Apple regularly introduces innovative solutions and improvements to macOS. However, not all improved tools can fully replace their predecessors. This is what happened with kernel extensions and their successors, System Extensions and DriverKit.
My KEXT is named SteerMouse.kext, but you can replace that with the KEXT name of your choice. Once you’ve got it deleted, reboot your system and the KEXT will.
In this article, we overview the basics of implementing macOS kernel extensions. We discuss typical tasks requiring kernel extensions as well as tools and environments for creating them. We also take a look at some peculiar aspects of creating kexts. This tutorial will be useful for macOS developers working on projects that still require the use of kernel extensions.
- OpenCore is what we refer to as a 'boot loader', this is a complex piece of software that we use to prepare our systems for macOS. Specifically by injecting new data for macOS such as SMBIOS, ACPI tables and kexts.
- Easy Kext Installer is a minimalist Mac OS X utility that allows you to install one or several kext files with a single drag and drop action, and makes sure to perform all the necessary system maintenance tasks afterwards. Unsophisticated kernel extensions installer that is featuring a user-friendly.
Contents:
Introduction to the macOS kernel and kernel extensions
The kernel is the central part of an operating system, providing applications with coordinated access to system resources: CPU, memory, external hardware, external input/output devices, and so on. The kernel usually provides access to applications’ executable processes. It does so using mechanisms for interprocess communication and by providing applications with access to operating system calls.
The macOS kernel is XNU — an acronym for X is Not Unix. This hybrid kernel was developed by Apple and is used in the macOS family. In 2019, Apple introduced macOS version 10.15, also known as macOS Catalina, which contained System Extensions and DriverKit and moved most kernel APIs to the user space. This approach changed the way developers access kernel parts of the system and improved the security and stability of macOS. However, adding System Extensions and DriverKit to macOS didn’t completely erase the need for kernel extensions (kexts). Let’s look closer at the peculiarities of this macOS feature.
.kext kernel extensions
A kernel extension, or kext, is an application bundle used for extending the functionality of the macOS kernel. It’s the minimum unit of executable code that can be loaded and used in the kernel.
Usually, there’s no need for creating a kext when developing a macOS solution. The functionality available in user mode is sufficient for most tasks. Also, with the introduction of System Extensions and DriverKit, Apple has reduced the number of permitted APIs and cases where kexts can and need to be used.
But since the capabilities of System Extensions and DriverKit don’t cover all kext use cases, many developers still have to build and install custom kernel extensions.
There are tasks that can’t be implemented without a kernel extension, including:
- supporting a certain type of file system (including creating a new one)
- writing a specific device driver that the DriverKit API doesn’t cover (for example, a graphics driver)
One of the main restrictions when creating a kext is that the code of the kext itself, as indicated in Apple’s official documentation, should be essentially flawless. The reason for this strict quality requirement is simple enough: the worst-case scenario for an application is a crash and emergency exit. But if a kernel module fails, the worst-case scenario is a crash of the entire operating system and a reboot of the device. And if a kext is loaded at system startup and contains an error, it will crash the system each time it starts, thus complicating system recovery.
To avoid such unpleasant scenarios, it’s crucial to ensure the highest quality of kext code. In the next section, we take a look inside a kernel extension to give you a better understanding of its structure and most important operations.
Read also:
Avoiding Kernel Development in macOS with System Extensions and DriverKit
Inside a kernel extension
Before you dive into the world of custom development of kernel extensions for macOS, you need to get familiar with the structure, enter/exit routines, and kernel–user interactions of macOS. If you already know all about this, you can move straight to the next section.
Kext bundle structure
A kext, like any other macOS application, is a bundle, only with the .kext extension. A bundle is a special folder that encapsulates application resources (in our case, kext resources).
A kext bundle must contain two files:
- a compiled binary file with executable code
- an Info.plist file containing information about the kernel extension: name, version, identifier, kernel library dependencies, etc.
Kexts For Mac Os X 10.7
Sometimes, the bundle.kext folder also contains additional files, including:
- device firmware
- resources (including those localized for use by user mode applications)
- plugins, including other kexts
Enter/exit routines
Depending on the type of extension, a kext can be written in C or C ++ and has its own peculiarities when loading to and unloading to/from the kernel:
Since this article is devoted to regular kexts, let’s take a closer look at loading and unloading kernel extensions.
In kernel extension code, you must implement entry points — functions that are called when a kext is loaded to and unloaded from the kernel.
Entry points can have arbitrary names that must be specified in the project file:
Remove Kexts Macos
Entry point functions have fixed prototypes: