Kernel extensions
Problems:
Difficult to develop and debug
Stability problems for system
Security problems for system
Introducing System Extensions and DriverKit
New as of Catalina
Similar to kext, but runs in user space; outside the kernel.
Network extensions
Endpoint Security extensions
- Replacement for Kauth event monitoring
Driver extensions
- Control hardware devices
- Uses DriverKit, which replaces IOKit
Deprecating kernel extensions:
macOS Catalina will be the last OS version to run kernel extensions without compromise.
Installing third party kernel extensions on macOS Catalina now requires that you restart your Mac before they’re permitted to load.
As System Extensions and DriverKit adds functionality, kernel extensions with matching functionality will not load.
System Extensions
- Always part of the app
- No such thing as a "standalone system extension"
- Distribute via the MAS or Developer ID (MAS deployment not previously possible with kernel extensions.)
Sign System Extension with a Developer ID or MAS certificate
- Developer ID for Kernel Extensions certificate is no longer required.
System Extension with a Developer ID must be notarized
Installation
- No installer or package is necessary, System Extension is inside the app bundle.
Use the new System
Extension lifecycle is managed by the system
System Extension will be stopped and started as needed.
Uninstallation
Moving app to the trash deactivates all of its extensions. No special uninstall process is needed.
