB installer, I would just make one to be safe. You could also run Apple Diagnostics before running internet recovery to make sure hardware won't be an issue. Out of hundreds of OS X installations I've done, I've only had a handful fail in a way that prevented me from using the original OS afterward, and in those cases it was always a major hardware issue.
In MacOS Catalina, you can still work around the notarization and signing requirements to download from anywhere by running
sudo spctl --master-enable
With the new security features in Big Sur, which I cannot try myself, I am concerned that the workaround might disappear. Can you still, at your own risk, run binaries that you compile yourself or download from elsewhere, by using this command?
The answer to this question might also be different on Apple Silicon ARM chips, which aren’t available to anyone without a limited-supply transition developer kit. In the off-chance that someone with one of these kits sees this post, what are the options for restoring the ability to download and build without gatekeeper blocking and requiring notarization? This is really important to know for internal development.
Also, ignoring all the risks, let’s say my computer is on a local secure network and I am only downloading, sharing, and compiling things I KNOW are safe by communicating with the developers. A lot of responses to questions like this that ask about disabling security seem to dodge the question and tell me not to do it, but I promise that I am cautious.
Just upgraded my 2015 MacBook Pro to Big Sur. Running sudo spctl --master-enable still works.
I've recently bought an old Alesis io26 Firewire Audio interface. The last driver release was only working on mountain Lion and older. After some time I've managed to install said drivers on Catalina, by manually dragging the midi driver into /Library/Audio/MIDI drivers and installing the kernel extension into /System/Library/Extensions via KEXT droplet. The problem I have now is that my mbpro only recognises the Interface if my SIP is disabled. I've heard that the driver is not signed and that this is the reason why the SIP is preventing it from working. So as a total noob, how can I somehow whitelist that kext so that I don't have to go to recovery mode and disable SIP every time I want to record some Audio.
The 3 "correct" ways of doing this are probably unlikely:
Get the original developer to sign the kext
Somehow persuade Apple to add it to macOS's built-in whitelist
If you have a kext signing certificate yourself, you can sign it. (Apparently, Apple no longer issues these, however.)
The best you can do in practice is probably to only disable the kext signing part of SIP by using the command
csrutil enable --without kext
instead of
csrutil disable
Of course, this leaves your system open to being attacked via unsigned kexts, though I've not heard of any malware that specifically targets Macs with kext signing disabled.
Actually, the question is for Catalina. We cannot partially disable SIP by running with --without kext. from Mojave this option is disabled and one has to either enable or disable it from Recovery OS.
Facing kernel panic on accessing "Offline" attribute of SMB protocol in our custom kext. How to debug these kernel panics on MAC OS Catalina.
The debugging kernel extension steps are not supported for Catalina because of Read-only file system. Also kext with IOKit.framework does not load on MAC OS 10.14.x with error
There is no "/Volumes/KernelDebugKit/mach_kernel" as per the documentation https://developer.apple.com/library/archive/documentation/Darwin/Conceptual/KEXTConcept/KEXTConceptDebugger/debug_tutorial.html#//apple_ref/doc/uid/20002367-CHDIHFDI,
gdb -arch i386 /Volumes/KernelDebugKit/mach_kernel
Unable to create PanicDumps directory to collect panic through kdump daemon under '/' volume, as Catalina is read-only file system
Ref: https://developer.apple.com/library/archive/technotes/tn2004/tn2118.html
Unable to load kexts with IOKit framework references with errors on MAC OS 10.14 to debug:
The super class vtable '__ZTV9IOService' for vtable '__ZTV23com_microfocus_cisiokit' is out of date. Make sure your kext has been built against the correct headers.
The super class vtable '__ZTV12IOUserClient' for vtable '__ZTV8cisiokit' is out of date. Make sure your kext has been built against the correct headers.
Is there any documentation that specifies how to debug kernel panic on mac os catalina with read-only file system set up?
Note: Disabling SIP also does not work.
Thanks in advance.
