-
Notifications
You must be signed in to change notification settings - Fork 48
/
707.srt
3911 lines (2873 loc) · 85.7 KB
/
707.srt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
WEBVTT
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
00:00:00.506 --> 00:00:09.556 A:middle
[ Silence ]
00:00:10.056 --> 00:00:10.996 A:middle
>> Jerry Cottingham:
Good Morning.
00:00:12.286 --> 00:00:17.006 A:middle
I'm Jerry Cottingham, I'm an
engineer on the Core OS IO team
00:00:17.006 --> 00:00:17.876 A:middle
and today we're going to talk
00:00:17.876 --> 00:00:19.686 A:middle
about what's new in
Kext Development.
00:00:22.336 --> 00:00:24.466 A:middle
So in my part of the
session, I'm going to talk
00:00:24.466 --> 00:00:27.596 A:middle
about Kext Development
overview, give you a little bit
00:00:27.596 --> 00:00:29.526 A:middle
of overview of the
Kext development.
00:00:30.136 --> 00:00:32.946 A:middle
The Developer ID program,
why that's important for you
00:00:33.646 --> 00:00:36.236 A:middle
and your attention please, I'm
going to call out some things
00:00:36.236 --> 00:00:40.336 A:middle
that are in OS X 10.9 that
you need to be aware about.
00:00:42.526 --> 00:00:44.376 A:middle
We're assuming that
the target audience
00:00:44.376 --> 00:00:47.646 A:middle
for this is somebody that's
already developing a kext,
00:00:48.206 --> 00:00:52.596 A:middle
you think you're about
to develop a kext.
00:00:52.596 --> 00:00:55.956 A:middle
And if you're here, you know the
top three reasons why you need
00:00:55.956 --> 00:00:58.206 A:middle
to avoid writing a kext
if at all possible.
00:00:58.656 --> 00:01:02.046 A:middle
So if you're thinking about
it then here's a couple things
WEBVTT
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
00:00:58.656 --> 00:01:02.046 A:middle
So if you're thinking about
it then here's a couple things
00:01:02.046 --> 00:01:02.836 A:middle
that you need to think
00:01:02.836 --> 00:01:05.846 A:middle
about before you get
into writing a kext.
00:01:06.566 --> 00:01:09.106 A:middle
Kexts require wired
memory, so all the memory
00:01:09.106 --> 00:01:11.476 A:middle
that your kext consumes
is not available
00:01:11.476 --> 00:01:15.126 A:middle
for the rest of the system.
00:01:15.256 --> 00:01:16.616 A:middle
Mistakes are often fatal,
00:01:16.616 --> 00:01:20.046 A:middle
so if you run it writing an
application, you make a mistake,
00:01:20.046 --> 00:01:21.256 A:middle
you crash the application.
00:01:21.966 --> 00:01:24.976 A:middle
You're writing a kext, you
make a mistake and you crash,
00:01:25.086 --> 00:01:27.186 A:middle
you're crashing the whole
system so you affect everybody.
00:01:28.876 --> 00:01:29.906 A:middle
Debugging is harder.
00:01:29.906 --> 00:01:35.016 A:middle
So today, if you're developing
an application with Xcode,
00:01:35.016 --> 00:01:37.516 A:middle
debugging is very
simple, very, very simple.
00:01:38.346 --> 00:01:40.836 A:middle
If you're debugging a kext,
you need two machines,
00:01:40.836 --> 00:01:41.896 A:middle
you need to setup the machine,
00:01:41.896 --> 00:01:43.216 A:middle
you need to configure
it correctly.
00:01:43.216 --> 00:01:46.436 A:middle
The problems that you're dealing
with are often much harder
00:01:46.486 --> 00:01:49.036 A:middle
to figure out, so
debugging is much harder.
00:01:50.876 --> 00:01:54.376 A:middle
So, if you're still not deterred
and you still really think
00:01:54.376 --> 00:01:55.666 A:middle
that you need to develop a kext,
00:01:56.186 --> 00:01:59.756 A:middle
then if you must there's
two things that you need
00:01:59.756 --> 00:02:04.666 A:middle
to read before you even start
writing your first line of code.
WEBVTT
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
00:01:59.756 --> 00:02:04.666 A:middle
to read before you even start
writing your first line of code.
