I'm trying to find out if its at all possible to run a .kext on an unjailbroken iPhone.

When the kernel is loaded, is the signature for the entire kernel image verified? Or just the signatures of any plugins there might be i.e. the .kext?

If the entire kernel image signature is checked then I presume there's no chance of a .kext running unless it was inside the kernel when signed, thus no possibility at all of running a .kext.
If however its not the entire kernel that is checked, but .kexts' signatures are checked individually when loaded, then there is a slim chance perhaps that I am able to sign the .kext with a specific certificate tied to the device's IMEI or similar, and thus would be able to load the .kext on one phone only (which would suit my purposes).

Originally Posted by mungbeans

I'm trying to find out if its at all possible to run a .kext on an unjailbroken iPhone.

When the kernel is loaded, is the signature for the entire kernel image verified? Or just the signatures of any plugins there might be i.e. the .kext?

That's the last thing you need to be worried about.

First, you need to build your own kextload, because 4.x fw does not ship with any.
Next, you need to reconstruct the OSKext::loadFromMkext() call, since iPhone's kernel is built with SECURE_KERNEL.
Then, you need to inject the whole kxld subsystem, because iPhone's kernel is built without CONFIG_KXLD.
You may also want to rebuild the System.kext pseudoextension.
Finally, you should ask the signature question.

Bottom line: the iPhone's kernel lacks considerable portions of code which deal with kext loading.

Originally Posted by mungbeans

I'm trying to find out if its at all possible to run a .kext on an unjailbroken iPhone.

When the kernel is loaded, is the signature for the entire kernel image verified? Or just the signatures of any plugins there might be i.e. the .kext?

If the entire kernel image signature is checked then I presume there's no chance of a .kext running unless it was inside the kernel when signed, thus no possibility at all of running a .kext.
If however its not the entire kernel that is checked, but .kexts' signatures are checked individually when loaded, then there is a slim chance perhaps that I am able to sign the .kext with a specific certificate tied to the device's IMEI or similar, and thus would be able to load the .kext on one phone only (which would suit my purposes).

how in the world would you expect to load a kext without jailbreaking a phone??? and if you want to do something as low-level and intricate as kext loading why would you balk at jailbreaking? makes no sense.