Hi Apple, We are working on a general USB device management solution on macOS for enterprise security. Our goal is to enforce policy-based restrictions on USB devices, such as: For USB storage devices: block mount, read, or write access. For other peripherals (e.g., USB headsets or microphones, raspberry pi, etc): block usage entirely. We know in past, kernel extension would be the way to go, but as kext has been deprecated. And DriverKit is the new advertised framework. At first, DriverKit looked like the right direction. However, after reviewing the documentation more closely, we noticed that using DriverKit for USB requires specific entitlements: DriverKit USB Transport – VendorID DriverKit USB Transport – VendorID and ProductID This raises a challenge: if our solution is meant to cover all types of USB devices, we would theoretically need entitlements for every VendorID/ProductID in existence. My questions are: Is DriverKit actually the right framework for this kind of general-purpose USB device control? If not, what framework or mechanism should we be looking at for enforcing these kinds of policies? We also developed an Endpoint Security product, but so far we haven’t found a relevant Endpoint Security event type that would allow us to achieve this. Any guidance on the correct technical approach would be much appreciated. Thanks in advance for your help.

Hello everyone, I'm developing a CarPlay app and am trying to test it with the dock on the right side of the screen, as is standard for right-hand drive vehicles like those in Japan. Currently, the CarPlay Simulator always displays the dock on the left, and I can't find an option to change its position. This is important for ensuring a proper user experience for my target market. Has anyone figured out how to configure the simulator for RHD layouts? Any guidance on how to move the dock to the right would be greatly appreciated. Thanks in advance for your help!

We have developed the driver for the ProCapture video capture card based on PCIDriverKit. The App can communicate with the driver through the UserClient API. Currently, there is an issue where, when the App starts, there is a small probability that it causes a driver crash. However, the crash stack trace does not point to our code but appears to be within the PCIDriverKit framework. We have spent several weeks debugging but still cannot identify the root cause of the crash. Could you please review the crash log and suggest any methods to help pinpoint the issue? com.magewell.ProCaptureDriver-2025-09-15-153522.ips com.magewell.ProCaptureDriver-2025-09-15-082500.ips

Hello, dear Apple engineers. We have recently tried to pair our Android phones and iPhones via BLE SMP, but have encountered a very high probability of pairing failures. Through PacketLogger and Android phone HCI, we have determined that the issue is caused by the iOS side sending an SMP Pairing Failed message during the SMP process. Please help us analyze the reason for this.

Hi guys! OK, reaching out for some help here. I am having all kinds of trouble with OSDeclareDefaultStructors. I have seriously been at this for nearly a week now and have come to the conclusion that I need to reach out for help from people that are more experience using Xcode. I believe entirely that my issue is just that I can't for whatever reason see how to set up includes and libraries and things like that. I have this line: OSDeclareDefaultStructors(NukeVirtualGamepad) No matter what I do, Xcode will not recognize OSDeclareDefaultStructors. The project builds a DriverKit > Driver extension. I have literally tried absolutely everything with this. I am at a loss for words. I even set up a new blank project and it still will not recognize OSDeclareDefaultStructors. I did a lot of research and it looks like expo needs OSDeclareDefaultStructors in order for the extension to build with a binary in it instead of being just a codeless extension. Here is the code with the issue: #pragma once #include <DriverKit/OSMetaClass.h> #include <HIDDriverKit/IOUserHIDDevice.h> #include <DriverKit/OSData.h> class NukeVirtualGamepad : public IOUserHIDDevice { OSDeclareDefaultStructors(NukeVirtualGamepad) // The problem is right here! This line! public: // Keep it minimal; no 'override' keywords since the .h types may not mark them virtual bool init(); void free(); kern_return_t Start(IOService* provider); void Stop (IOService* provider); OSData* newReportDescriptor(); // (Optional) helper you’ll use later to inject input matching your report kern_return_t PostInput(uint16_t buttons, int8_t x, int8_t y); }; I do have to mention to everyone that I am still very new with Xcode. So there is a ton that I don't know yet or might be misunderstanding. Has anyone seen this before? Thank you in advance.

