issue of loading kext in macOS 10.14.5

Hi there,


We have a secury product which will be used internally (will not distribute outside or in the AppStore), within that there's a kext which works normally in the previous version before 10.14.5, but for 10.14.5 we got below error when kextloading the kext(we don't notarize that kext for some reason):


System Extension Blocked

A program tried to load one or more system extensions that are incompatible with this version of macOS, Please contact ".... CO.,LTD" for support.


Though we know that there's workaround for this like 'csrutil disable' to disable SIP or 'spctl kext-consent add ...', but those method will have big dev-ops cost in our context. is there any other methods we can load this kext in macOS 10.14.5/6 system? Again, we don't need to distribute this kext-embeded App (actually an installation .pkg file) outside.


Any comments?

Replies

Have you looked at the Kernel Extension Policy (

com.apple.syspolicy.kernel-extension-policy
) configuration profile payload? I’ve not played with it myself but my understanding is that this is the standard way for managed environments to deal with issues like this. The current official docs for it are here, but I find the section in the Configuration Profile Reference easier to understand.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

How to confim Kernel Extension Policy and set com.apple.syspolicy.kernel-extension-policy?

I’m sorry, but I don’t understand your question. Please elaborate.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

You metioned Kernel Extension Policy(com.apple.syspolicy.kernel-extension-policy) configuration,I mean how to confirm the configuration is correct or not?

What are you looking for here:

  • Confirming that the payload is correctly set up for your KEXT?

  • Confirming that the system has correctly ingested that payload?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"