Sort­ing ker­nel ex­ten­sions

Deal with a change to how macOS al­lows ker­nel ex­ten­sions to be in­stalled

Mac Format - - MACOS SKILLS - Alan Stone­bridge

There’s a change to how ker­nel ex­ten­sions are han­dled in macOS High Sierra, for which Ap­ple has pub­lished ad­vice for sys­tem ad­min­is­tra­tors, yet this change may have a small im­pact on you even as a reg­u­lar Mac user.

Ba­si­cally, ker­nel ex­ten­sions added to your Mac af­ter you in­stall High Sierra re­quire user ap­proval. Af­ter in­stalling High Sierra, we ran into this sce­nario two times in as many days. The ac­tion that’s con­se­quently re­quired on your part is triv­ial, but we rec­om­mend pay­ing closer at­ten­tion than you might nor­mally do when in­stalling soft­ware. For ex­am­ple, we en­coun­tered a prompt for ac­tion when we in­stalled the Log­itech Op­tions soft­ware as part of the MX Master 2S mouse re­viewed in this is­sue (see page 86), and with Paragon’s NTFS for Mac soft­ware when writ­ing the APFS tu­to­rial on page 56 of this is­sue too.

Each time we were pre­sented with a clear warn­ing in a di­a­logue, which in­structed us to go to Sys­tem Pref­er­ences’ Se­cu­rity & Pri­vacy pane in order to grant per­mis­sion for part of the soft­ware to run.

The per­son who is tak­ing an ac­tion – in­stalling soft­ware – that causes a new ker­nel ex­ten­sion to be added to your Mac does not have to be logged into an ad­min­is­tra­tor ac­count, nor are they prompted for an ad­min user’s cre­den­tials if they al­low the ex­ten­sion to run.

Com­mand or sup­port

Also note that ker­nel ex­ten­sions you in­stalled prior to High Sierra, or which are an up­date to a pre­vi­ously ap­proved ker­nel ex­ten­sion, are not im­pacted by this new be­hav­iour.

If you’re com­fort­able with re­search­ing and run­ning com­mands in Ter­mi­nal, the spctl com­mand in macOS Re­cov­ery en­ables you to dis­able User Ap­proved Ker­nel Ex­ten­sion Load­ing to pre­vent risks as­so­ci­ated with ex­ten­sions. How­ever, if you’re get­ting into that level of tech­ni­cal de­tail you should read Ap­ple’s sup­port page at bit.ly/hsker­nel, which de­scribes re­lated con­sid­er­a­tions – no­tably, that you may want to set a firmware password to pre­vent ca­sual re­set­ting of the NVRAM, which re-en­ables the ex­ten­sion ap­proval rights of all users.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.