3

My question

I already have the correct entitlements, provisioning profile and development certification, and I have turned off SIP, turned on systemextensions developer on, but it still shows provider entitlements check failed.

Similar problem

PCIDriverKit Entitlement check failed (migrate KEXT to DEXT)

After installing dext correctly, it is found that it cannot be started normally, and the following error is reported.

$ sudo dmesg | grep SmiPcie                                                                        
[  389.798271]: Driver com.wuhanjingce.driverkit.SmiPcie has crashed 0 time(s)
[  389.798283]: DK: SmiPcie-0x100000d56 waiting for server com.wuhanjingce.driverkit.SmiPcie-100000d56
[  389.861199]: Sandbox apply: taskgated-helper[1409] <bytes>Sandbox: taskgated-helper(1409) deny(1) mach-lookup com.apple.CoreServices.coreservicesdSandbox: taskgated-helper(1409) deny(1) mach-lookup com.apple.DiskArbitration.diskarbitrationd7 duplicate reports for Sandbox: taskgated-helper(1409) deny(1) mach-lookup com.apple.DiskArbitration.diskarbitrationdSandbox: taskgated-helper(1409) deny(1) file-read-metadata /Volumes/IKapC3 duplicate reports for Sandbox: taskgated-helper(1409) deny(1) file-read-metadata /Volumes/IKapCSandbox: taskgated-helper(1409) deny(1) mach-lookup com.apple.DiskArbitration.diskarbitrationdSandbox: taskgated-helper(1409) deny(1) user-preference-read kCFPreferencesAnyApplication/Library/SystemExtensions/C1281214-E917-4687-83D0-DA9A41D8E4FD/com.wuhanjingce.driverkit.SmiPcie.dext/com.wuhanjingce.driverkit.SmiPcie[1408] ==> com.apple.dextDK: com.wuhanjingce.driverkit.SmiPci[1408] has team identifier 5X63ZZ6MH3
[  389.898111]: DK: SmiPcie-0x100000d56: provider entitlements check failed
[  389.898120]: DK: IOUserServer(com.wuhanjingce.driverkit.SmiPcie-0x100000d56)::exit(Entitlements check failed)

And after setting according to the method provided in the introduction, the device can be opened normally.

sudo nvram boot-args="dk=0x8001"

But my dext needs to be published correctly,Referring to the answer below, I confirmed some of my settings.

enter image description here

  • Sign with Apple Development.

    • dext enter image description here

    • installer app enter image description here

  • Entitlements.

    The entitlements file can only automatically generate a small part, and the entitlements related to applying for pci cannot be automatically added to the entitlements file.

    Do I need to copy all the entitlements in the profile to the entitlements file? I copied part of the value here.

    • dext
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.developer.driverkit</key>
    <true/>
    <key>com.apple.developer.driverkit.allow-any-userclient-access</key>
    <true/>
    <key>com.apple.developer.driverkit.transport.pci</key>
    <array>
        <dict>
            <key>IOPCIPrimaryMatch</key>
            <string>0x000010EE&amp;0x0000FFFF</string>
        </dict>
    </array>
    <key>com.apple.developer.system-extension.redistributable</key>
    <true/>
</dict>
</plist>
  • installer
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.developer.system-extension.install</key>
    <true/>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.files.user-selected.read-only</key>
    <true/>
</dict>
</plist>

  • Provision profile (entitlements part)

    • dext
<key>Entitlements</key>
    <dict>
        <key>com.apple.developer.driverkit</key>
        <true/>

        <key>application-identifier</key>
        <string>5X63ZZ6MH3.com.wuhanjingce.driverkit.SmiPcie</string>
        
        <key>com.apple.application-identifier</key>
        <string>5X63ZZ6MH3.com.wuhanjingce.driverkit.SmiPcie</string>

        <key>com.apple.developer.system-extension.redistributable</key>
        <true/>
                
        <key>keychain-access-groups</key>
        <array>
                <string>5X63ZZ6MH3.*</string>
        </array>
                
        <key>get-task-allow</key>
        <true/>
                
        <key>com.apple.developer.team-identifier</key>
        <string>5X63ZZ6MH3</string>
                
        <key>com.apple.developer.driverkit.allow-any-userclient-access</key>
        <true/>
                
