Mac & i: Kernel extensions for macOS now need Apple authentication

New and updated kernel extensions will not work until after macOS 10.14.5. Users report problems.

0
126
Mac & i: Kernel extensions for macOS now need Apple authentication

Apple’s hitherto optional notarization service has now become mandatory for certain software: As of macOS Mojave 10.14.5, apps signed by Developer ID will only be executed by new developers if they have been previously certified by the Mac manufacturer. This also applies to new and updated kernel extensions (Kexts), as Apple announced in advance in advance.

As a result, newly installed apps may not run unless they have been authenticated by Apple’s notarization service, launched last year.

Read More Stories: Digital Business: US vs China, smartphone prices go up?

It can also apply accordingly to software that relies on an updated kernel extension: As readers report, after installing macOS 10.14.5 problems arise with the latest update for Oracle’s virtualizer VirtualBox: Version 6.0.8 can not be trusted either importing or opening existing virtual machines (VMs) fail. Problem apparently seems here that the kernel extension of the virtualization software has not yet been notarized by Apple and after the update remains functionally ineffective.

Read More Stories: Ruby JavaScript compiler Opal reaches version 1.0

As a workaround for using VirtualBox, affected users can disable the System Integrity Protection feature on their Mac – until Oracle adds another update. Alternatively, evidently it helps to give the kernel extension spctlspecial permission via the command, which must be done in macOS recovery mode. The command required by VirtualBox sounds

spctl kext-consent add VB5E2TV963

how users write in the Oracle forum. A signing of kernel extensions with Apple-Developer-ID has been mandatory for some time, since macOS 10.13, users have to give their permission during the installation.

Read More Stories: VisiCalc: one of the first “killer applications” for microcomputers in 32 Kbytes

Apple’s notarization service is intended to further secure the distribution of software outside of the Mac App Store: The security review is fast and automated, promises Apple. It’s not a more comprehensive app review, as required for Mac App Store approval, so developers do not need to follow any of Apple’s app store policies. The user can be sure with notarized software that it is not “known malware”, Apple emphasizes. The notarization will be compulsory for all apps signed with Developer-ID in the future, presumably as of macOS 10.15.

Read More Stories: Developer: Eclipse Foundation launches openMobility Working Group

LEAVE A REPLY