Thanks for the assistance, eskimo. I've submitted a bug report via feedback assistant, FB8625465.

I don't think I'm code signing with --deep. My build process is to use xcode to build the system extension, letting xcode sign it, use visual studio to build the main C# app, copy the extension into the right place, and then let visual studio sign the main app. As far as I can tell that results in a set of commands that looks like: produced by xcode /usr/bin/codesign --force --sign <redacted> --timestamp -o runtime --entitlements "path/to/extension/entitlements" --requirements <a bunch of stuff xcode generated looking for my team ID in certs?> "path/to/systemextension produced by visual studio /usr/bin/codesign -v --force --timestamp --sign <redacted> "path/to/library1.dylib" /usr/bin/codesign -v --force --timestamp --sign <redacted> "path/to/library2.dylib" ... /usr/bin/codesign -v --force -o runtime --timestamp --sign <redacted> --entitlements "path/to/app/entitlements" "path/to/app" I don't see a codesign invocation that uses --deep, outside of a verify produced automatically by visual studio: /usr/bin/codesign --verify -vvvv --deep "path/to/app" path/to/my.app: valid on disk path/to/my.app: satisfies its Designated Requirement Checking the main app with: codesign -d --entitlements :- /path/to/main/app yields: Executable=/path/to/main/app <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.application-identifier</key> <string>TEAM_ID.APP_ID</string> <key>com.apple.developer.team-identifier</key> <string>TEAM_ID</string> <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider-systemextension</string> </array> <key>com.apple.developer.networking.vpn.api</key> <array> <string>allow-vpn</string> </array> <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.security.app-sandbox</key> <false/> <key>com.apple.security.application-groups</key> <array> <string>TEAM_ID.group.GROUP_ID</string> </array> <key>com.apple.security.files.user-selected.read-only</key> <true/> <key>com.apple.security.network.client</key> <true/> <key>com.apple.security.network.server</key> <true/> </dict> </plist> And the extension inside: codesign -d --entitlements :- /path/to/main/app/Contents/Library/SystemExtensions/app.id.myextension.systemextension/ yields: Executable=/path/to/main/app/Contents/Library/SystemExtensions/app.id.myextension.systemextension/ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.application-identifier</key> <string>TEAM_ID.EXTENSION_APP_ID</string> <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider-systemextension</string> </array> <key>com.apple.developer.networking.vpn.api</key> <array> <string>allow-vpn</string> </array> <key>com.apple.developer.team-identifier</key> <string>TEAM_ID</string> <key>com.apple.security.app-sandbox</key> <false/> <key>com.apple.security.application-groups</key> <array> <string>TEAM_ID.group.GROUP_ID</string> </array> <key>com.apple.security.files.user-selected.read-only</key> <true/> <key>com.apple.security.network.client</key> <true/> <key>com.apple.security.network.server</key> <true/> </dict> </plist> Going by this, com.apple.security.cs.allow-jit only shows up on the main app. Running this app yields: default 09:57:12.989932-0400 kernel mac_vnode_check_signature: /path/to/main/app: code signature validation failed fatally: When validating /path/to/main/app: &#9;Hardened Runtime relaxation entitlements disallowed on System Extensions default 09:57:12.990005-0400 kernel proc 4177: load code signature error 4 for file "MyApp" default 09:57:12.991868-0400 kernel Security policy would not allow process: 4177, /path/to/main/app