        <key>com.apple.developer.driverkit.transport.pci</key>
        <array>
                <dict>
                <key>IOPCIPrimaryMatch</key>
                <string>0x000010EE&amp;0x0000FFFF</string>
                </dict>
        </array>
                
        <key>com.apple.security.get-task-allow</key>
        <true/>
    </dict>
  • installer
<key>Entitlements</key>
    <dict>      
        <key>com.apple.developer.system-extension.install</key>
        <true/>
                
        <key>com.apple.developer.driverkit.allow-any-userclient-access</key>
        <true/>
                
        <key>com.apple.developer.driverkit</key>
        <true/>
                
        <key>com.apple.application-identifier</key>
        <string>5X63ZZ6MH3.com.wuhanjingce.driverkit.SmiInstall</string>
                
        <key>com.apple.developer.system-extension.redistributable</key>
        <true/>
                
        <key>keychain-access-groups</key>
        <array>
                <string>5X63ZZ6MH3.*</string>
        </array>
                
        <key>com.apple.developer.team-identifier</key>
        <string>5X63ZZ6MH3</string>
    </dict>

I think this problem should have nothing to do with the dext installer, the problem lies in my dext itself.

I want to know, what exactly is the problem that causes the error provider entitlements check failed

According to PCIDriverKit Entitlement check failed (migrate KEXT to DEXT) tested and verified

