| 001 | (* |
| 002 | KMUTIL(8) KernelManagement utility for kext collections KMUTIL(8) |
| 003 |
|
| 004 | SYNOPSIS |
| 005 | kmutil <subcommand> |
| 006 | kmutil <load|unload|showloaded> |
| 007 | kmutil <find|libraries|print-diagnostics> |
| 008 | kmutil <create|inspect|check|log|dumpstate> |
| 009 | kmutil <clear-staging|trigger-panic-medic> |
| 010 | kmutil -h |
| 011 |
|
| 012 | DESCRIPTION |
| 013 | kmutil is a multipurpose tool for managing kernel extensions (kexts) |
| 014 | and kext collections on disk. It takes a subcommand and a number of |
| 015 | options, some of which are common to multiple commands. |
| 016 |
|
| 017 | kmutil interacts with the KernelManagement subsystem for loading, |
| 018 | unloading, and diagnosing kexts. It can also be used for inspecting |
| 019 | the contents of a kext collection, interacting with the kernel to query |
| 020 | load information, finding kexts and kext dependencies on disk, creating |
| 021 | new collections of kexts, and displaying other diagnostic information. |
| 022 |
|
| 023 | COLLECTIONS |
| 024 | Starting in macOS 11, kernel extensions are found in 3 different |
| 025 | artifacts on disk. Each artifact is loaded exactly once at boot, and a |
| 026 | kext must be linked into one of the three artifacts before it can be |
| 027 | used. |
| 028 |
|
| 029 | • The boot kext collection contains the kernel and all system kexts |
| 030 | necessary for starting and bootstrapping the operating system. It is |
| 031 | an immutable artifact in /System/Library/KernelCollections. On Apple |
| 032 | Silicon Macs, this artifact is kept exclusively in the Preboot |
| 033 | volume. |
| 034 |
|
| 035 | • The system kext collection, if used, contains all remaining system |
| 036 | kexts required by the operating system, and is loaded after boot. It |
| 037 | is prelinked against the boot kext collection, and is also an |
| 038 | immutable artifact in /System/Library/KernelCollections. Note that |
| 039 | on Apple Silicon Macs, there is no system kext collection. |
| 040 |
|
| 041 | • The auxiliary kext collection, if built, contains kexts placed in |
| 042 | /Library/Extensions and any other third-party kexts installed on the |
| 043 | system. It is dynamically built by kernelmanagerd(8) and prelinked |
| 044 | against the boot kext collection and, if present, the system kext |
| 045 | collection. On Apple Silicon Macs, the auxiliary kext collection is |
| 046 | located in the Preboot volume. For more information on installing |
| 047 | third-party kexts into the auxiliary kext collection, see INSTALLING. |
| 048 |
|
| 049 | INSTALLING |
| 050 | As of macOS 11, a kext is only loadable once it has been built into the |
| 051 | auxiliary kext collection by kernelmanagerd(8), and the system has |
| 052 | rebooted. At boot, kernelmanagerd(8) will load this collection into |
| 053 | the kernel, which allows all of the kexts in the collection to match |
| 054 | and load. If kmutil load, kextload(8), or any invocation of a |
| 055 | KextManager function attempts to load a kext that is not yet loadable, |
| 056 | kernelmanagerd(8) will stage the kext into a protected location, |
| 057 | validate it, and prompt the user to approve a rebuild of the auxiliary |
| 058 | kext collection. If the validation and rebuild are successful, the |
| 059 | kext will be available on the next boot. |
| 060 |
|
| 061 | COMMANDS |
| 062 | Commands and their specific options are listed below. For other |
| 063 | options common to most commands, see OPTIONS. |
| 064 |
|
| 065 | • create: Create a new kext collection according to the options |
| 066 | provided. This command should only be used by developers |
| 067 | investigating custom kernels or replacing the contents of the boot |