00:02:05.226 --> 00:02:07.496 A:middle
The Kernel Extension
Programing Topics
00:02:08.395 --> 00:02:12.266 A:middle
and the Kernel Programing
Guide, so make sure you read
00:02:12.266 --> 00:02:15.236 A:middle
through those, and if you
still need to develop a kext,
00:02:15.816 --> 00:02:18.806 A:middle
make sure you talk to us to
see if there's any other way.
00:02:19.736 --> 00:02:23.976 A:middle
And, if you're going
to write a kext,
00:02:23.976 --> 00:02:25.576 A:middle
you're mantra should always be,
00:02:25.776 --> 00:02:28.156 A:middle
"With great power comes
great responsibility."
00:02:28.156 --> 00:02:35.266 A:middle
Now let's quickly go
over a little overview
00:02:35.266 --> 00:02:37.586 A:middle
of what kext development
is all about.
00:02:38.146 --> 00:02:41.286 A:middle
So a kext is just a bundle
that extends the kernel.
00:02:42.436 --> 00:02:44.446 A:middle
Kext stands for:
Kernel Extension,
00:02:44.986 --> 00:02:48.676 A:middle
and it's only available
for OS X.
00:02:48.676 --> 00:02:51.746 A:middle
So if you're trying
to write a kext
00:02:51.746 --> 00:02:53.096 A:middle
for iOS, we don't allow that.
00:02:53.096 --> 00:02:57.476 A:middle
And a kext is structured
just like any other CFBundle.
WEBVTT
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
00:03:00.196 --> 00:03:03.156 A:middle
Do you see the binary
down in the OS folder?
00:03:03.156 --> 00:03:06.846 A:middle
So here the Apple sample PCI
kext, you're going to see this
00:03:06.846 --> 00:03:11.466 A:middle
through all three of our talks
today about kext development.
00:03:12.276 --> 00:03:15.356 A:middle
You'll see that the executable
is down in the OS folder.
00:03:16.576 --> 00:03:22.096 A:middle
The Info.plist describes all
the properties of your kext
00:03:22.096 --> 00:03:24.306 A:middle
and I'm going to call out
two here that we're going
00:03:24.306 --> 00:03:26.316 A:middle
to discuss later today.
00:03:27.086 --> 00:03:31.896 A:middle
The CFBundleIdentifier, so
that identifies your kext
00:03:32.346 --> 00:03:35.276 A:middle
in the whole kext name space,
so that's a unique identifier
00:03:35.776 --> 00:03:37.516 A:middle
across the whole system.
00:03:38.336 --> 00:03:43.696 A:middle
CFBundleVersion, so that allows
the kext management system
00:03:43.696 --> 00:03:45.356 A:middle
to figure out which
of your kexts,
00:03:45.356 --> 00:03:48.866 A:middle
if it has the same
bundle ID to load.
00:03:49.226 --> 00:03:52.086 A:middle
Now this becomes very
important and today when we talk
00:03:52.086 --> 00:03:53.736 A:middle
about some of the other
things that we're changing,
00:03:53.996 --> 00:03:57.266 A:middle
that you are bumping that
version number as you go along.
00:03:59.766 --> 00:04:03.756 A:middle
Okay, so you're part of the
kernel and part of that means
WEBVTT
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
00:03:59.766 --> 00:04:03.756 A:middle
Okay, so you're part of the
kernel and part of that means
00:04:03.756 --> 00:04:06.766 A:middle
that you have to buy
into extra protection.
00:04:07.256 --> 00:04:11.996 A:middle
So, we require specific
File and Folder permissions.
00:04:12.976 --> 00:04:16.196 A:middle
Kexts must be owned by root
and the group must be wheel.
00:04:18.466 --> 00:04:23.566 A:middle
Must only be writable by
root, and permissions are deep
00:04:23.566 --> 00:04:27.726 A:middle
so this little folder here on
the right shows you if you did
00:04:27.776 --> 00:04:31.166 A:middle
like an 'ls -alR' all
permissions all the way
00:04:31.166 --> 00:04:32.506 A:middle
through would look like that.
00:04:33.036 --> 00:04:35.796 A:middle
If you get any of
those incorrect,
00:04:36.236 --> 00:04:37.326 A:middle
your kext will not load.