Add some information needed by @pmdj

  • ioreg -w0 -irc IOPCIDevice
+-o pcic1-bridge@0  <class IORegistryEntry:IOService:IOPCIDevice, id 0x10000060c, registered, matched, active, busy 0 (314 ms), retain 14>
  | {
  |   "IOPCIExpressLinkCapabilities" = 7551233
  |   "vendor-id" = <6b100000>
  |   "class-code" = <00040600>
  |   "#msi-vectors" = <20000000>
  |   "pci-ignore-linkstatus" = <>
  |   "#size-cells" = <02000000>
  |   "IOName" = "pci-bridge"
  |   "function-dart_force_active" = <5300000074636146>
  |   "device-protection-granularity" = <d8120f4000010000>
  |   "msi-for-bridges" = <>
  |   "function-dart_self" = <53000000666c6553>
  |   "IOPCIHPType" = 49
  |   "pcidebug" = "0:0:0(1:128)"
  |   "Thunderbolt Path" = "IOService:/AppleARMPE/arm-io@10F00000/AppleT811xIO/acio1@1F00000/AppleThunderboltHALType5/AppleThunderboltNHIType5/IOThunderboltControllerType5/IOThunderboltPort@7/IOThunderboltSwitchType5/IOThunderboltPort@3"
  |   "IOPCIExpressLinkStatus" = 4113
  |   "pci-aspm-default" = 2
  |   "IOPCIExpressCapabilities" = 66
  |   "IOServiceDEXTEntitlements" = (("com.apple.developer.driverkit.transport.pci","com.apple.developer.driverkit.transport.pci.bridge"))
  |   "IOPCIConfigured" = Yes
  |   "IOInterruptControllers" = ("APCIECMSIController-apciec1")
  |   "IODTPersist" = 0
  |   "Thunderbolt Entry ID" = 4294968839
  |   "IOPCIResourced" = Yes
  |   "AAPL,slot-name" = <536c6f742d310000>
  |   "function-dart_release_sid" = <530000006c655253>
  |   "AAPL,phandle" = <52000000>
  |   "ranges" = <0000008200001000000000000000008200001000000000000000f03f00000000000000c20000004000000000000000c2000000400000000000000040000000000000008100000000000000000000008100000000000000000000000000000000>
  |   "name" = <"pcic1-bridge">
  |   "IOPowerManagement" = {"ChildrenPowerState"=2,"CurrentPowerState"=2,"CapabilityFlags"=258,"ChildProxyPowerState"=2,"MaxPowerState"=3}
  |   "default-apcie-options" = <01001080>
  |   "IOPCITunnelLinkChange" = <>
  |   "compatible" = <"pciec-bridge">
  |   "marvel-wa-viddids" = <4b1b20914b1b23914b1b28914b1b30914b1b72914b1b7a914b1b82914b1ba0914b1b20924b1b3092281c22017b1992230311450603114206340030084b1b35924b1b7191>
  |   "PCI-Thunderbolt" = <>
  |   "AppleEmbeddedPCIEPort" = "AppleT8103PCIeCPort is not serializable"
  |   "IOReportLegendPublic" = Yes
  |   "function-dart_request_sid" = <5300000071655253>
  |   "msi-vector-base" = <00000000>
  |   "IOPCIDeviceDeviceTreeEntry" = "IOService is not serializable"
  |   "reg" = <0000000000000000000000000000000000000000>
  |   "IOPCIOnline" = Yes
  |   "IOReportLegend" = ({"IOReportGroupName"="Interrupt Statistics (by index)","IOReportChannels"=((5291294645182005248,4295098369,"               First Level Interrupt Handler Count"),(5291294645182005249,4295098369,"              Second Level Interrupt Handler Count"),(5291294645182005250,4295098369,"        First Level Interrupt Handler Time (MATUs)"),(5291294645182005251,4295098369,"   Second Level Interrupt Handler CPU Time (MATUs)"),(5291294645182005252,4295098369,"Second Level Interrupt Handler System Time (MATUs)")),"IOReportChannelInfo"={"IOReportChannelUnit"=0},"IOReportSubGroupName"="pcic1-bridge 0"})
  |   "device-id" = <12100000>
  |   "#address-cells" = <03000000>
  |   "revision-id" = <00000000>
  |   "IOInterruptSpecifiers" = (<3104000000000100>)
  |   "IOPCIMSIMode" = Yes
  | }
  | 
  +-o IOPP  <class IORegistryEntry:IOService:IOPCIBridge:IOPCI2PCIBridge:ApplePCIECHostBridge, id 0x10000061c, registered, matched, active, busy 0 (310 ms), retain 10>
    +-o pci-bridge@0  <class IORegistryEntry:IOService:IOPCIDevice, id 0x10000232f, registered, matched, active, busy 0 (47 ms), retain 15>
      | {
      |   "#address-cells" = <03000000>
      |   "class-code" = <00040600>
      |   "Tunnel Endpoint GUID" = <001580f023f34300>
      |   "IOPowerManagement" = {"ChildrenPowerState"=2,"CurrentPowerState"=2,"CapabilityFlags"=258,"ChildProxyPowerState"=2,"MaxPowerState"=3}
      |   "pci-aspm-default" = 3
      |   "IOPCIHPType" = 48
      |   "vendor-id" = <86800000>
      |   "name" = <"pci-bridge">
      |   "device-id" = <78150000>
      |   "IOChildIndex" = 1
      |   "IOPCIResourced" = Yes
      |   "IODTPersist" = 0
      |   "compatible" = <"pci8086,1578","pciclass,060400">
