We have a secury product which will be used internally (will not distribute outside or in the AppStore), within that there's a kext which works normally in the previous version before 10.14.5, but for 10.14.5 we got below error when kextloading the kext(we don't notarize that kext for some reason):
System Extension Blocked
A program tried to load one or more system extensions that are incompatible with this version of macOS, Please contact ".... CO.,LTD" for support.
Though we know that there's workaround for this like 'csrutil disable' to disable SIP or 'spctl kext-consent add ...', but those method will have big dev-ops cost in our context. is there any other methods we can load this kext in macOS 10.14.5/6 system? Again, we don't need to distribute this kext-embeded App (actually an installation .pkg file) outside.
Have you looked at the Kernel Extension Policy (
com.apple.syspolicy.kernel-extension-policy) configuration profile payload? I’ve not played with it myself but my understanding is that this is the standard way for managed environments to deal with issues like this. The current official docs for it are here, but I find the section in the Configuration Profile Reference easier to understand.
Share and Enjoy
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"