00:04:37.876 --> 00:04:44.596 A:middle
And you can use kextutil
-tn which is test no load
00:04:44.886 --> 00:04:48.836 A:middle
to verify your kext as
you're developing it.
00:04:48.836 --> 00:04:55.186 A:middle
Okay new in OS X 10.9, we
are now code signing kexts
00:04:55.446 --> 00:04:57.816 A:middle
and checking the
signature of your kext.
00:04:58.276 --> 00:05:04.096 A:middle
In OS 10.9 all kext
signatures are verified.
WEBVTT
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
00:04:58.276 --> 00:05:04.096 A:middle
In OS 10.9 all kext
signatures are verified.
00:05:06.486 --> 00:05:09.806 A:middle
Unsigned or invalid
signatures are not fatal
00:05:09.896 --> 00:05:11.446 A:middle
with just one exception
and I'll talk
00:05:11.446 --> 00:05:13.546 A:middle
about that exception
in just a little bit.
00:05:15.616 --> 00:05:21.616 A:middle
So if you sign a kext in
10.9 and try to run it
00:05:21.906 --> 00:05:26.476 A:middle
on earlier versions, newer
than 10.8, it will not load,
00:05:26.476 --> 00:05:29.746 A:middle
there was some code signing
machinery changes in there
00:05:29.746 --> 00:05:32.206 A:middle
that will not allow those to
load, so just keep that in mind.
00:05:34.126 --> 00:05:37.266 A:middle
Valid code signatures will
eventually be mandatory
00:05:37.266 --> 00:05:38.586 A:middle
on all kexts.
00:05:38.866 --> 00:05:42.006 A:middle
So now in 10.9, there's
only one place its mandatory
00:05:42.306 --> 00:05:46.656 A:middle
and I'll talk about that, but
be prepared, be proactive.
00:05:46.656 --> 00:05:50.316 A:middle
Let's get your kexts signed and
you'll be ready for the future.
00:05:50.936 --> 00:05:54.246 A:middle
And again, kextutil -tn is good
00:05:54.246 --> 00:05:56.236 A:middle
for testing your
code signatures.
00:05:56.236 --> 00:05:59.166 A:middle
Now I have to mention in the
seed that you have today,
00:05:59.666 --> 00:06:02.436 A:middle
I didn't quite get around
to getting that working,
WEBVTT
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
00:05:59.666 --> 00:06:02.436 A:middle
I didn't quite get around
to getting that working,
00:06:02.436 --> 00:06:06.146 A:middle
so it's fixed in the next
seed they will actually test,
00:06:06.146 --> 00:06:09.266 A:middle
so you can just try a kext
load to verify your signature.
00:06:11.066 --> 00:06:13.786 A:middle
Okay so now I want to talk
a little about kext loading.
00:06:13.786 --> 00:06:16.266 A:middle
So there's three types of loads
here I want to talk about.
00:06:16.266 --> 00:06:20.916 A:middle
Autoload. So autoload is
basically your IOKit KEXT
00:06:21.366 --> 00:06:24.286 A:middle
when it matches hardware that's
attached to your machine,
00:06:24.556 --> 00:06:27.256 A:middle
the kext machinery goes
through, matches the best driver
00:06:27.256 --> 00:06:29.176 A:middle
for that, and loads it for you.
00:06:30.076 --> 00:06:33.266 A:middle
Now, where we find
those kexts now is
00:06:33.266 --> 00:06:36.966 A:middle
in /System/Library/Extensions.
00:06:36.966 --> 00:06:39.826 A:middle
So on-demand loading
of kexts, so you can do
00:06:39.826 --> 00:06:43.326 A:middle
that by an explicit path,
so here we're using kextload
00:06:43.326 --> 00:06:45.866 A:middle
with our Apple sample PCI kext.
00:06:46.116 --> 00:06:48.156 A:middle
So I just give it
a specific path.
00:06:48.556 --> 00:06:51.316 A:middle
You can also use your
CFBundleIdentifier.
00:06:51.576 --> 00:06:57.126 A:middle
So here is kextload -b with a
big, long bundle ID that we have
00:06:57.126 --> 00:07:01.246 A:middle
for our sample kext, and again,
if you supply nothing else
WEBVTT
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
00:06:57.126 --> 00:07:01.246 A:middle
for our sample kext, and again,
if you supply nothing else
00:07:01.246 --> 00:07:04.336 A:middle
to kextload, we'll go
search for that bundle ID
00:07:04.336 --> 00:07:06.136 A:middle
in System/Library/Extensions.
