Changeset 89018 in vbox for trunk/src/VBox/HostDrivers

Timestamp:

May 12, 2021 4:28:56 PM (4 years ago)

Author:

vboxsync

Message:

SUPDev,IPRT: On darwin allow Mac dev certs as long as it is a build using test signing. bugref:10004

Location:

trunk/src/VBox/HostDrivers/Support

Files:

• Makefile.kmk (modified) (1 diff)
• darwin/SUPDrv-darwin.cpp (modified) (2 diffs)

trunk/src/VBox/HostDrivers/Support/Makefile.kmk

@@ -635 +635 @@
  if defined(VBOX_WITH_DARWIN_R0_DARWIN_IMAGE_VERIFICATION) && defined(VBOX_SIGNING_MODE)
   VBoxDrv_DEFS.darwin    += VBOX_WITH_DARWIN_R0_DARWIN_IMAGE_VERIFICATION
+  ifeq ($(VBOX_SIGNING_MODE),test)
+   VBoxDrv_DEFS.darwin   += VBOX_WITH_DARWIN_R0_TEST_SIGN
+  endif
  endif
  ifdef VBOX_WITH_NETFLT

trunk/src/VBox/HostDrivers/Support/darwin/SUPDrv-darwin.cpp

@@ -1320 +1320 @@
         uint32_t cDevIdApp  = 0;
         uint32_t cDevIdKext = 0;
+        uint32_t cDevIdMacDev = 0;
         for (uint32_t i = 0; i < pCert->TbsCertificate.T3.Extensions.cItems; i++)
         {
@@ -1337 +1338 @@
                                        "Dev ID kext certificate extension is not flagged critical");
             }
-        }
+            else if (RTAsn1ObjId_CompareWithString(&pExt->ExtnId, RTCR_APPLE_CS_DEVID_MAC_SW_DEV_OID) == 0)
+            {
+                cDevIdMacDev++;
+                if (!pExt->Critical.fValue)
+                    rc = RTErrInfoSetF(pErrInfo, VERR_GENERAL_FAILURE,
+                                       "Dev ID MAC SW dev certificate extension is not flagged critical");
+            }
+        }
+# ifdef VBOX_WITH_DARWIN_R0_TEST_SIGN
+        /*
+         * Mac application software development certs do not have the usually required extensions.
+         */
+        if (cDevIdMacDev)
+        {
+            cDevIdApp++;
+            cDevIdKext++;
+        }
+# endif
         if (cDevIdApp == 0)
             rc = RTErrInfoSetF(pErrInfo, VERR_GENERAL_FAILURE,