This article covers legacy system extensions on Mac computers
Changes in macOS Catalina version 10.15.4
Starting with macOS 10.15.4, Apple has begun alerting end users if their Mac has a Kernel Extension that leverages deprecated KPIs (Kernel Programming Interfaces).Apple has begun referring to deprecated Kernel Extensions as “Legacy System Extensions” in certain macOS interfaces and support documentation.
Prevent this Alert
To prevent your users from seeing this notification you’ll need to allow any relevant Kernel Extension via Iru.1
Identify Kernel Extensions
Determine the Kernel Extension(s) causing the alerts and gather a list of all the developer names being presented to your end users.
2
Get Developer Information
Determine the Kernel Extension developer’s Team ID (and optionally KEXT bundle ID). The following Iru Endpoint support article will walk you through collecting this information from a Mac receiving the alert, as well as how to create the required KEXT approval profile in Iru.
3
Work with Vendors
We also highly encourage you to work with any Software Vendors that are impacted by this change and request that they move their Kernel Extension to a System Extension equivalent.
What is a Kernel Extension?
Essentially, KEXTs (Kernel Extensions) are bundles of code that let developers extend the capabilities of the kernel. These Kernel Extensions use Programming Interfaces, known as KPIs (Kernel Programming Interfaces). Because the kernel is in charge of everything on the system, and because all KEXTs are given kernel privileges, these extensions are very powerful. Due to this high level of privilege, these extensions can cause what is known as “Kernel Panics”; errors that occur in the macOS Kernel that are unrecoverable and require a system reboot.What is a System Extension?
Like KEXTs, System Extensions extend the functionality of the operating system. However, unlike KEXTs, System Extensions run in userland (Userspace), outside of the Kernel, thus free from many of the restrictions developers had to face while coding in the Kernel (many of which we’ll discuss in the next section). This significant departure from KEXT development dramatically improves the reliability of macOS and nearly eliminates the chance of an unrecoverable error.System Extensions introduced in macOS Catalina replace certain types of Kernel Extensions and KPIs.Kernel Extensions that use one or more of the following KPIs that have System Extension equivalents will cause the aforementioned alert.| KPI | System Extension Replacement |
|---|---|
| KAUTH | EndpointSecurity |
| Network Filter | NetworkExtension |
| IOHIDFamily | HIDDriverKit |
| IOUSBFamily | USBDriverKit |
| USB Networking | NetworkingDriverKit |
| USB Serial | USBSerialDriverKit |
| USB Vendor Specific IPC | USBDriverKit / IOUSBHost / DriverKit |