| 068 | kext collection or system kext collection. As of macOS 13.0, a KDK |
| 069 | is required to create a new boot or system kext collection. To load |
| 070 | or unload kexts already in a collection see the load and unload |
| 071 | subcommands. |
| 072 |
|
| 073 | -n, --new <boot|sys|aux> |
| 074 | Specify one or more of boot, sys, or aux to build one or more |
| 075 | collections at a time. |
| 076 |
|
| 077 | -L, --no-system-collection |
| 078 | If building an auxiliary collection, don’t look for or |
| 079 | generate a system kext collection. |
| 080 |
|
| 081 | -s, --strip |
| 082 | Specify none, all, or allkexts (default: none) to strip symbol |
| 083 | information after a kext has been built into a collection. |
| 084 |
|
| 085 | -k, --kernel |
| 086 | When building the boot kext collection, specify the path to |
| 087 | the kernel. If -V is specified, kmutil will append the |
| 088 | variant extension. |
| 089 |
|
| 090 | -x, --explicit-only |
| 091 | Only consider the bundle identifiers and paths explicitly |
| 092 | specified, along with their dependencies. |
| 093 |
|
| 094 | --compress |
| 095 | Compress results using the LZFSE algorithm. |
| 096 |
|
| 097 | --img4-encode |
| 098 | Encode the collection in an img4 payload. |
| 099 |
|
| 100 | • inspect: Inspect & display the contents of a kext collection |
| 101 | according to the options provided. |
| 102 |
|
| 103 | --show-mach-header |
| 104 | Print the mach header(s) in the collection(s). Use with |
| 105 | --verbose to also display contents of inner fileset entries. |
| 106 |
|
| 107 | --show-fileset-entries |
| 108 | Only print mach header information present in fileset |
| 109 | subentries. This is useful for determining prelink addresses |
| 110 | and other load information about a kext in a collection. |
| 111 |
|
| 112 | --show-kext-load-addresses |
| 113 | When displaying the default output, include the load addresses |
| 114 | of the kexts inline. |
| 115 |
|
| 116 | --show-kext-uuids |
| 117 | Include the UUIDs of each kext in the output. |
| 118 |
|
| 119 | --show-kernel-uuid |
| 120 | Print the UUID (and version) of the kernel if present in the |
| 121 | collection. This will output nothing if a kernel is not found |
| 122 | in the specified collection(s). |
| 123 |
|
| 124 | --show-kernel-uuid-only |
| 125 | Print the UUID of the kernel if present in the collection, and |
| 126 | suppress default kext information. |
| 127 |
|
| 128 | --show-prelink-info |
| 129 | Dump the raw __PRELINK_INFO segment of the collection(s). |
| 130 |
|
| 131 | --show-collection-metadata |
| 132 | Print the metadata of the collection(s), such as their prelink |
| 133 | uuids, the uuids of collections they link against, and the |
| 134 | build version that produced the collection. |
| 135 |
|
| 136 | --show-mach-boot-properties |
| 137 | Print derived Mach-O boot properties of the collection(s). |
| 138 |
|
| 139 | --json Output the section layout as JSON. |
| 140 |
|
| 141 | • load: Load the extension(s) specified with -b or -p. If the |
| 142 | extension is not already in the auxiliary kext collection, the |
| 143 | collection will be dynamically rebuilt by kernelmanagerd(8) for use |
| 144 | on the next reboot. For more information, see INSTALLING. For kexts |
| 145 | already contained in the boot, system, or auxiliary kext collection, |
| 146 | the load subcommand will start the kext if it has not already been |
| 147 | started. |
| 148 |
|
| 149 | For most kexts, the load subcommand must run as the superuser (root). |
| 150 | Kexts installed under /System/ with an OSBundleAllowUserLoad property |
| 151 | set to true may be loaded via the load subcommand by non-root users. |
| 152 |
|
| 153 | macOS 10.6 introduced C functions for loading kexts, |
