Recently many users noticed Blackmagic devices stopped working in Zoom’s mac client. We noticed because it affects our-in progress screening workflow plugin, PostStream. In the course of investigating the issue, we’ve collected a lot of information, some of which might be helpful to others.
Like any hardware, video devices need a driver to allow the operating system and applications to “talk” to the hardware. In MacOS, these use a technology called CoreMedia IO (CMIO). MacOS includes a built-in CMIO driver for a family of video devices called “UVC” or USB Video Class. These include the FaceTime camera built into most Macs, as well as webcams and many USB capture devices from companies like Epiphan and Elgato.
Other types of video devices, especially “professional” devices from companies like Blackmagic and AJA, require their own CMIO driver. These often enable more advanced functionality, like the ability to work with embedded timecode, access to on-board hardware acceleration, or higher bit depths and better color fidelity.
In general, any device that has a CMIO driver should work with a wide array of applications on MacOS. However, some of the modern security infrastructure in MacOS makes this story a bit more complicated.
Stopped by security
All applications distributed on MacOS need to meet some minimum security requirements in order for them to run in a standard configuration. Whether apps come through the Mac App Store or as a download from a vendor’s website, they must pass automated checks managed by Apple. One of the requirements is that the app must use what’s called the “hardened runtime”.
The technical specifics of the hardened runtime are a bit out of scope here, but the important thing to understand is that by default, the hardened runtime prevents an application from talking to any code that was created by a vendor other than Apple or the app manufacturer. What this means is that if a video application built with the hardened runtime asks the operating system for a list of video devices, it will only see the UVC devices that are supported by the Apple provided driver. Devices from other manufacturers won’t appear, and can’t be used by the application.
Application developers have the ability to change this behavior, by adjusting a setting when building their app. The “Disable Library Validation” entitlement, which developers add before submitting their app to Apple for approval, grants the app the ability to work with any video device that has a CMIO driver. As with many things in the world of software security, this is a tradeoff, as it potentially opens an application to mischief.
So, what does this mean for video conferencing? If a video conferencing application is built with the hardened runtime, and hasn’t added the “Disable Library Validation” entitlement, it won’t be able to access third party video devices. Until recently, Zoom had the “Disable Library Validation” entitlement, and many video pros found that it was handy to use a Blackmagic device to stream video from a better looking camera. As part of their recent focus on securing their application, they’ve removed this entitlement, and third party devices no longer work.
So, what can you do? There are a few options. If you’re looking to buy a new device to input video into a conferencing solution, make sure you get a UVC-compatible device. Magewell devices, the AJA Utap, and Epiphan devices all work with all apps. Some video conferencing platforms currently support third party plugins as well, including Webex and Skype.
One of the best workarounds if you’ve got a device that no longer works is to try using your video conferencing tool via Chrome, rather than using a standalone application. If you access Zoom using the “in browser” client, you’ll be able to access all of your video devices. This is because Chrome is built with the “Disable Library Validation” entitlement.
Long term solutions
Longer term, the fix for this needs to come from Apple. They’ve already addressed this issue with audio devices. The rich ecosystem of audio hardware and audio processing software has been architected to work, even in a hardened runtime environment. We’re optimistic that Apple will bring similar technology to the video space. In the meantime, if you want tips, drop us a line.