The User Interface in the System Preferences > Security & Privacy pane is still problematic:
- if a kextload command was denied with error code 27, after 30 minutes, the Allow button is not displayed anymore in the General pane. This means that the end user will have no idea what to do if he/she did not follow the new alert instructions. I can see a lot of cases where this will happen.
- if a kextload command was denied with error code 27 and the Security & Privacy > General pane is already displayed, the Allow button will not appear. It is required to open another PrefPane and then go back to the Security & Privacy Pref Pane to see the Allow button (Bug Report already filed).
- if a kextload command is denied with error code 27, the visual alert "System Extension Blocked … [ OK] " presented in the Technical Note just does not appear: maybe they are displayed only once per boot session but in this case, they will not be displayed mosf of the time to the end user when the first kextload command is made by a launchd daemon during startup. (Bug Report already filed).
The current version of the Technical Note (12th of July) still does not document how to disallow a Team ID that was added by user consent. The Recovery Mode section and spctl man page only talk about Team ID that are allowed without user content.