00:07:06.536 --> 00:07:11.176 A:middle
And the other place that
your kext gets loaded is
00:07:11.176 --> 00:07:12.326 A:middle
from the kernel cache.
00:07:12.636 --> 00:07:16.696 A:middle
So the kernel cache is built to
speed up the boot of the system
00:07:17.056 --> 00:07:19.686 A:middle
and in there is anything
that is required for booting,
00:07:19.686 --> 00:07:21.806 A:middle
for rooting, anything that needs
00:07:21.806 --> 00:07:25.046 A:middle
to be loaded early can be
put in the kernel cache.
00:07:25.376 --> 00:07:28.946 A:middle
And again, when we
build that, by default,
00:07:28.946 --> 00:07:32.866 A:middle
we'll look for those kexts out
of System/Library/Extensions.
00:07:33.856 --> 00:07:34.926 A:middle
So you see a pattern there
00:07:34.926 --> 00:07:37.516 A:middle
that /System/Library/Extensions
is very important
00:07:37.516 --> 00:07:40.326 A:middle
for us finding kexts
automatically.
00:07:42.136 --> 00:07:47.186 A:middle
Okay now in 10.9, autoload,
on-demand load by bundle ID
00:07:47.516 --> 00:07:50.606 A:middle
and kernel cache builds
will look not only
00:07:50.606 --> 00:07:54.296 A:middle
in /System/Library/Extensions,
but also /Library/Extensions.
00:07:55.006 --> 00:07:57.616 A:middle
So, and again, if you touch,
00:07:57.616 --> 00:08:00.996 A:middle
the /System/Library/Extensions
we will automatically rebuild
WEBVTT
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
00:07:57.616 --> 00:08:00.996 A:middle
the /System/Library/Extensions
we will automatically rebuild
00:08:00.996 --> 00:08:01.456 A:middle
the kernel cache.
00:08:01.456 --> 00:08:04.426 A:middle
/Library/Extensions is the
same thing except, again,
00:08:04.426 --> 00:08:05.466 A:middle
the seed that you have,
00:08:06.836 --> 00:08:08.766 A:middle
that will not work
until the next seed.
00:08:08.766 --> 00:08:11.076 A:middle
We have a fix that
I just put in.
00:08:12.226 --> 00:08:15.576 A:middle
Okay, and you must sign
your kext if you're going
00:08:15.576 --> 00:08:17.836 A:middle
to deploy them in
/Library/Extensions.
00:08:17.986 --> 00:08:20.076 A:middle
So this is the exception I
was talking about earlier.
00:08:20.526 --> 00:08:27.076 A:middle
So, if it's not signed, we
will not load it from there.
00:08:27.276 --> 00:08:29.596 A:middle
Okay. So we've done
some research to find
00:08:29.596 --> 00:08:33.476 A:middle
out where your kext is
already installed recently.
00:08:33.476 --> 00:08:35.936 A:middle
Of course,
/System/Library/Extensions
00:08:35.936 --> 00:08:38.966 A:middle
and those are needed for
autoload or autosearch.
00:08:39.655 --> 00:08:43.186 A:middle
/Library/Application
Support, that's a fine place,
00:08:43.186 --> 00:08:44.306 A:middle
and that's where you guys are.
00:08:44.306 --> 00:08:46.976 A:middle
/System/Library/Extensions/File
Systems,
00:08:46.976 --> 00:08:49.686 A:middle
that's where mainly our
file system kexts are.
00:08:50.546 --> 00:08:54.016 A:middle
/Library/File Systems are
your File System kexts.
00:08:54.886 --> 00:09:00.596 A:middle
Library startup items, in
the application folder,
WEBVTT
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
00:08:54.886 --> 00:09:00.596 A:middle
Library startup items, in
the application folder,
00:09:00.636 --> 00:09:04.406 A:middle
inside your app bundles,
that's a perfectly good place
00:09:04.406 --> 00:09:07.146 A:middle
for your kexts and
/Library/Extensions.