| 154 | KextManagerLoadKextWithIdentifier() and KextManagerLoadKextWithURL(), |
| 155 | which are described in Apple’s developer documentation. These |
| 156 | functions continue to be supported as of macOS 11. |
| 157 |
|
| 158 | -P, --personality-name |
| 159 | If this kext is already loaded, send the named personality to |
| 160 | the catalog. |
| 161 |
|
| 162 | -e, --no-default-repositories |
| 163 | Don’t use the default repositories for kexts. If you use this |
| 164 | option, you will have to explicitly specify all dependencies |
| 165 | of the kext being loaded, or otherwise worked on using the |
| 166 | --repository option. |
| 167 |
|
| 168 | --load-style |
| 169 | Control the load style of the request to load extension. |
| 170 | Valid options: |
| 171 |
|
| 172 | • start-and-match: Start the kernel extension and also begin |
| 173 | matching on any accompanying personalities. (default) |
| 174 |
|
| 175 | • start-only: Start any specified kernel extensions but do not |
| 176 | begin matching against any personalities provided by those |
| 177 | extensions (unless matching has already started for them). |
| 178 |
|
| 179 | • match-only: Do not explictly start any of the given kernel |
| 180 | extensions but do begin matching on IOKit personalities |
| 181 | provided by them. This is useful to allow extensions that |
| 182 | were previous loaded with start-only to now begin matching. |
| 183 |
|
| 184 | • unload: Unload the extension(s) specified with -b or -p. The |
| 185 | extension must have been previously linked into a kext collection and |
| 186 | loaded by the KernelManagement system. A successfull call to the |
| 187 | unload subcommand will invoke the kext’s stop function and end the |
| 188 | kext’s IOKit lifecycle, however the kext remains in kernel memory as |
| 189 | part of the kext collection from which it was loaded. The extension |
| 190 | will not be removed from any collection, including the auxiliary kext |
| 191 | collection, and will still be available for loading without requiring |
| 192 | a reboot. |
| 193 |
|
| 194 | If another loaded kext has a dependency on the kext being unloaded, |
| 195 | the unload will fail. You can determine whether a kext has |
| 196 | dependents using the showloaded subcommand. |
| 197 |
|
| 198 | -c, --class-name <class-name> |
| 199 | Terminate all instances of the IOService class, but do not |
| 200 | unload its kext or unload its personalities. |
| 201 |
|
| 202 | -P, --personalities-only |
| 203 | Terminate services and remove personalities only; do not |
| 204 | unload kexts. |
| 205 |
|
| 206 | • libraries: Search for library kexts in the boot kext collection and |
| 207 | the system kext collection (if available) that define symbols needed |
| 208 | for linking the specified kexts, printing their bundle identifiers |
| 209 | and versions. Information on symbols not found are printed after the |
| 210 | library kext information for each architecture. |
| 211 |
|
| 212 | A handy use of the libraries subcommand is to run it with just the |
| 213 | --xml flag and pipe the output to pbcopy(1). If the exit status is |
| 214 | zero (indicating no undefined or multiply-defined symbols), you can |
| 215 | open your kext’s Info.plist file in a text editor and paste the |
| 216 | library declarations over the OSBundleLibraries property. |
| 217 |
|
| 218 | You can specify other collections with the libraries subcommand to |
| 219 | look for dependencies in other collections as well. |
| 220 |
|
| 221 | --all-symbols |
| 222 | List all symbols; found, not found, or found more than once. |
| 223 |
|
| 224 | --onedef-symbols |
| 225 | List all symbols found, with the library kext they were found |
| 226 | in. |
| 227 |
|
