Hello,
I'm trying to develop a driver that uses PCIe through the mac's thunderbold ports. I requested a PCI entitlement, and it's just an empty array in the entitlements file by default. I was wondering if the vendor ID submitted with my entitlement request is supposed to populate this dictionary? I'm currently getting an entitlement check failed from kernel: DK: IOUserServer and was unsure if the PCI entitlement configuration was incorrect. Default entitlement:
<key>com.apple.developer.driverkit.transport.pci</key>
<array>
</array>
I'd be happy to provide more information as needed, but any guidance would be much appreciated.
Thanks in advance.
There are some key things to keep in mind here:
- Your provisioning profile acts as an entitlement allowlist.
- Your
.entitlementsfile is source code that feeds into the code signing machinery. - The entitlements claimed by your app are baked into the app’s code signature. Likewise for embedded app extensions, DEXTs, and so on.
The fact that you’ve been granted access to a capability lets you create an provisioning profile that authorises your use of the associated entitlements. However, you still have to claim that access, by updating your .entitlements file. You can then verify that the claim and the profile are in sync using the codesign and security tools, respectively.
For the exact commands, and more general background, see TN3125 Inside Code Signing: Provisioning Profiles.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"