[threeseed]

No. Provide a source that Apple actively prevents it.

Developers can ask users for their admin password, sudo to root and largely do whatever they want including adding kernel extensions and drivers.

[snuxoll]

kext's must be signed now, Apple can freely revoke developer certs and block them if they so desire.

[threeseed]

Signing was designed for security purposes which is the only reason where certificate revocation has been used to date. There seems to be a lot of FUD here but without any actual hard examples.

[stymaar]

But it prevents doing what you just said above :

> Developers can ask users for their admin password, sudo to root and largely do whatever they want including adding kernel extensions and drivers.

[plorkyeran]

Having a technical means to make distribution of a driver awkward is quite a few steps short of forbidding it.

[nicky0]

But they only use these power to shut out malware. Not to nix software they don't like.

[AlphaSite]

Windows drivers need to be signed as well, whats the problem?

[snuxoll]

But not by Microsoft, you can opt to obtain WHQL certification for your driver and have MS sign them - but it's also acceptable to get a code signing cert from any trusted CA.

Apple controls all the keys for macOS, AFAIK there's not even an option to add additional CA's for code-signing trust. To get around this you have to completely disable SIP, and it's rather stupid to tell users they must disable a well-meaning (if somewhat poorly implemented) security feature to install a kext because Apple doesn't like you (no knowledge if this has happened, but it can, and I don't care for that).

[stymaar]

> sudo to root and largely do whatever they want

Not anymore, even being root doesn't give you total control now[1], and custom kernel extensions are among the things that are prohibited.

This «feature» bas been introduced in El Capitan for «security reason».

[1] System Integrity Protection : System Integrity Protection

[alwillis]

It's easy to disable System Integrity Protection:

https://developer.apple.com/library/content/documentation/Se...

[stymaar]

Let's not forget the post I was replying to :

> Developers can ask users […]

Have you ever seen anybody shipping software asking their user to do stuff like this to get their software working ?

> Boot to Recovery OS by restarting your machine and holding down the Command and R keys at startup.

[vetinari]

Sure, and your grandma (=proxy for mainstream user) is surely going to do that.

It's simply a no-go for the mainstream market that expects things to just work.