| 228 | --multdef-symbols |
| 229 | List all symbols found more than once, with their library |
| 230 | kexts. |
| 231 |
|
| 232 | --undef-symbols |
| 233 | List all symbols not found in any library. |
| 234 |
|
| 235 | --unsupported |
| 236 | Look in unsupported kexts for symbols. |
| 237 |
|
| 238 | -c, --compatible-versions |
| 239 | Use library kext compatible versions rather than current |
| 240 | versions. |
| 241 |
|
| 242 | --xml Print XML fragment suitable for pasting. |
| 243 |
|
| 244 | • showloaded: Display the status/information of loaded kernel |
| 245 | extensions on the system, according to the options provided. By |
| 246 | default, the following is shown for each kext: |
| 247 |
|
| 248 | Index The load index of the kext (used to track linkage references). |
| 249 | Gaps in the list indicate kexts that have been unloaded. |
| 250 |
|
| 251 | Refs The number of references to this kext by others. If nonzero, |
| 252 | the kext cannot be unloaded. |
| 253 |
|
| 254 | Address |
| 255 | The address in kernel space where the kext has been loaded. |
| 256 |
|
| 257 | Size The number of bytes of kernel memory that the kext occupies. |
| 258 | If this is zero, the kext is a built-in part of the kernel |
| 259 | that has an entry as a kext for resolving dependencies among |
| 260 | kexts. |
| 261 |
|
| 262 | Wired The number of wired bytes of kernel memory that the kext |
| 263 | occupies. |
| 264 |
|
| 265 | Architecture |
| 266 | The architecture of the kext, displayed only if using the |
| 267 | --arch-info option. |
| 268 |
|
| 269 | Name The CFBundleIdentifier of the kext. |
| 270 |
|
| 271 | Version |
| 272 | The CFBundleVersion of the kext. |
| 273 |
|
| 274 | <Linked Against> |
| 275 | The index numbers of all other kexts that this kext has a |
| 276 | reference to. |
| 277 |
|
| 278 | The following options are available for the showloaded command: |
| 279 |
|
| 280 | --show-mach-headers |
| 281 | Show the mach headers of the loaded extensions and/or kernel, |
| 282 | if --show-kernel is specified. |
| 283 |
|
| 284 | --show <loaded|unloaded|all> |
| 285 | Restrict output to a specific load state. |
| 286 |
|
| 287 | --collection <boot|sys|aux|codeless> |
| 288 | Restrict the load information to a particular kind. Defaults |
| 289 | to all non-codeless kexts if unspecified. To display |
| 290 | information about codeless kexts and dexts that the kernel |
| 291 | knows about, use --collection codeless --show all. |
| 292 |
|
| 293 | --sort Sort the output by load address of each extension, instead of |
| 294 | by index. |
| 295 |
|
| 296 | --list-only |
| 297 | Print the list of extensions only, omitting the header on the |
| 298 | first line. |
| 299 |
|
| 300 | --arch-info |
| 301 | Include the architecture info in output. |
| 302 |
|
| 303 | --no-kernel-components |
| 304 | Do not show kernel components in output. |
| 305 |
|
| 306 | --show-kernel |
| 307 | Show load information about the kernel in the output. Use |
| 308 | with --show-mach-headers to view the kernel mach header. |
| 309 |
|
| 310 | • dumpstate: Display diagnostic information about the state of |
| 311 | kernelmanagerd(8). |
| 312 |
|
| 313 | • find: Locate and print paths of kexts (or kexts in collections) |
| 314 | matching the filter criteria. For more information on filtering, see |
| 315 | FILTERING OPTIONS. Searches are performed using the same kext |
| 316 | management logic used elsewhere in kmutil, by which only kexts |
| 317 | specified with the repository or bundle options are eligible; this is |
| 318 | specifically not an exhaustive, recursive filesystem search. |
| 319 |
|
| 320 | • check: Check that load information and/or kext collections on the |
| 321 | system are consistent. |
| 322 |
|
