Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-21 20:23:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

GITBOOK-3991: change request with no subject merged in GitBook

Browse source
This commit is contained in:
CPol 2023-06-24 17:50:58 +00:00 committed by gitbook-bot
parent c8de9ff9ab
commit 8e07f24963
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-kernel-extensions.md
View file

@ -27,6 +27,7 @@ Obviously, this is so powerful, it's complicated to load a kernel extension. The
* The Kext must be **signed with a kernel code signing certificate**, which can only be granted by **Apple**. Who will be **reviewing** in detail the **company** and the **reasons** why this is needed.
* The Kext also needs to be **notarized**, Apple will be able to check it for malware.
* Then, the **root user** is the one that can load the Kext and the files inside the bundle must belong to root.
* During the loading process the bundle must be staged to a rootless protected location: /`Library/StagedExtensions` (requires entitlement `com.apple.rootless.storage.KernelExtensionManagement`)
* Finally, once trying to load it, the [**user will be prompted for confirmation**](https://developer.apple.com/library/archive/technotes/tn2459/\_index.html) and if accepted, the computer must **reboot** to load it.
### Loading Process
@ -46,6 +47,7 @@ If kextd is not available, kextutil can perform the same checks.
## References
* [https://www.makeuseof.com/how-to-enable-third-party-kernel-extensions-apple-silicon-mac/](https://www.makeuseof.com/how-to-enable-third-party-kernel-extensions-apple-silicon-mac/)
* [https://www.youtube.com/watch?v=hGKOskSiaQo](https://www.youtube.com/watch?v=hGKOskSiaQo)
<details>