I’m creating my first DriverKit extension and I ran into an entitlement issue when trying to load my driver. Error 0x0 8397 7 taskgated-helper: (ConfigurationProfiles) [com.apple.ManagedClient:ProvisioningProfiles] App.Dext: Unsatisfied entitlements: com.apple.developer.driverkit.transport.usb I have already registered the entitlement com.apple.developer.driverkit.transport.usb with my vendor ID in the Apple Developer portal. However, when I download the provisioning profile, it doesn’t include the idVendor value. Screenshot from the developer portal (provisioning profile without idVendor) ? <key>com.apple.developer.driverkit.transport.usb</key> <array> <dict> <key>idVendor</key> <integer>1356</integer> <!-- Sony --> <!-- Có thể bổ sung: <key>idProduct</key> <integer>XXXXX</integer> --> </dict> </array>

I’m creating my first DriverKit extension and I ran into an entitlement issue when trying to load my driver. Error 0x0 8397 7 taskgated-helper: (ConfigurationProfiles) [com.apple.ManagedClient:ProvisioningProfiles] App.Dext: Unsatisfied entitlements: com.apple.developer.driverkit.transport.usb I have already registered the entitlement com.apple.developer.driverkit.transport.usb with my vendor ID in the Apple Developer portal. However, when I download the provisioning profile, it doesn’t include the idVendor value. Screenshot from the developer portal (provisioning profile without idVendor) ? <key>com.apple.developer.driverkit.transport.usb</key> <array> <dict> <key>idVendor</key> <integer>1356</integer> </dict> </array> -Is this error caused by me registering the vendor ID incorrectly? -Or is there an issue with how the entitlement is reflected in the provisioning profile? Any guidance would be appreciated.

I am trying to localize the CFBundleDisplayName and OSBundleUsageDescription of a driver that is part of an app. I am able to use InfoPlist.strings files to localize the Bundle display name for the app, but when I try to use the same file as part of the driver, the name displayed in settings for the app does not change correctly. In fact, it seems to follow the default language set in the xcode project. If the default language is not included in the suite of InfoPlist.strings files, it seems to take the string from the info.plist file. sometimes it just seems to take the English version regardless of the default language or tablet language. Has anyone had success with this?

Starting with iOS 26, we've noticed that the accessoryImage in CPListItem is not working as expected in CarPlay. Previously, accessoryImage would appear in place of the accessoryType, but now it appears awkwardly next to the detailText, and the image itself is not rendering properly. We have submitted feedback to Apple multiple times, but the issue still persists in the latest beta releases. In general, there seem to be several CarPlay UI problems introduced in iOS 26. For example: In CPPointOfInterestTemplate, the pinImage is displayed at an excessively large size. Scroll positions in lists behave unexpectedly. CPInformationTemplate allows infinite scrolling, which seems unintended. Please take a look into these issues. Thank you.

After some experimentation with copying multiple DriverKit SDKs into /Applications/Xcode.app/Contents/Developer/Platforms/DriverKit.platform/Developer/SDKs/DriverKit, it's become clear that Xcode only supports the DriverKit version that ships with it. There is no way to configure an alternative SDK within a project and changing to a different one results in strange build warnings and errors. This begs the question - how are developers supposed to develop and support dexts? Here's one example scenario: SCSIDriverKit introduced a breaking change in DriverKit 24.4 (macOS 15.4 and Xcode 16.3) due to a new feature. Once a dext is built against that kit, it will not function on macOS 15.0-15.3 whether that feature is implemented or not. We found a similar thing with NetworkingDriverKit as well. So, over the course of maintaining a Sequoia product while working in Sequoia itself, simply updating Xcode breaks the product. Not to mention trying to maintain a Sequoia product in Tahoe when it is released. How is this a good developer experience? Are developers resigned to having a myriad of Xcode versions which may require booting into multiple macOS versions to use? That would in turn produce a myriad of product versions that would need to be deciphered by the user or an installer? Shouldn't developers be able to use the latest tooling while still being able to produce products for OSes that are just a year or two old? Or should DriverKit files be conditionalized so configuring a deployment version in Xcode actually builds the right thing even with the latest SDK? I just don't get it. Help me understand. Replacing kexts with dexts seems like a development nightmare.

