4 Replies
      Latest reply on Jun 29, 2019 3:21 AM by sfDemon
      rtrouton Level 1 Level 1 (0 points)

        Kernel extensions




        Difficult to develop and debug

        Stability problems for system

        Security problems for system



        Introducing System Extensions and DriverKit



        New as of Catalina

        Similar to kext, but runs in user space; outside the kernel.



        Network extensions

        Endpoint Security extensions

        - Replacement for Kauth event monitoring

        Driver extensions

        - Control hardware devices

        - Uses DriverKit, which replaces IOKit



        Deprecating kernel extensions:



        macOS Catalina will be the last OS version to run kernel extensions without compromise.

        Installing third party kernel extensions on macOS Catalina now requires that you restart your Mac before they’re permitted to load.

        As System Extensions and DriverKit adds functionality, kernel extensions with matching functionality will not load.



        System Extensions

        - Always part of the app

        - No such thing as a "standalone system extension"

        - Distribute via the MAS or Developer ID (MAS deployment not previously possible with kernel extensions.)



        Sign System Extension with a Developer ID or MAS certificate

        - Developer ID for Kernel Extensions certificate is no longer required.

        System Extension with a Developer ID must be notarized




        - No installer or package is necessary, System Extension is inside the app bundle.

        Use the new System



        Extension lifecycle is managed by the system

        System Extension will be stopped and started as needed.






        Moving app to the trash deactivates all of its extensions. No special uninstall process is needed.