00:09:07.316 --> 00:09:10.036 A:middle
Again, it did not support
autosearch or autoload.
00:09:10.576 --> 00:09:17.436 A:middle
In OS 10.9, same setup, these
are all perfectly fine places
00:09:17.436 --> 00:09:20.166 A:middle
and now we have the
autoload and autosearch
00:09:20.166 --> 00:09:23.416 A:middle
in /Library/Extensions and,
again, the caveat there is
00:09:23.416 --> 00:09:27.186 A:middle
that they must be signed.
00:09:27.386 --> 00:09:30.926 A:middle
Okay where we want
your kexts installed.
00:09:31.826 --> 00:09:35.966 A:middle
So the autoload kext that
required rooting, booting,
00:09:36.136 --> 00:09:39.106 A:middle
early, you know, early
load from the kernel cache
00:09:39.536 --> 00:09:43.326 A:middle
and autosearching of
kexts, again, we want those
00:09:43.326 --> 00:09:45.576 A:middle
in /Library/Extensions
and they must be signed.
00:09:46.086 --> 00:09:50.566 A:middle
/System/Library/Extensions
for compatibility.
00:09:50.566 --> 00:09:53.296 A:middle
So if you have shipping kexts
out there, which you already do,
00:09:53.616 --> 00:09:56.516 A:middle
it's fine to leave those in
/System/Library/Extensions.
00:09:56.566 --> 00:09:58.656 A:middle
As you revise and start
signing your kexts,
00:09:58.846 --> 00:10:00.576 A:middle
move them to
/Library/Extensions,
WEBVTT
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
00:09:58.846 --> 00:10:00.576 A:middle
move them to
/Library/Extensions,
00:10:01.146 --> 00:10:05.866 A:middle
and anything on 10.8 and
earlier, the unsigned kexts,
00:10:06.096 --> 00:10:08.516 A:middle
leave them in
/System/Library/Extensions,
00:10:09.246 --> 00:10:11.396 A:middle
that's fine, all other
kexts though, any other kext
00:10:11.396 --> 00:10:12.886 A:middle
that doesn't need
to be autoloaded
00:10:13.226 --> 00:10:16.076 A:middle
or automatically
found by the system.
00:10:16.576 --> 00:10:20.406 A:middle
Signed kexts can go into
/Library/Extensions,
00:10:20.406 --> 00:10:23.916 A:middle
so just because we autosearch
and autoload from there,
00:10:24.236 --> 00:10:26.886 A:middle
if you sign your kext, it's
still fine to put it in there.
00:10:26.886 --> 00:10:28.886 A:middle
Even if you don't
need to be autoloaded.
00:10:31.036 --> 00:10:32.886 A:middle
Do not install anywhere
in /System.
00:10:34.116 --> 00:10:36.876 A:middle
So in the future, we are
going to tighten down access
00:10:37.046 --> 00:10:41.216 A:middle
to the system hierarchy,
the whole hierarchy
00:10:41.216 --> 00:10:44.526 A:middle
down from /System and
everything in there.
00:10:45.496 --> 00:10:49.606 A:middle
So, be proactive and stay out of
there because changes are coming
00:10:49.606 --> 00:10:53.306 A:middle
that will require
that you not be there.
00:10:54.086 --> 00:10:56.986 A:middle
So all the other common
locations that I talked about,
00:10:56.986 --> 00:11:01.506 A:middle
applications in your application
bundle, all those are fine.
WEBVTT
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
00:10:56.986 --> 00:11:01.506 A:middle
applications in your application
bundle, all those are fine.
00:11:01.706 --> 00:11:07.446 A:middle
So, you may need to have
two kexts for compatibility
00:11:07.556 --> 00:11:09.926 A:middle
and in a little bit we'll
show you actually how
00:11:09.926 --> 00:11:11.246 A:middle
to build those kexts, sign them,
00:11:11.246 --> 00:11:14.686 A:middle
and deploy them across
multiple OS's.
00:11:16.366 --> 00:11:20.396 A:middle
Okay. So, we're talking
about signing your kexts,
00:11:20.396 --> 00:11:21.496 A:middle
so how do you go about that?
00:11:21.856 --> 00:11:25.446 A:middle
The Developer ID
Program is your mechanism
00:11:25.446 --> 00:11:26.746 A:middle
to get your kext signed.