Hi, This is the code snippet in my driver for an usb uart device. I am trying to call standard cdc-acm command to set the Line Coding in the device, but fails with this error: "USBSendSetLineCoding - Failed : 0xe0005000, bytes transferred: 0" I guess the USB device is returning this error due to incorrect buffer or format. There is no proper documentation on how to use IOMemoryDescriptor when the data has to be passed down in a buffer to the usb stack. (IOUSBHostInterface->DeviceRequest()) Can anyone please point out what is wrong with this code and suggest a right method? void MyDriver::USBSendSetLineCoding(uint32_t BaudRate, uint8_t StopBits, uint8_t TX_Parity, uint8_t CharLength) { kern_return_t ret = kIOReturnSuccess; LineCoding *lineParms; uint16_t lcLen = sizeof(LineCoding)-1; lineParms = (LineCoding *)IOMalloc(lcLen); if (!lineParms) { MyDebugLog("USBSendSetLineCoding - allocate lineParms failed"); return; } bzero(lineParms, lcLen); lineParms->bCharFormat = StopBits - 2; lineParms->bParityType = TX_Parity - 1; lineParms->bDataBits = CharLength; OSSwapBigToHostInt32(BaudRate); lineParms->dwDTERate = BaudRate; IOBufferMemoryDescriptor* bufferDescriptor = nullptr; _controlInterface->CreateIOBuffer(kIOMemoryDirectionOut, lcLen, &bufferDescriptor); IOMemoryMap *map = nullptr; bufferDescriptor->CreateMapping(kIOMemoryMapReadOnly, 0, 0, 0, 0, &map); if(map == nullptr) { MyDebugLog("USBSendSetLineCoding - Failed to map memory in CreateMapping\n"); IOFree(lineParms, lcLen); bufferDescriptor->release(); return; } uint64_t ptr = map->GetAddress(); if(!ptr) { MyDebugLog("USBSendSetLineCoding - Failed to get Memory Address\n"); IOFree(lineParms, lcLen); bufferDescriptor->release(); map->release(); return; } memcpy(&ptr, lineParms, lcLen); uint8_t bmRequestType = kIOUSBDeviceRequestDirectionOut | kIOUSBDeviceRequestTypeClass | kIOUSBDeviceRequestRecipientInterface; uint16_t wValue = 0; uint16_t wIndex = _bControlInterfaceNumber; uint16_t bytesTransferred = 0; ret = _controlInterface->DeviceRequest(bmRequestType, kUSBSET_LINE_CODING, wValue, wIndex, lcLen, bufferDescriptor, &bytesTransferred, 1000); IOFree(lineParms, lcLen); map->release(); bufferDescriptor->release(); if (ret != kIOReturnSuccess) { MyDebugLog("USBSendSetLineCoding - Failed : 0x%x, bytes transferred: %d\n", ret, bytesTransferred); return; } return; } I am able to call DeviceRequest() successfully on the same interface for any other setting that requires no data buffer, such as, "ret = _controlInterface->DeviceRequest(bmRequestType, kUSBSEND_BREAK, wValue, wIndex, 0, NULL, &bytesTransferred, 1000);" So I think the "bufferDescriptor" is not properly created or the data is not copied correctly in this function for the failure. "ret = _controlInterface->DeviceRequest(bmRequestType, kUSBSET_LINE_CODING, wValue, wIndex, lcLen, bufferDescriptor, &bytesTransferred, 1000);" Any help is very much appreciated. Thanks in advance.

I'm developing a CarPlay app and encountered an inconsistent behavior with template detection. When I present a CPActionSheetTemplate and then print the presentedTemplate property, it returns nil. However, when I present a CPAlertTemplate, the presentedTemplate property correctly returns the template object. This inconsistency is causing issues in my app where I need to check if there's already a presented template before showing another one to avoid conflicts. Why does CPActionSheetTemplate not get detected in presentedTemplate while CPAlertTemplate does? Is this intended behavior or a bug? Any guidance on how to properly detect if a CPActionSheetTemplate is currently presented would be greatly appreciated.

We're seeing a consistent issue where iPads with the A16 chip fail to connect to our BLE device, which uses a Silicon Labs chip running Gecko SDK 3.x. All other Apple devices — including older iPads and iPhones — connect without any problems. According to Silicon Labs, the issue stems from the iPad A16 sending an LL_CHANNEL_REPORTING_IND message (opcode 0x28) during connection establishment: Per Silicon Labs: "Currently the iPad 16 will send a message for LL_CHANNEL_REPORTING_IND (opcode 0x28). This is a feature that is not supported in Gecko SDK 3.x. Shortly after, the BLE module responds with an 'Unknown Response' (opcode 0x07), indicating that it does not support opcode 0x28 After this exchange the iPad stops sending meaningful transactions to the BLE module and eventually closes the connection. The BLE Module is responding to this unknown request as specified in the BT Core Spec Volume 6 Part B." Unfortunately, the firmware on these BLE modules cannot be updated remotely, and we've already shipped several thousand units to customers. Given how widely Silicon Labs' BLE modules are deployed, we suspect this issue could be affecting many other developers and products as well. We’re hoping Apple might offer a workaround or allow us access — even internally or unofficially — to suppress or bypass this feature in CoreBluetooth for this specific scenario. For example, is there a way to disable LL_CHANNEL_REPORTING_IND or instruct the stack to ignore the unknown response from the peripheral? We’re open to any workaround via CoreBluetooth (even private APIs or entitlements, if necessary) that would allow us to preserve compatibility without a mass recall. If there's an Apple engineer monitoring this, we'd be extremely grateful for guidance or escalation. Thank you!

