{"id":18887,"date":"2017-09-15T12:55:13","date_gmt":"2017-09-15T16:55:13","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=18887"},"modified":"2019-08-15T15:28:10","modified_gmt":"2019-08-15T19:28:10","slug":"kernel-extensions-in-high-sierra","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2017\/09\/15\/kernel-extensions-in-high-sierra\/","title":{"rendered":"Kernel Extensions in High Sierra"},"content":{"rendered":"<p><a href=\"https:\/\/twitter.com\/felix_schwarz\/status\/908608771244609536\">Felix Schwarz<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/felix_schwarz\/status\/908608771244609536\"><p>Apple has softened its tone regarding #Kext blocking in #HighSierra:<\/p>\n<ul><li>No more stop signs<\/li>\n<li>&ldquo;User-Approved&rdquo; instead of &ldquo;Secure&rdquo;. Progress!<\/li><\/ul><\/blockquote>\n<p><a href=\"https:\/\/twitter.com\/felix_schwarz\/status\/908663901100929025\">Felix Schwarz<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/felix_schwarz\/status\/908663901100929025\"><p>Fun fact: if the Security &amp; Privacy prefs pane is already open while installing a new #kext, no &ldquo;Allow&rdquo; text or button is shown.<\/p><\/blockquote>\n<p><a href=\"https:\/\/twitter.com\/felix_schwarz\/status\/908665328556806145\">Felix Schwarz<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/felix_schwarz\/status\/908665328556806145\"><p>Fun fact 2: other than what the TN suggests, #kexts installed together, but in different locations, are approved together. Sometimes. &#x1F643;<\/p><\/blockquote>\n<p><a href=\"https:\/\/twitter.com\/felix_schwarz\/status\/908690187219283970\">Felix Schwarz<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/felix_schwarz\/status\/908690187219283970\"><p>Fun fact 3: This is what happens when you try to &ldquo;Allow&rdquo; a #Kext using Screen Sharing: nothing. Remote admins will &ldquo;love&rdquo; this.<\/p><\/blockquote>\n<p>He&rsquo;s filed <a href=\"https:\/\/openradar.appspot.com\/32922559\">a bug<\/a> that goes into detail about some of the user experience issues and how it would be better if Apple provided an API for apps to request approval or had a review process for Apple-signed extensions to install without approval:<\/p>\n<blockquote cite=\"https:\/\/openradar.appspot.com\/32922559\"><p>The &ldquo;System Extension Blocked&rdquo; alert gives the average user the impression that an app tried to do something fishy or dangerous and was stopped by the operating system. Or - even worse - that this is a trick alert brought up by the app that tries to trick users into opening System Preferences and removing safeguards there.<\/p>\n<p>[&#8230;]<\/p>\n<p>In its current state Secure Kernel Extension Loading in macOS 10.13 does not provide a good experience for either users or developers. In fact, if this feature ships as it is now, shipping a kext becomes a risk for the reputation of legitimate developers due to the optics of this feature's implementation.<\/p><\/blockquote>\n<p>Previously: <a href=\"https:\/\/mjtsai.com\/blog\/2017\/06\/27\/little-snitch-4-public-beta\/\">Little Snitch 4 Public Beta<\/a>.<\/p>\n<p>Update (2018-08-14): <a href=\"https:\/\/twitter.com\/thomasareed\/status\/1029156542938066946\">Thomas Reed<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/thomasareed\/status\/1029156542938066946\">\n<p>So many of the problems with kext restrictions in High Sierra fall on the developer. Allow button doesn&rsquo;t respond, or doesn&rsquo;t appear? Kext left behind in StagedExtensions? It&rsquo;s seen as the dev&rsquo;s fault. &#x1F612; We&rsquo;re doing Apple&rsquo;s tech support.<\/p>\n<\/blockquote>\n\n<p id=\"kernel-extensions-in-high-sierra-update-2018-08-30\">Update (2018-08-30): <a href=\"https:\/\/twitter.com\/felix_schwarz\/status\/1035114180242751488\">Felix Schwarz<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/felix_schwarz\/status\/1035114180242751488\">\n<p>#Mojave&rsquo;s #kext approval prompt added a much needed &ldquo;Open Security Preferences&rdquo; button. Thanks to the engineer who did this! &#x2764;&#xFE0F;<\/p>\n<p>It&rsquo;s a real improvement over High Sierra[&#8230;]<\/p>\n<\/blockquote>\n\n<p id=\"kernel-extensions-in-high-sierra-update-2019-03-22\">Update (2019-03-22): <a href=\"https:\/\/twitter.com\/felix_schwarz\/status\/1108999762714546176\">Felix Schwarz<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/felix_schwarz\/status\/1108999762714546176\"><p>User Approved Kext Loading after ~ 2 years:<\/p><p>- still has <a href=\"http:\/\/www.openradar.appspot.com\/32922559\">no API<\/a> to provide a good user experience<\/p><p>- still ignores clicks on &ldquo;Approve&rdquo; &#x2013; and still gives the user <em>no<\/em> feedback as to why it ignores them.<\/p><p>- still fills my support inbox &amp; kills my sales &#x1F62D;<\/p><\/blockquote>\n\n<p id=\"kernel-extensions-in-high-sierra-update-2019-08-15\">Update (2019-08-15): <a href=\"https:\/\/twitter.com\/patrickwardle\/status\/1161353695486857217\">Patrick Wardle<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/patrickwardle\/status\/1161353695486857217\"><p>Apple&rsquo;s &ldquo;User-Approved Kext&rdquo; loading, is a pain for 3rd-party developers, but aims to thwart exactly <a href=\"https:\/\/www.securityweek.com\/vulnerabilities-device-drivers-20-vendors-expose-pcs-persistent-malware\">this type of (real) attack<\/a>.<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Felix Schwarz: Apple has softened its tone regarding #Kext blocking in #HighSierra: No more stop signs &ldquo;User-Approved&rdquo; instead of &ldquo;Secure&rdquo;. Progress! Felix Schwarz: Fun fact: if the Security &amp; Privacy prefs pane is already open while installing a new #kext, no &ldquo;Allow&rdquo; text or button is shown. Felix Schwarz: Fun fact 2: other than what [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2018-08-14T19:22:38Z","apple_news_api_id":"39296623-8ccb-4044-870c-2ce99a3a7ffd","apple_news_api_modified_at":"2019-08-15T19:28:16Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAg==","apple_news_api_share_url":"https:\/\/apple.news\/AOSlmI4zLQESHDCzpmjp__Q","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[828,30,1529],"class_list":["post-18887","post","type-post","status-publish","format-standard","hentry","category-technology","tag-kernel-extensions","tag-mac","tag-macos-10-13"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/18887","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=18887"}],"version-history":[{"count":5,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/18887\/revisions"}],"predecessor-version":[{"id":26275,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/18887\/revisions\/26275"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=18887"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=18887"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=18887"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}