November 22, 2024, 04:23:04 PM

ARM-USB-OCD-H Mac FTDI drivers

Started by wiltshiretom, November 30, 2018, 01:46:13 AM

Previous topic - Next topic

wiltshiretom

Hi,
I've having trouble installing FTDI drivers for Olimex ARM-USB-OCD-H on Mac OSX 10.13.6.

Looks like the kext file is not properly signed from FTDI, I will contact them directly but wondered if anyone has a workaround.

I disabled the security for installing this party kext in the mac systems menu and still get the following error on the Console when I connect the JTAG.

default   22:57:50.662183 +0000   kextd   Bundle (/Library/Extensions/FTDIUSBSerialDriver.kext) failed to validate, deleting: /Library/StagedExtensions/Library/Extensions/ABC6E4D3-437D-499F-A864-EFEF7701014F.kext
default   22:57:50.663941 +0000   kextd   Unable to stage kext (/Library/Extensions/FTDIUSBSerialDriver.kext) to secure location.

I have already set the PID/VID in the info.plist as per the install instructions. I have tried on 2 different Macs with same issue.
You can the kext with the following command:

iMac:~ tom$ sudo kextutil -l /Library/Extensions/FTDIUSBSerialDriver.kext/

Untrusted kexts are not allowed
Kext with invalid signature (-67030) denied: /Library/StagedExtensions/Library/Extensions/89C03CCC-75DC-45D7-9C49-62C54B14573A.kext
Bundle (/Library/Extensions/FTDIUSBSerialDriver.kext) failed to validate, deleting: /Library/StagedExtensions/Library/Extensions/89C03CCC-75DC-45D7-9C49-62C54B14573A.kext
Unable to stage kext (/Library/Extensions/FTDIUSBSerialDriver.kext) to secure location.

LubOlimex

Technical support and documentation manager at Olimex

wiltshiretom

Hi, Thanks for the response.
I think the problem arises because the Olimex instructions recommend editing the Info.plist file to change the idProduct field to match the ARM-USB-OCD-H PID. Modifying the Info.plist file breaks the kext signing and even with SIP disabled the driver does not load because the signing is invalided by the plist change. Without modifying the plist though the JTAG programmer is not mapped to the correct kext so I'm a bit stuck!

FTDI responded to my support request and explained the above which sounds like a good diagnosis of the problem.

Should we request FTDI to add PID=43/VID=5562 for the ARM-USB-OCD-H? Other Mac users must also have this problem in the field.

Any other suggested workarounds?

LubOlimex

I don't think FTDI would do that but it is worth the try.

We haven't even tested these instructions ourselves, a customer provided us with the instructions in the manual; we have no experience with Mac OS ourselves.
Technical support and documentation manager at Olimex

julesb

I'm having the exact same problem on 10.14 OS X Mojave, and I agree that it seems to be the edit of the product ID in /System/Library/Extensions/FTDIUSBSerialDriver.kext/Contents/Info.plist which is rendering the driver signature invalid:

MacBook-Pro:Extensions jules$ sudo kextutil -n -t /Library/Extensions/FTDIUSBSerialDriver.kext
Warnings:
    Dependency lacks appropriate value for OSBundleRequired and may not be available during early boot:
        com.apple.iokit.IOSerialFamily - Safe Boot

/Library/Extensions/FTDIUSBSerialDriver.kext appears to be loadable (including linkage for on-disk libraries).

# Update the PID:
MacBook-Pro:Extensions jules$ sudo emacs /Library/Extensions/FTDIUSBSerialDriver.kext/Contents/Info.plist

# Re-check driver
MacBook-Pro:Extensions jules$ sudo kextutil -n -t /Library/Extensions/FTDIUSBSerialDriver.kext
Basic validation of bundle failed (-67030): /Library/Extensions/FTDIUSBSerialDriver.kext
Untrusted kexts are not allowed
Kext with invalid signature (-67030) denied: /Library/StagedExtensions/Library/Extensions/456B8BF0-702F-4694-9E5A-D9A1A80C38A7.kext
Bundle (/Library/Extensions/FTDIUSBSerialDriver.kext) failed to validate, deleting: /Library/StagedExtensions/Library/Extensions/456B8BF0-702F-4694-9E5A-D9A1A80C38A7.kext
Unable to stage kext (/Library/Extensions/FTDIUSBSerialDriver.kext) to secure location.


Is there really no work-around for this?

From some googling, It's not obvious that driver signing can be disabled on a per-driver basis somehow.

Anyone have any ideas?


julesb

Actually, to answer my own question I was able to get around this using the very dubious method of disabling the system integrity protection feature:

https://developer.apple.com/library/archive/documentation/Security/Conceptual/System_Integrity_Protection_Guide/ConfiguringSystemIntegrityProtection/ConfiguringSystemIntegrityProtection.html#//apple_ref/doc/uid/TP40016462-CH5-SW1

Basically you reboot your mac holding CMD+R, when it boots into recovery mode, open a terminal (utils menu) and type "csrutil disable". Reboot out of that and I can now load the driver at least:

MacBook-Pro:Extensions jules$ sudo kextutil -n -t /Library/Extensions/FTDIUSBSerialDriver.kext
Kext with invalid signatured (-67030) allowed: <OSKext 0x7fea0fd3a800 [0x7fff9a0228e0]> { URL = "file:///Library/Extensions/FTDIUSBSerialDriver.kext/", ID = "com.FTDI.driver.FTDIUSBSerialDriver" }
Code Signing Failure: code signature is invalid
Warnings:
    Dependency lacks appropriate value for OSBundleRequired and may not be available during early boot:
        com.apple.iokit.IOSerialFamily - Safe Boot

Warnings:
    Dependency lacks appropriate value for OSBundleRequired and may not be available during early boot:
        com.apple.iokit.IOSerialFamily - Safe Boot

/Library/Extensions/FTDIUSBSerialDriver.kext appears to be loadable (including linkage for on-disk libraries).
MacBook-Pro:Extensions jules$ sudo kextload -b com.FTDI.driver.FTDIUSBSerialDriver


That didn't quite get me to OpenOCD attaching, but the driver shows up, at least, and I see /dev/tty.usbserial-OL0BBD9DB

julesb

I'm pleased to say I did get this working in the end. However it's not ideal to be running with the system integrity protection disabled. The sooner this is fixed the better.

julesb

Quote from: wiltshiretom on November 30, 2018, 03:26:29 PM
Should we request FTDI to add PID=43/VID=5562 for the ARM-USB-OCD-H? Other Mac users must also have this problem in the field.

Also, I second this request. Olimex should request FTDI add this PID/VID to their drivers, particularly for OS X.