| 323 | --collection-linkage |
| 324 | Check to see that the collections on the system are properly |
| 325 | linked together by inspecting the UUID metadata in the prelink |
| 326 | info section of each collection on the system. |
| 327 |
|
| 328 | --load-info |
| 329 | Check to see that the load information in the kernel properly |
| 330 | mirrors the collections on disk. This is the default action |
| 331 | if no other options are specified. |
| 332 |
|
| 333 | --kernel-only |
| 334 | If checking load info, just check that the kernel matches, and |
| 335 | no other kexts. |
| 336 |
|
| 337 | --collection <boot|sys|aux>: |
| 338 | Restrict consistency check to one (or more) of the specified |
| 339 | collection types. If unspecified, check all by default. |
| 340 |
|
| 341 | • log: Display logging information about the kext management subsystem. |
| 342 | This is a wrapper around the system log(1) command with a pre-defined |
| 343 | predicate to show only logs from kernelmanagerd and kmutil. |
| 344 |
|
| 345 | • print-diagnostics: Perform all possible tests on one or more kexts, |
| 346 | and indicate whether or not the kext can be successfully built into a |
| 347 | collection. If there are issues found with the kext, diagnostic |
| 348 | information is reported which can help to isolate and resolve the |
| 349 | problem. Note that some tests require root. Note that custom |
| 350 | collections, variants, and architectures can be specified with the |
| 351 | GENERIC and COLLECTION kmutil options. |
| 352 |
|
| 353 | -p, --bundle-path |
| 354 | Print diagnostics for the bundle specified at this path (can |
| 355 | be specified more than once). |
| 356 |
|
| 357 | -Z --no-resolve-dependencies |
| 358 | Don’t resolve kext dependencies |
| 359 |
|
| 360 | -D --diagnose-dependencies |
| 361 | Recursively diagnose all kext dependencies of each kext |
| 362 | specified with -p. Ignored when -Z is present. |
| 363 |
|
| 364 | --plugins |
| 365 | Diagnose each kext found in the PlugIns directory of kexts |
| 366 | specified with -p. |
| 367 |
|
| 368 | --do-staging |
| 369 | Perform kext staging to the SIP protected location. This test |
| 370 | requires root privileges. |
| 371 |
|
| 372 | • clear-staging: Clear the staging directory managed by |
| 373 | kernelmanagerd(8) and kmutil(8). |
| 374 |
|
| 375 | • migrate: System subcommand used during a software update. |
| 376 |
|
| 377 | • install: System subcommand used to update the Boot and System kext |
| 378 | collections. |
| 379 |
|
| 380 | • rebuild: System subcommand used to attempt an Auxiliary kext |
| 381 | collection rebuild. This command evaluates the current Auxiliary |
| 382 | kext collection for changes, which may add newly approved third-party |
| 383 | kexts and remove kexts that were previously installed and have since |
| 384 | been deleted or moved from their installed location. |
| 385 |
|
| 386 | To uninstall a kext from the Auxiliary kext collection: |
| 387 |
|
| 388 | 1. Delete or move the kext bundle(s) to be uninstalled from their |
| 389 | installed location. |
| 390 |
|
| 391 | 2. Run “kmutil rebuild” from Terminal and confirm the Auxiliary kext |
| 392 | collection changes. |
| 393 |
|
| 394 | 3. Authorize the Auxiliary kext collection rebuild. |
| 395 |
|
| 396 | 4. Reboot the system for the changes to take effect. |
| 397 |
|
| 398 | RECOVERY COMMANDS |
| 399 | The following commands can only be run in Recovery Mode. |
| 400 |
|
| 401 | • trigger-panic-medic: Remove the auxiliary kext collection and remove |
| 402 | all kext approvals on the next boot. This subcommand can only be |
| 403 | used in Recovery Mode. This command can be used to recover the |
| 404 | system from a kext that causes a kernel panic. After calling |