Answer to you questions about debugging macOS kernel extensions:
There is no "/Volumes/KernelDebugKit/mach_kernel" as per the documentation
Kernel Debug Kits since about OS X 10.10 must be installed. When you download and open the KDK .dmg, you need to run the installer it contains.
The KDK's kernels are then permanently installed on your system under
/Library/Developer/KDKs/KDK_[[os-version]].kdk/System/Library/Kernels/
The default kernel image is no longer named mach_kernel, but simply kernel.
e.g. /Library/Developer/KDKs/KDK_10.15_19A536g.kdk/System/Library/Kernels/kernel
The debugging kernel extension steps are not supported for Catalina because of Read-only file system.
Unable to create PanicDumps directory to collect panic through kdump daemon under '/' volume, as Catalina is read-only file system Ref: https://developer.apple.com/library/archive/technotes/tn2004/tn2118.html
Note that kdumpd accepts the location of the dumps as its command line argument, so you can select a writable location. You will need to make a copy of the launchd plist under /Library/LaunchDaemons anyway, as the original under /System/Library/LaunchDaemons is not writable. However, I am not 100% sure if kernel dumps still work correctly on modern macOS versions.
Note also that you can technically remount the readonly OS base volume read-write. I don't recommend that on anything other than a test system, however.
Answer to your question about kext loading:
Also kext with IOKit.framework does not load on MAC OS 10.14.x with error
Unable to load kexts with IOKit framework references with errors on MAC OS 10.14 to debug:
The super class vtable '__ZTV9IOService' for vtable '__ZTV23com_microfocus_cisiokit' is out of date. Make sure your kext has been built against the correct headers.
The super class vtable '__ZTV12IOUserClient' for vtable '__ZTV8cisiokit' is out of date. Make sure your kext has been built against the correct headers.
The clue is in the error message here: Make sure your kext has been built against the correct headers.
This error is what you encounter when you build a kext using a macOS SDK that is newer than the OS version on which you are attempting to load it. So in your case, I assume you are using the macOS 10.15 SDK to build the kext and expecting it to load on macOS 10.14. Don't do that, use the 10.14 SDK, or whichever version matches the oldest macOS version you wish to support with your kext.
Note also that kext building uses the Kernel.framework, not the IOKit.framework. The latter is used for building user space tools, libraries, and applications which access the I/O Kit.
I am in the process of installing SDL 2 on Mac OSX 10.9 via macports, and for reference I have been following the official documentation as well as any sdl-specific information I can find.
https://guide.macports.org/ is straight-forward, as is:
https://guide.macports.org/#using.variants.invoking
I see that sdl2lib is available...
libsdl2 has the variants:
universal: Build for multiple architectures
x11: Enable X11 support
but despite having looked through pages at the above links and having searched for documentation for "SDL with X11", I can't seem to find information about whether I need X11 (and/or universal AKA powerpc) support. I wouldn't want to install SDL only to find that something is broken or missing.
Then again, there were some issues with X11 being enabled by default back when Mac OSX 10.1 was new:
https://forums.libsdl.org/viewtopic.php?t=2871&sid=52ca72a72c285196dd25fd8619715ae9
(That is another problem: much of the information I discover applies to outdated operating systems.)
Apparently SDL wasn't thread-safe at one point unless you used X11, but this was mentioned when SDL verson 1 was the main version:
http://forum.freegamedev.net/viewtopic.php?f=3&t=1078
How am I meant to proceed (Which flags, if any, are usually chosen?)
port install libsdl2 <???>
I would appreciate any help and follow-up warnings for the next stepsinstallation steps.
Thank you in advance.
Most people have moved to Homebrew as their package system, but Macports should work just fine.
Universal does not mean PowerPC necessarily. In fact almost no one needs it anymore. Universal means a fat binary, which architectures this defines is set in your Macports configuration.
SDL2 should work just fine under Quartz, no need to have X11 - as also makes deployment annoying and difficult as you need to have XQuartz installed.
Also don't be afraid to reinstall SDL2 with other options if you miss something, it shouldn't take to long.
TL;DR Just install it without any additional flags unless you discover you need something special.