Thursday, March 27, 2014

Apple Discourages Mac Kernel Extension Development

Landon Fuller:

My IOUSBFamily radar: “The issue is not going to be addressed … We discourage developers to do anything in kernel”

Wolf Rentzsch:

If this Radar response is accurate, it appears Apple will no longer publish OS X’s IOUSBFamily source code.

Landon Fuller:

Along with the kext signing approval requirements, I’d say the writing is on the wall: Apple’s not afraid to knee-cap Mac OS X, iOS-style.

I can see why Apple doesn’t like kernel extensions, but forbidding them, or locking out all but a few high-profile developers, would be bad for the future of the platform.

5 Comments RSS · Twitter

I can understand to some extent why this could be a bad thing. However, as a user, I strongly dislike installing kexts. They are synonymous with "huge risk" in my book. There have been plenty of past cases where kernel extensions cause stability issues or problems when upgrading OS X. (I imagine they present significant security risks as well, but I'm just guessing here.)

I'd love to never have to install a kext again. I'm not sure whether this will make certain useful 3rd party software or hardware features fundamentally impossible (my Wacom tablet relies on one), or if OS X will adapt to provide the needed flexibility by some other means.

If you can not install a kernel extension on OS X, then you would have to trust Apple when it comes to security (network, file system) and considering their track records, this is not something anyone would like. Virtualization might also become more difficult.

I think they are just discouraging developers to do stuff in the kernel when it can be done in user land.

The Mac kernel is a Mach micro kernel, developed by the MIT pointy heads specifically to be safely extensible, so you can add extensions withou bringing down a system.

@John Mach was developed at CMU. My understanding is that the XNU kernel is not a true microkernel (for performance reasons), and extensions really can bring down the system.

Discouraging kexts is fine, as it's one big address space and a kext can indeed hose the system. But sometimes they are useful and necessary. If Apple does ban them, that's really bad news, and reduces OS X to an iOS-like toy, not a personal general purpose computer. Sadly, that seems to be where our corporate masters are taking us. :(

Leave a Comment