| 405 | trigger-panic-medic, all previously installed kexts will prompt the |
| 406 | user to re-approve them when they are loaded or installed. |
| 407 |
|
| 408 | • configure-boot: Configure a custom boot object policy. This command |
| 409 | can be used to install a custom mach-o file from which the system |
| 410 | will boot. In order to install custom boot objects, you must first |
| 411 | enter Medium Security by using the Startup Disk utility in Recovery |
| 412 | Mode. Setting a custom boot object will further lower the system |
| 413 | security to Permissive Security, and you will be prompted to confirm |
| 414 | this action. |
| 415 |
|
| 416 | -c, --custom-boot-object |
| 417 | The Mach-O that the booter will load and start. The file can |
| 418 | be optionally compressed and wrapped in an img4. |
| 419 |
|
| 420 | -C, --compress |
| 421 | Compress the custom boot object |
| 422 |
|
| 423 | -v, --volume |
| 424 | Install the custom boot object for the specified volume |
| 425 |
|
| 426 | --raw Treat custom boot object as a raw file to be installed. The |
| 427 | object will be installed with custom Mach-O boot properties |
| 428 | derived from –lowest-virtual-address and –entry-point |
| 429 |
|
| 430 | --lowest-virtual-address |
| 431 | Lowest virtual memory address of the raw boot object. (iBoot |
| 432 | will map the raw boot object at this virtual address) |
| 433 |
|
| 434 | --entry-point |
| 435 | Virtual memory address of entry point into the raw boot object |
| 436 |
|
| 437 | OPTIONS |
| 438 | GLOBAL OPTIONS |
| 439 | The following options are global to most kmutil subcommands. |
| 440 |
|
| 441 | -a, --arch |
| 442 | Specify the architecture to use for the extensions or |
| 443 | collections specified. Defaults to the current running |
| 444 | architecture. |
| 445 |
|
| 446 | -V, --variant-suffix |
| 447 | Specify a variant, i.e., development, debug, or kasan, of |
| 448 | extensions or collections to prefer instead of the release |
| 449 | defaults. |
| 450 |
|
| 451 | -z, --no-authentication |
| 452 | Disable staging and validation of extensions when performing an |
| 453 | action. |
| 454 |
|
| 455 | -v, --verbose |
| 456 | Enable verbose output. |
| 457 |
|
| 458 | -r, --repository |
| 459 | Paths to directories containing extensions. If -R is specified, |
| 460 | the volume root will be automatically prepended. |
| 461 |
|
| 462 | -R, --volume-root |
| 463 | Specify the target volume to operate on. Defaults to /. |
| 464 |
|
| 465 | FILTERING OPTIONS |
| 466 | The following options can be used in certain kmutil commands for |
| 467 | filtering its input or output. |
| 468 |
|
| 469 | -p, --bundle-path |
| 470 | Include the bundle specified at this path in the results. |
| 471 | Return an error if not found. |
| 472 |
|
| 473 | -b, --bundle-identifier |
| 474 | Search for, and/or include this identifier in the results. |
| 475 | Return an error if not found. |
| 476 |
|
| 477 | --optional-identifier |
| 478 | Search for, and/or include this identifier in the results, if |
| 479 | possible. |
| 480 |
|
| 481 | --elide-identifier |
| 482 | Do not include this identifier in the results. |
| 483 |
|
| 484 | -f, --filter |
| 485 | Specify a filter, in predicate syntax, which must match against |
| 486 | properties of an extension to be included in the input or |
| 487 | output. This argument can be overridden by other arguments for |
| 488 | specifying and including extensions. |
| 489 |
|
| 490 | -F, --filter-all |
| 491 | Specify a filter, in predicate syntax, which must match against |
| 492 | properties of an extension to be included in the input or |
| 493 | output. This argument can not be overridden by other arguments |
| 494 | for specifying and including extensions. |
