Adds kext whitelisting for VMware Tools from Fusion 11.5.3 (#45) #56
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds the kernel extension approval to the KextPolicy that is necessary for VMware Tools to load, a new requirement for Catalina. The new configuration may (or may not) be specific to the VMware Tools bundled with Fusion 11.5.3 (currently the latest), which was the version that was installed and approved in order to observe these values.
NB: At some point while researching this issue I found "the origin of macinbox" and found that it too also had these declarations in the KextPolicy. Observe that the values for
boot_uuid
andflags
are different than in this diff.For consideration
My goal for this change was to have something that worked, and there's a few things that I didn't take into consideration originally that perhaps should be. Feel free to iterate on the PR, which I'm mostly intending as a vehicle to share this configuration and the learnings I found.
created_at
andlast_seen
values for my manual installation of the Tools. While I would be surprised if these values had any unintended consequences for various use cases, in that case it might be good to get them from the system clock (or the clock of the VM, if that's known by this point).cd_hash
(a code signature fingerprint, which is computed at migration time) to thekext_load_history_v3
table, along with some other metadata about the migration(s). I wasn't able to figure out the macOS version compatibility story for the migration(s), so I avoided incorporating those changes here. I also figure that since thecd_hash
should be different for each version of the kexts, not including it here should add some future-proofness (although I cannot speak to the other values).Testing
Created a Fusion VM using this change, and was able to successfully get the IP address of the VM (
vmrun -T fusion getGuestIPAddress
) which does not work unless the VMware Tools are installed).