Ship signed kext

[droe]

A signed kext is needed for deployments with reliable acquisition of executable image hashes and code signature information. Prerequisite is that I receive a kext signing certificate from Apple. As a workaround, a holder of a kext signing certificate could volunteer to sign xnumon.kext.

[droe]

Also investigate the exact user approval requirements on High Sierra and how to deploy in enterprises without depending on user approval.
https://developer.apple.com/library/archive/technotes/tn2459/_index.html

[droe]

Timeline of communication with Apple:

• 2018-02-09 [684724033] First request to grant kext signing certificate to team C9BFEG985N, for still unreleased xnumon kext
• 2018-02-26 [684724033] Canned "request denied" message without giving specific reasons
• 2018-02-27 [684724033] Follow-up message to Apple explaining that xnumon meets the requirements and asking for specific reasons for denying the request
• 2018-03-25 [687763423] Second request to grant kext signing certificate to team C9BFEG985N, for still unreleased xnumon kext
• 2018-06-18 [693392828] Third request to grant kext signing certificate to team C9BFEG985N, for the released xnumon kext
• 2018-06-29 [100573865816] Phone call to Apple Developer Support following a recommendation from Product Security, could not resolve, promised follow-up by mail

[droe]

• 2018-06-29 [100573865816] Follow-up by mail, again explained the need for a kext as well as the business need for xnumon

[droe]

• 2018-07-02 [100573865816] Apple replies that they cannot read the text/plain body of my message; re-sent them a PDF printout done using Mail.app, which incidentally, can read my message just fine

[droe]

• 2018-07-04 [100573865816] Apple replies that they are reviewing the inquiry and will get back soon.

[droe]

• 2018-08-07 [100573865816] Asked for an update after a month without any news.

[droe]

• 2018-08-09 [100573865816] Received update that they are reviewing the request and will get back accordingly.

[droe]

• 2018-09-19 [100573865816] Request for kext signing certificate granted

Expect a point release with signed kext soon.

[droe]

Should verify identity of userspace process attaching to the kext (#45) along with shipping a signed kext.

[droe]

The required infrastructure changes are in develop-0.1.7, to be released after some more testing. Closing this issue.