      |   "ranges" = <0000008200000004000000000000008200000004000000000000100400000000000000c20000004000000000000000c2000000400000000000000040000000000000008100000000000000000000008100000000000000000010000000000000>
      |   "IOPCIExpressLinkCapabilities" = 4545601
      |   "IOServiceDEXTEntitlements" = (("com.apple.developer.driverkit.transport.pci","com.apple.developer.driverkit.transport.pci.bridge"))
      |   "Thunderbolt Path" = "IOService:/AppleARMPE/arm-io@10F00000/AppleT811xIO/acio1@1F00000/AppleThunderboltHALType5/AppleThunderboltNHIType5/IOThunderboltControllerType5/IOThunderboltPort@7/IOThunderboltSwitchType5/IOThunderboltPort@1/IOThunderboltPort@1/IOThunderboltSwitchType3/IOThunderboltPort@6"
      |   "IOPCIConfigured" = Yes
      |   "Thunderbolt Entry ID" = 4294976280
      |   "Tunnel Endpoint Device Model ID" = <61660000>
      |   "Tunnel Endpoint Device Vendor ID" = <43000000>
      |   "revision-id" = <00000000>
      |   "IOPCIExpressLinkStatus" = 4161
      |   "IOPCIExpressCapabilities" = 82
      |   "pcidebug" = "1:0:0(2:128)"
      |   "IOName" = "pci-bridge"
      |   "#size-cells" = <02000000>
      |   "reg" = <0000010000000000000000000000000000000000>
      |   "IOPCITunnelL1Enable" = No
      | }
      | 
      +-o IOPP  <class IORegistryEntry:IOService:IOPCIBridge:IOPCI2PCIBridge, id 0x100002334, registered, matched, active, busy 0 (33 ms), retain 12>
        +-o pci-bridge@1  <class IORegistryEntry:IOService:IOPCIDevice, id 0x100002330, registered, matched, active, busy 0 (33 ms), retain 13>
        | | {
        | |   "#address-cells" = <03000000>
        | |   "class-code" = <00040600>
        | |   "IOPCITunnelled" = Yes
        | |   "IOPCIExpressSlotStatus" = 328
        | |   "IOPowerManagement" = {"ChildrenPowerState"=2,"CurrentPowerState"=2,"CapabilityFlags"=258,"ChildProxyPowerState"=2,"MaxPowerState"=3}
        | |   "pci-aspm-default" = 3
        | |   "IOPCIHPType" = 48
        | |   "vendor-id" = <86800000>
        | |   "name" = <"pci-bridge">
        | |   "device-id" = <78150000>
        | |   "IOChildIndex" = 1
        | |   "IOPCIResourced" = Yes
        | |   "IODTPersist" = 0
        | |   "compatible" = <"pci8086,1578","pciclass,060400">
        | |   "ranges" = <0000008200000004000000000000008200000004000000000000100400000000000000c20000000000000000000000c2000000000000000000000000000000000000008100000000000000000000008100000000000000000000000000000000>
        | |   "IOPCIExpressLinkCapabilities" = 24206403
        | |   "IOServiceDEXTEntitlements" = (("com.apple.developer.driverkit.transport.pci","com.apple.developer.driverkit.transport.pci.bridge"))
        | |   "IOPCITunnelL1Enable" = No
        | |   "IOPCIConfigured" = Yes
        | |   "revision-id" = <00000000>
        | |   "IOPCIExpressLinkStatus" = 12354
        | |   "IOPCIExpressCapabilities" = 354
        | |   "pcidebug" = "2:1:0(3:3)"
        | |   "IOName" = "pci-bridge"
        | |   "#size-cells" = <02000000>
        | |   "reg" = <0008020000000000000000000000000000000000>
        | |   "IOPCIExpressSlotCapabilities" = 262144
        | | }
        | | 
        | +-o IOPP  <class IORegistryEntry:IOService:IOPCIBridge:IOPCI2PCIBridge, id 0x100002338, registered, matched, active, busy 0 (27 ms), retain 10>
        |   +-o pci10ee,7028@0  <class IORegistryEntry:IOService:IOPCIDevice, id 0x100002332, registered, matched, active, busy 0 (27 ms), retain 15>
        |     | {
        |     |   "assigned-addresses" = <10000382000000040000000000000004000000001800038200000008000000000000010000000000>
        |     |   "IOPCITunnelRootDeviceVendorID" = <43000000>
        |     |   "IOPCIDeviceMemoryMapSize" = 262144
        |     |   "class-code" = <00800500>
        |     |   "IOPCITunnelled" = Yes
        |     |   "IODeviceMemory" = (({"address"=25836912640,"length"=67108864}),({"address"=25904021504,"length"=65536}))
        |     |   "IOPowerManagement" = {"ChildrenPowerState"=2,"CurrentPowerState"=2,"CapabilityFlags"=258,"ChildProxyPowerState"=2,"MaxPowerState"=3}
        |     |   "subsystem-vendor-id" = <ee100000>
        |     |   "pci-aspm-default" = 1
        |     |   "iommu-parent" = "IODARTMapper is not serializable"
        |     |   "IOPCIDeviceMapperPageSize" = 16384
        |     |   "IOPCIHPType" = 48
        |     |   "vendor-id" = <ee100000>