Hi, we are listed for the MFI program as a licensed manufacturer. We have now started with the IAP3 sample code and the IAP chips to build up a USB communication between our accessory and an iOS device. We are looking for a sample project for the iOS part. Is there some available? The only official I can find is this: https://developer.apple.com/library/archive/samplecode/EADemo/Introduction/Intro.html#//apple_ref/doc/uid/DTS40010079 This app is somehow outdated and from 2016. Is there something else available as a starting point? And how does this relate to IOKit since it is available for serial communication on iOS16 as well? Kind regards,

My back camera freezes after first frame is displayed on the screen. Issue is present in all the apps that use the back camera. Same issue with front camera, however front camera works with Facetime and WhatsApp but not the native camera app.

Hi, In Linux we have this driver structure where the handlers are defined as below: static struct file_operations fops = { .owner = THIS_MODULE, .read = etx_read, .write = etx_write, .open = etx_open, .unlocked_ioctl = etx_ioctl, .release = etx_release, }; So when the user app calls open() with the appropriate file/device handle "etx_open" in the driver is acalled, etc. However, the Apple driver structure that is exposed to developers is different and it has changed drastically with the DriverKit architecture. I have some custom requests from the user app where I need to call this ioctl() type requests on my serial port "tty.myusbserial1234". My driver is derived from IOUserUSBSerial and is working fine for all other practical purposes except for such custom requirements. Has anyone encountered such a problem in MacOS DriverKit and what is the solution or an alternative? https://developer.apple.com/documentation/driverkit/communicating-between-a-driverkit-extension-and-a-client-app This gives a different approach, but the serial ports are accessed via open/read/write/close system calls and tcsetattr and other termios functions to set baud-rate and such. So, the above approcah is not suitable for my purpose. Any ideas/help is very much appreciated. Thanks.

Hello. have zero by mar air, plan to learn xcode and swift, have to plaay on my local computer with Endpoint Security, is it really that i cannot do it without have dev id and pay 100$? thanks

