I've reinstalled my product which contain a kext driver where in previous installation, the driver was manually approved.
However, on the second installation it failes, due to kext signature rejection.
I have seen in some places the same error, for example here: https://support.eset.com/kb6570, however even after clearing the kext_policy table in recovery mode, and approving the kext manually in settings --> security in the next boot, the kext still appears to be unapproved.
For example, running kextutil provides the following:
Kalyan:~ KalyanPentakota$ sudo kextutil /Library/Extensions/mycompanyAT.kext
Kext rejected due to insecure location: <OSKext 0x7f8e9ff02e20 [0x7fffa11c8af0]> { URL = "file:///Library/StagedExtensions/Library/Extensions/mycompanyAT.kext/", ID = "com.mycompany.at" }
Kext rejected due to insecure location: <OSKext 0x7f8e9ff02e20 [0x7fffa11c8af0]> { URL = "file:///Library/StagedExtensions/Library/Extensions/mycompanyAT.kext/", ID = "com.mycompany.at" }
kext approval status in database:
sqlite> select * from kext_policy;
XE2XNRRXZ5|jp.co.canon.bj.print.BJUSBLoad|1|Canon Inc.|8
KBVSJ83SS9|com.citrix.kext.gusb|1|Citrix Systems, Inc.|8
MK9BR98H51|com.mycompany.at|1|My Company Ltd|1
Just to make sure, i valide the certificate of my driver manually :
Kalyan:~ KalyanPentakota$ codesign -dvv /Library/Extensions/mycompanyAT.kext
Executable=/Library/Extensions/mycompanyAT.kext/Contents/MacOS/mycompanyAT
Identifier=com.mycompany.at
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20200 size=8179 flags=0x0(none) hashes=250+3 location=embedded
Signature size=4651
Authority=Developer ID Application: My Company Ltd (MK9BR98H51)
Authority=Developer ID Certification
Authority Authority=Apple Root CA
Signed Time=Jun 5, 2018 at 6:05:21 AM
Info.plist entries=22
TeamIdentifier=MK9BR98H51
Sealed Resources version=2 rules=13 files=1
Internal requirements count=1 size=212
I have also tried removing /Library/StagedExtensions/Library/, but it didn't change anything as well.