Failed to execute with private entitlements

Question

Failed to execute with private entitlements

4ch12dy opened this issue 3 years ago · 3 comments

Environments

macOS: Serra
Lilu kext load success.
AMFIExemption load success.
AMFIExemption info.plist

Problems

If use self-sign with requested entitlement, the app/cmd will be failed to execute. Terminal just say "zsh: killed"
Console log: proc 9220: load code signature error 4 for file "snappy"

I don't understand "This KEXT only disables the requirement that most entitlements require an Apple CA anchor"

AMFIExemption has no " remove amfi check" code , I think. So how to sign binary with private entitlement ? That can get amfi exemption.

Answer 1 · 2021-12-15T09:29:14.000Z

I only tested this on Mojave and Catalina. It probably doesn’t work on other versions.

Answer 2 · 2021-12-15T10:47:34.000Z

Thanks for your response!
In Fact, I tested it on Mojave, too.
The problem is below

I don't understand "This KEXT only disables the requirement that most entitlements require an Apple CA anchor"

AMFIExemption has no " remove amfi check" code , I think. So how to sign binary with private entitlement ? That can get amfi exemption.

When I use self-sign with special entitlements, Binary can not execute due to AMFI

More info:

Could you show more explanation or some examples? Thank you so much!

Answer 3 · 2021-12-15T14:12:24.000Z

Use codesign -s - --entitlements /path/to/xml /path/to/bin