Hi, We’re developing a DriverKit extension for iPadOS. In local Debug and Release builds, everything works as expected, but the same build uploaded to TestFlight fails at IOServiceOpen with the following errors: -536870212 (0xE00002EC) kIOReturnUnsupported -536870201 (0xE00002F7) kIOReturnNotPermitted What we’ve verified so far App entitlements We checked our main app entitlements file, and it has the correct capabilities for the driverkit communication &lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"&gt; &lt;plist version="1.0"&gt; &lt;dict&gt; &lt;key&gt;com.apple.developer.driverkit.communicates-with-drivers&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.developer.driverkit.userclient-access&lt;/key&gt; &lt;array&gt; &lt;string&gt;abc.def.ABCDriver&lt;/string&gt; &lt;/array&gt; &lt;key&gt;com.apple.developer.system-extension.install&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.app-sandbox&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.device.usb&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.files.user-selected.read-write&lt;/key&gt; &lt;true/&gt; &lt;/dict&gt; &lt;/plist&gt; we also checked the Provisioning profile (as shown on the portal) and the “Enabled Capabilities” seems to have the correct DriverKit Capabilities enabled. Enabled Capabilities Access Wi-Fi Information, DriverKit, DriverKit (development), DriverKit Communicates with Drivers, DriverKit USB Transport (development), DriverKit USB Transport - VendorID, DriverKit UserClient Access, iCloud, In-App Purchase, Sign In with Apple, System Extension When we download and inspect the provisioning profile as plain text, we notice that some expected DriverKit entitlements appear to be missing from the section. &lt;key&gt;Entitlements&lt;/key&gt; &lt;dict&gt; &lt;key&gt;beta-reports-active&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.developer.networking.wifi-info&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.developer.driverkit&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.developer.driverkit.communicates-with-drivers&lt;/key&gt; &lt;true/&gt; &lt;key&gt;application-identifier&lt;/key&gt; &lt;string&gt;ABC123456.abc.def&lt;/string&gt; &lt;key&gt;keychain-access-groups&lt;/key&gt; &lt;array&gt; &lt;string&gt;ABC123456.*&lt;/string&gt; &lt;string&gt;com.apple.token&lt;/string&gt; &lt;/array&gt; &lt;key&gt;get-task-allow&lt;/key&gt; &lt;false/&gt; &lt;key&gt;com.apple.developer.team-identifier&lt;/key&gt; &lt;string&gt;ABC123456&lt;/string&gt; &lt;key&gt;com.apple.developer.ubiquity-kvstore-identifier&lt;/key&gt; &lt;string&gt;ABC123456.*&lt;/string&gt; &lt;key&gt;com.apple.developer.icloud-services&lt;/key&gt; &lt;string&gt;*&lt;/string&gt; &lt;key&gt;com.apple.developer.icloud-container-identifiers&lt;/key&gt; &lt;array&gt;&lt;/array&gt; &lt;key&gt;com.apple.developer.icloud-container-development-container-identifiers&lt;/key&gt; &lt;array&gt;&lt;/array&gt; &lt;key&gt;com.apple.developer.ubiquity-container-identifiers&lt;/key&gt; &lt;array&gt;&lt;/array&gt; &lt;key&gt;com.apple.developer.driverkit.transport.usb&lt;/key&gt; &lt;array&gt; &lt;dict&gt; &lt;key&gt;idVendor&lt;/key&gt; &lt;integer&gt;1234&lt;/integer&gt; &lt;/dict&gt; &lt;/array&gt; &lt;key&gt;com.apple.developer.applesignin&lt;/key&gt; &lt;array&gt; &lt;string&gt;Default&lt;/string&gt; &lt;/array&gt; &lt;/dict&gt; We have a couple of questions: Could the missing com.apple.developer.driverkit.userclient-access entitlement in the provisioning profile alone explain the kIOReturnUnsupported / kIOReturnNotPermitted failures from IOServiceOpen? Why do some DriverKit capabilities appear in the Apple Developer portal UI but vanish from the actual profile we download? Is there an extra step we’re overlooking when regenerating profiles after toggling those capabilities? Thanks

Hi, I have a usb composite device with multiple interfaces that support cdc-acm UARTs. My custom driver (.dext) loads and works for single channel usb-cdcccm device with these entries in the info.plist: bInterfaceNumber 1 But there is no option to define multiple "bInterfaceNumber" key. I tried bInterfaceClass also, as given below, but no success. Option-1: bInterfaceClass 10 bInterfaceSubClass 0 bInterfaceProtocol 0 Option-2: bInterfaceClass 10 bInterfaceSubClass 0 bInterfaceProtocol 0 Both the above options yield no result. But as I said in the beginning: <key>IOProviderClass</key> <string>IOUSBHostInterface</string> <key>IOClass</key> <string>IOUserSerial</string> <key>IOResourceMatch</key> <string>IOKit</string> <key>IOUserClass</key> <string>MyDriver</string> <key>IOUserServerName</key> <string>$(PRODUCT_BUNDLE_IDENTIFIER)</string> <key>idVendor</key> <integer>VENDORID</integer> <key>idProduct</key> <integer>PRODUCTID</integer> <key>bInterfaceNumber</key> <integer>1</integer> <key>bConfigurationValue</key> <integer>1</integer> "MyDriver" loads for interface-1 and works fine. The default AppleCDCACM driver loads for the 2nd channel. I want the same driver load for both the channels. Any help/suggestions \is very much appreciated. Thank you.

Hello everyone, We're working on an iOS app that needs to connect to a non-Apple pre-operating system using USB for serial communication. Our goal is to send and receive data between an iPhone and a UEFI-based system directly over USB. We've created a proof of concept using the USBMux protocol, which let us exchange basic messages. However, we're running into problems with the USB endpoint setup. In some cases, the USB communication doesn't start or stay connected. Since this is for a pre-boot environment, it might not fit into the usual iOS USB communication frameworks. We're looking for help with the following: Any guidance or documentation on setting up USB serial communication between an iPhone and a non-Apple pre-boot system Information on system APIs, frameworks, or protocols that iOS supports for direct USB communication in this scenario Access to official USBMux documentation or specs to understand its limitations and capabilities better Whether this communication requires MFi certification or if there are other Apple-supported interfaces we can use Thank you!