Steven Michaud

Yes, @ktprograms, it'd be interesting to know the contents of the local boot policy file in a VM that's been set up to support loading third party kexts (while booted...

The page at https://github.com/AsahiLinux/docs/wiki/SW:Boot is very interesting. I notice that it mentions (and at least partially defines) "AP" and "kcOS" -- both of which show up in my research (in...

> I want to figure out how to read the "device tree", and how to manipulate this property in it. Anyone know of a utility that can do this? It...

WRT reading the local boot policy: I think `bputil` can already do this. For example, here's the output of `sudo bputil -d` on one of my VMs. Notice the value...

Apple actually has pretty decent documentation on the local policy file: https://support.apple.com/guide/security/contents-a-localpolicy-file-mac-apple-silicon-secc745a0845/web

Here's a progress report ... or better yet a lack-of-progress report. I pretty quickly discovered that the `osenvironment` stuff is a red herring: I found `kernelmanagerd: kcgen activation settings: [kcgen...

> I could try building a custom kernel, following kernelshaman's instructions. I did this, and managed to get it to work. But yes, it took me down another rabbit hole....

It *does* get hit on physical hardware. To play it safer, I changed the loop to a `panic()` call. Then my machine kept rebooting until I pressed the power button...

I doubt that `kernelmanagerd` hardcodes allowed kernels (though `kmutil create` (which works through `kernelmanagerd`) does insist (on macOS 13) that you have a KDK installed that matches the currently running...

I just tried your testcase on macOS 12.6.3 and 13.2, with HookCase 7.1.1 (the current version), and had no problems. Remember that you need to codesign `hook.dylib` if you haven't...