        |     |   "name" = <"pci10ee,7028">
        |     |   "device-id" = <28700000>
        |     |   "IOChildIndex" = 1
        |     |   "IOPCIResourced" = Yes
        |     |   "compatible" = <"pci10ee,7","pci10ee,7028","pciclass,058000">
        |     |   "IODEXTMatchCount" = 1
        |     |   "IOPCIExpressLinkCapabilities" = 259202
        |     |   "IOServiceDEXTEntitlements" = (("com.apple.developer.driverkit.transport.pci"))
        |     |   "IOPCITunnelL1Enable" = No
        |     |   "subsystem-id" = <07000000>
        |     |   "revision-id" = <00000000>
        |     |   "IOPCIExpressLinkStatus" = 4162
        |     |   "IOPCIExpressCapabilities" = 2
        |     |   "pcidebug" = "3:0:0"
        |     |   "IOName" = "pci10ee,7028"
        |     |   "IOPCIDeviceMemoryMapBase" = 0
        |     |   "reg" = <000003000000000000000000000000000000000010000302000000000000000000000004000000001800030200000000000000000000010000000000>
        |     |   "IOPCITunnelRootDeviceModelID" = <61660000>
        |     | }
        |     | 
        |     +-o SmiPcie  <class IORegistryEntry:IOService:IOUserService, id 0x100002342, registered, matched, active, busy 0 (0 ms), retain 8>
        +-o pci-bridge@4  <class IORegistryEntry:IOService:IOPCIDevice, id 0x100002331, registered, matched, active, busy 0 (5 ms), retain 13>
          | {
          |   "IOPCIExpressLinkCapabilities" = 74538049
          |   "vendor-id" = <86800000>
          |   "class-code" = <00040600>
          |   "IOName" = "pci-bridge"
          |   "#size-cells" = <02000000>
          |   "IOPCITunnelled" = Yes
          |   "IOPCIExpressSlotCapabilities" = 2359392
          |   "IOPCIHPType" = 48
          |   "pcidebug" = "2:4:0(4:4)"
          |   "IOChildIndex" = 2
          |   "Thunderbolt Path" = "IOService:/AppleARMPE/arm-io@10F00000/AppleT811xIO/acio1@1F00000/AppleThunderboltHALType5/AppleThunderboltNHIType5/IOThunderboltControllerType5/IOThunderboltPort@7/IOThunderboltSwitchType5/IOThunderboltPort@1/IOThunderboltPort@1/IOThunderboltSwitchType3/IOThunderboltPort@7"
          |   "IOPCIExpressLinkStatus" = 4161
          |   "pci-aspm-default" = 3
          |   "IOPCIExpressCapabilities" = 354
          |   "IOServiceDEXTEntitlements" = (("com.apple.developer.driverkit.transport.pci","com.apple.developer.driverkit.transport.pci.bridge"))
          |   "IOPCIConfigured" = Yes
          |   "IOInterruptControllers" = ("ApplePCIECLegacyIntController-apciec1","APCIECMSIController-apciec1")
          |   "IODTPersist" = 0
          |   "Thunderbolt Entry ID" = 4294976281
          |   "IOPCIResourced" = Yes
          |   "IOPowerManagement" = {"ChildrenPowerState"=2,"CurrentPowerState"=2,"CapabilityFlags"=258,"ChildProxyPowerState"=2,"MaxPowerState"=3}
          |   "ranges" = <0000008200000000000000000000008200000000000000000000000000000000000000c20000000000000000000000c2000000000000000000000000000000000000008100000000000000000000008100000000000000000000000000000000>
          |   "name" = <"pci-bridge">
          |   "IOPCITunnelLinkChange" = Yes
          |   "compatible" = <"pci8086,1578","pciclass,060400">
          |   "IOReportLegendPublic" = Yes
          |   "IOPCIExpressSlotStatus" = 0
          |   "reg" = <0020020000000000000000000000000000000000>
          |   "IOReportLegend" = ({"IOReportGroupName"="Interrupt Statistics (by index)","IOReportChannels"=((5291294645182070784,4295098369,"               First Level Interrupt Handler Count"),(5291294645182070785,4295098369,"              Second Level Interrupt Handler Count"),(5291294645182070786,4295098369,"        First Level Interrupt Handler Time (MATUs)"),(5291294645182070787,4295098369,"   Second Level Interrupt Handler CPU Time (MATUs)"),(5291294645182070788,4295098369,"Second Level Interrupt Handler System Time (MATUs)")),"IOReportChannelInfo"={"IOReportChannelUnit"=0},"IOReportSubGroupName"="pci-bridge 1"})
          |   "device-id" = <78150000>
          |   "#address-cells" = <03000000>
          |   "revision-id" = <00000000>
          |   "IOInterruptSpecifiers" = (<0100000000000000>,<3204000000000100>)
          |   "IOPCIMSIMode" = Yes
          | }
          | 
          +-o IOPP  <class IORegistryEntry:IOService:IOPCIBridge:IOPCI2PCIBridge, id 0x10000233c, registered, matched, active, busy 0 (0 ms), retain 8>