00:11:26.746 --> 00:11:27.626 A:middle
So what is this?
00:11:28.226 --> 00:11:29.936 A:middle
Its part of the Mac
Development Program,
00:11:30.016 --> 00:11:32.306 A:middle
which you're probably
already a member of.
00:11:32.886 --> 00:11:34.796 A:middle
It allows distribution
00:11:34.796 --> 00:11:37.616 A:middle
of applications outside
of the Mac App Store.
00:11:38.306 --> 00:11:40.896 A:middle
So a kext is not
going to be delivered
00:11:40.896 --> 00:11:41.976 A:middle
through the Mac App Store,
00:11:41.976 --> 00:11:44.606 A:middle
so this is actually a
great place for you guys.
00:11:45.456 --> 00:11:48.276 A:middle
And then you get a special
Developer ID Certificate
00:11:48.576 --> 00:11:54.406 A:middle
for signing your applications
and now in OS 10.9 you're going
00:11:54.406 --> 00:11:58.166 A:middle
to get a new certificate for
signing applications and kexts.
00:11:58.616 --> 00:12:04.176 A:middle
So how do you go about getting
this Developer ID Certificate?
WEBVTT
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
00:11:58.616 --> 00:12:04.176 A:middle
So how do you go about getting
this Developer ID Certificate?
00:12:05.406 --> 00:12:06.106 A:middle
Very simple.
00:12:06.466 --> 00:12:09.086 A:middle
So you go up to
developer.apple.com,
00:12:10.386 --> 00:12:13.496 A:middle
Resources/Developer ID,
you click on the link
00:12:13.496 --> 00:12:15.996 A:middle
to request a Developer
ID Certificate,
00:12:18.086 --> 00:12:22.096 A:middle
you fill out the form, and then
once the form is approved you'll
00:12:22.096 --> 00:12:24.486 A:middle
go back to the Member Center
00:12:24.896 --> 00:12:28.546 A:middle
and in
Certificate/Identifier/Profiles
00:12:29.246 --> 00:12:31.466 A:middle
you will see this.
00:12:32.386 --> 00:12:33.896 A:middle
This should be active
right now, by the way,
00:12:33.896 --> 00:12:35.016 A:middle
so you should be able to go up
00:12:35.046 --> 00:12:37.176 A:middle
and get your certificate
right now,
00:12:37.356 --> 00:12:39.376 A:middle
so click on the Developer
ID Application
00:12:39.376 --> 00:12:43.126 A:middle
and kernel extensions,
and you're ready to go.
00:12:43.836 --> 00:12:45.866 A:middle
So for more information
you can go back
00:12:45.866 --> 00:12:49.376 A:middle
up to developer.apple.com
and then, also,
00:12:49.376 --> 00:12:54.906 A:middle
Session 702 from last
year's WWDC, Perry talked
00:12:54.906 --> 00:12:57.416 A:middle
about Gatekeeper and
Developer ID, so he talked
00:12:57.416 --> 00:12:59.386 A:middle
about the Developer
ID Program last year
00:12:59.926 --> 00:13:01.676 A:middle
in context for applications.
WEBVTT
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
00:12:59.926 --> 00:13:01.676 A:middle
in context for applications.
00:13:02.376 --> 00:13:06.106 A:middle
All that stuff he talked about
in that session, he gives a lot
00:13:06.106 --> 00:13:07.486 A:middle
of information about
code signing,
00:13:07.486 --> 00:13:09.146 A:middle
is applicable to you guys too.
00:13:09.416 --> 00:13:12.316 A:middle
So go back and look at
that, there's a great deal
00:13:12.316 --> 00:13:14.046 A:middle
of information there for you.
00:13:15.266 --> 00:13:22.036 A:middle
Okay. So in the seed that
you have now, in 10.9,
00:13:22.636 --> 00:13:24.546 A:middle
I want to call out some
things that are going
00:13:24.546 --> 00:13:27.116 A:middle
to affect you and our customers.
00:13:27.736 --> 00:13:31.146 A:middle
The first thing, as I said
before, /Library/Extensions,
00:13:31.246 --> 00:13:33.676 A:middle
kexts in /Library/Extensions
will not load
00:13:33.986 --> 00:13:37.226 A:middle
if they're unsigned or if