| 495 |
|
| 496 | –kdk The KDK path to use for discovering kexts when creating a new |
| 497 | boot or sys kext collection. |
| 498 |
|
| 499 | –build Use with caution. This specifies the build version number to use |
| 500 | when discovering kexts and building kext collections. If no |
| 501 | build version is specified, the current system build version |
| 502 | number is used. |
| 503 |
|
| 504 | For more information on predicate filter syntax, see the predicate |
| 505 | programming guide available in the Apple developer documentation. |
| 506 |
|
| 507 | COLLECTION OPTIONS |
| 508 | The following options can be used to specify paths and options for |
| 509 | handling kext collections. If left unspecified, collection paths will |
| 510 | default to the default paths for the system kext collections. |
| 511 |
|
| 512 | -B, --boot-path |
| 513 | The path to the boot kext collection. |
| 514 |
|
| 515 | -S, --system-path |
| 516 | The path to the system kext collection. |
| 517 |
|
| 518 | -A, --aux-path |
| 519 | The path to the auxiliary kext collection. |
| 520 |
|
| 521 | -M, --allow-missing-collections |
| 522 | Recover gracefully, where applicable, if a collection is |
| 523 | missing. |
| 524 |
|
| 525 | EXAMPLES |
| 526 | Inspect the contents of system kext collections: |
| 527 |
|
| 528 |
|
| 529 | $ kmutil inspect -v --show-mach-header -B /System/Library/KernelCollections/BootKernelExtensions.kc |
| 530 | $ kmutil inspect --show-fileset-entries --bundle-identifier com.apple.kernel |
| 531 |
|
| 532 |
|
| 533 | Load and unload kexts: |
| 534 |
|
| 535 |
|
| 536 | $ kmutil load -b com.apple.filesystems.apfs |
| 537 | $ kmutil load -p /Library/Extensions/foo.kext |
| 538 | $ kmutil unload -p /System/Library/Extensions/apfs.kext |
| 539 |
|
| 540 |
|
| 541 | Show load information about kexts: |
| 542 |
|
| 543 |
|
| 544 | $ kmutil showloaded --show-mach-headers --bundle-identifier com.example.foo |
| 545 | $ kmutil showloaded --show-kernel --collection boot |
| 546 | $ kmutil showloaded --show unloaded --filter "'CFBundleVersion' == '15.2.13'" |
| 547 |
|
| 548 |
|
| 549 | Find dependencies of kexts: |
| 550 |
|
| 551 |
|
| 552 | $ kmutil libraries -p /Library/Extensions/foo.kext --xml | pbcopy |
| 553 |
|
| 554 |
|
| 555 | Create custom kext collections: |
| 556 |
|
| 557 |
|
| 558 | $ kmutil -n boot -B myboot.kc -k mykernel --elide-identifier com.apple.filesystems.apfs |
| 559 |
|
| 560 | $ kmutil -n boot sys -B myboot.kc -S mysys.kc -V debug |
| 561 |
|
| 562 | $ kmutil -n boot -B myboot.kc -k mykernel |
| 563 | $ kmutil -n sys -B myboot.kc -S mysys.kc -F "'OSBundleRequired' == 'Safe Boot'" -s stripkexts |
| 564 |
|
| 565 | $ kmutil -n aux -r /Library/Extensions -L |
| 566 |
|
| 567 |
|
| 568 | DIAGNOSTICS |
| 569 | kmutil exits with a zero status on success. On error, kmutil prints an |
| 570 | error message and then exits with a non-zero status. |
| 571 |
|
| 572 | Well known exit codes: |
| 573 |
|
| 574 | • 3 : kmutil failed because the kext is missing when trying to unload |
| 575 | it. |
| 576 |
|
| 577 | • 27 : kmutil failed because user approval is required. |
| 578 |
|
| 579 | • 28 : kmutil failed because a reboot is required. |
| 580 |
|
| 581 | COMPLETIONS |
| 582 | For frequent users, kmutil can generate a shell completion script by |
| 583 | invoking: |
| 584 |
|
| 585 |
|
| 586 | $ kmutil --generate-completion-script <shell> |
| 587 |
|
| 588 |
|
| 589 | This option supports zsh(1), bash(1), and fish. If no shell is |
| 590 | specified, then a completion script will be generated for the current |
| 591 | running shell. |
| 592 |
|
| 593 | SEE ALSO |
| 594 | kernelmanagerd(8) |
| 595 |
|
| 596 | 2023-08-25 KMUTIL(8) |
| 597 |
|
| 598 | [プロセスが完了しました] |
| 599 |
|
| 600 | *) |