enter image description here

  • Info.plist
    <key>IOKitPersonalities</key>
    <dict>
        <key>SmiPcie</key>
        <dict>
            <key>CFBundleIdentifier</key>
            <string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
            <key>CFBundleIdentifierKernel</key>
            <string>com.apple.kpi.iokit</string>
            <key>IOClass</key>
            <string>IOUserService</string>
            <key>IOMatchCategory</key>
            <string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
            <key>IOProviderClass</key>
            <string>IOPCIDevice</string>
            <key>IOResourceMatch</key>
            <string>IOKit</string>
            <key>IOUserClass</key>
            <string>SmiPcie</string>
            <key>IOUserServerName</key>
            <string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
            <key>IOPCITunnelCompatible</key>
            <true/>
            <key>IOPCIPrimaryMatch</key>
            <string>0x000010EE&amp;0x0000FFFF</string>
            <key>UserClientProperties</key>
            <dict>
                <key>IOClass</key>
                <string>IOUserUserClient</string>
                <key>IOUserClass</key>
                <string>SmiPcieUc</string>
            </dict>
        </dict>
    </dict>
xmx
  • 51
  • 3
  • I don't see an obvious issue, could you post the `ioreg` output for the `IOPCIDevice` node you're trying to match, and IOKitPersonality dictionary/ies from your dext's Info.plist? – pmdj May 09 '23 at 14:16
  • From the `ioreg` line ` | +-o SmiPcie ` it looks like your driver is running. Did you run that command when you had SIP disabled? If not, it seems like your problem might be something other than signing/entitlements? – pmdj May 10 '23 at 08:45
  • 1
    Unrelated to entitlements, but [remove the `IOMatchCategory` property from your matching dictionary!](https://stackoverflow.com/a/75470680/48660). `IOResourceMatch` should also be removed, there's no need for it here. (I'll also point out that the driver will currently match *all* devices from vendor ID `0x10ee` regardless of device ID, but this might be intentional.) – pmdj May 10 '23 at 08:51
  • Yes, my Driver is indeed running, because I set the dk=0x8001 suggested by you, so I want to know how to run dext correctly without using dk=0x8001. SIP is turned off on all my macs because sometimes I still have to use kext. – xmx May 13 '23 at 06:06
  • Thanks for your reminder and suggestion!IOMatchCategory and IOResourceMatch have been removed.When applying for entitlements, I applied for all Device IDs of 0x10ee to facilitate subsequent device expansion. – xmx May 13 '23 at 07:56
  • So does it work without `dk=0x8001`? I don't see any obvious problems other than that log line, and I'm wondering if it's not relevant to your dext instance. – pmdj May 13 '23 at 09:02
  • Entitlements for all devices of a vendor are fine (and usual, and need to match what Apple granted), but that doesn't mean you need to match all devices in the `Info.plist` too. (But without knowing your devices and driver functionality I can't say if it's a problem.) – pmdj May 13 '23 at 09:03
  • "So does it work without dk=0x8001". If dk=0x8001 dose not set, there will be an appeal problem. – xmx Aug 07 '23 at 13:19
  • 0x000010EE & 0x0000FFFF The purpose is to prevent the need to apply for a new number in the future, because the application is more troublesome – xmx Aug 07 '23 at 13:21

1 Answers1

1

Do I need to copy all the entitlements in the profile to the entitlements file?

No; Xcode will sometimes warn if the entitlements file doesn't contain one of the profile's entitlements, but this isn't in itself a problem, just warning you about a possible oversight.

I want to know, what exactly is the problem that causes the error provider entitlements check failed

"Provider entitlements check failed" means the dext does not satisfy the entitlements requirement posed by provider object's IOServiceDEXTEntitlements and family-specific requirements.

For PCI, this means one of the dictionaries in the dext's com.apple.developer.driverkit.transport.pci entitlement must match the provider object. (Unless the device is a PCI bridge, in which case there are extra requirements.)

I can't see an obvious problem in what you've posted so far, but you haven't posted the match dictionary from your dext's Info.plist and the ioreg excerpt for the IOPCIDevice you're trying to match, perhaps you could update your answer with those?

pmdj
  • 22,018
  • 3
  • 52
  • 103
  • 1
    Thank you for your answer, I have added relevant information here, please check if there is any problem. – xmx May 10 '23 at 02:33