site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=NrpdlogOEdzyWcGK9iM1qxa5WO0VtdS3vBH/6zKRutg=; b=B5BSr6BA7ZreOQWZFYC9c8VfkFUvyLqcwRWDUDBWfxeb5ZWZHORH2mBIKO1PHJD8sZ ocQA/kFrAnfZGSLjH0RmHVhfDutd6yjDt5MmAsZSKb2G+HTJa3WAk+ibrZcZxyqSLGsG 2pmqYWlebo35fXmpe+JpPa7Rhg3gbVLx9uli42K88vLKwGcTB6nnLq9CrZwnbO/6Crz0 7oWLbfxrsICf7SZ6mHvo315IMqffmr4NTGm3bp1oZuD6VSgVv3h19UY2fJAjGrQlk+9p akEAiTr+cjevm99qo4ffl2qamZhhttSiHiYmgVZTNXJj8gVdmsoVgbWuLp7reYnawqMl WDjw== Hi, Can somebody confirm that it is not possible to add a 3rd party KEXT to a prelinked kernel on systems with the T2 chip and active safeboot mode? I need an IOKit object being probed against a device nub as early as possible. This requires a KEXT to be added to a prelinked kernel hosted at /System/Library/PrelinkedKernel . I noticed that the system uses /System/Library/PrelinkedKernel/immutablekernel instead of /System/Library/PrelinkedKernel/prelinkedkernel if safeboot is active and the system has the T2 chip . The immutablekernel is protected by the UEFI boot module which checks a prelinked kernel signature saved at the Preboot volume so there is no way to modify it with the kextcache command. The existing procedure when a 3rd party KEXT is being loaded by the kextd process after the system has been initialized might not be the best solution in my case. Is there a procedure for a 3rd party KEXT to be linked with immutablekernel or change the system behavior to load /System/Library/PrelinkedKernel/prelinkedkernel in safeboot mode ? Regards, Slava Imameev _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.... This email sent to site_archiver@lists.apple.com