Hmmm, my deployment target *is* macOS 11 and I added the key pair at the top level of the .entitlements file for the System Extension.
The errors I see are mostly 100001 and 100002 and seem to only happen immediately after the extension is loaded and then enabled by my controlling app. The flows that causes the issue look like this:
Handling new flow:
identifier = 653961C1-DD57-4D21-911F-FFDAAB85A5C6
hostname = gateway.icloud.com
sourceAppIdentifier = .com.apple.Notes
sourceAppVersion = 4.8
procPID = 541
eprocPID = 0
direction = outbound
inBytes = 0
outBytes = 0
signature = 32:{length = 32, bytes = 0x6fc70082 f36f6a3f 06f2f743 9d080e85 ... 2c19f9f3 158a5fd3 }
remoteEndpoint = 17.248.242.37:443
remoteHostname = gateway.icloud.com
protocol = 6
family = 2
type = 1
procUUID = DBA793E1-FD3D-348E-BE25-18E5C8A0DFD4
eprocUUID = 09F24272-54CB-3550-8826-D54C7A324D99
I was able to reproduce this 100% of the time. I only have to launch my app which loads and then enables the sysex.
When I quit Notes, the error doesn't occur. If I launch Notes after loading the system extension, the error occurs. It appears that Notes.app is properly signed although I note that it is in /System/Applications:
codesign -d --requirements - /System/Applications/Notes.app
Executable=/System/Applications/Notes.app/Contents/MacOS/Notes
designated = identifier "com.apple.Notes" and anchor apple
