Are Your Users Receiving Legacy System Extensions Alerts?

As of macOS Catalina 10.15.4, Apple has begun alerting users when their Mac detects a kernel extension (KEXT) is leveraging deprecated KPIs (Kernel Programming Interfaces). If you haven’t seen this alert yet, you can see what it looks like below, stating that the loaded KEXT will be “incompatible with a future version of macOS.”

Image source: support.apple.com

In this quick article, we’re going to discuss what these alerts mean for the future of KEXTs, how System Extensions factor in, and then how you can prevent these Legacy System Extensions Alerts from popping up, to begin with.

What the Alert Tells Us about the Future of KEXTs

As Apple announced at the 2019 World Wide Developers Conference (WWDC), macOS Catalina will be the last macOS release that will fully support KEXTs. In this light, the new Legacy System Extensions Alert is the latest sign that Apple is actively phasing out KEXTs.

What’s the Problem with KEXTs?

If you need a quick primer, KEXTs are essentially bundles of code that let developers extend the capabilities of the Kernel (which is in charge of all of the operations on your Mac).

Because KEXTs have Kernel privileges, they’re really powerful — perhaps a bit too powerful. Since actions taken in the Kernel are prioritized over all other system operations, small errors while developing KEXTs could bring the entire system to a halt with a non-recoverable Kernel error, commonly known as “Kernel panics,” which requires a system reboot. As you can imagine, this is a significant concern in terms of stability and security.

Enter: System Extensions

In an attempt to solve this problem, Apple introduced System Extensions. These new extensions run in userspace instead of the Kernel, so developers have a lot more leeway when it comes to making applications, meaning they don’t have to worry about system crashes and Kernel panics. This makes macOS much more reliable, and it pretty much eliminates the chance of an unrecoverable error when running a System Extension.

Moving forward, any KEXT that has a System Extension equivalent is considered deprecated, and developers are encouraged to migrate those features to a System Extension. If you’re looking for a deep-dive on System Extensions, you can read our guide to Apple’s Endpoint Security Framework. In the “What are System Extensions” section, we break down everything you need to know.

Preventing Legacy System Extensions Alerts

If you don’t want your end-users to see the Legacy System Extensions Alerts, you can prevent them by allowing relevant KEXTs via an MDM solution, like Kandji.

Here’s what you need to do:

1. Figure out which Kernel Extensions are causing the alerts. Once you find them, gather a list of all the developer names being presented to your end-users. We’ll need this information to complete later steps.
2. Locate the KEXT developer's Team ID (and, optionally, the KEXT bundle ID). 

We recommend that you encourage any software vendors who are affected by this change to move their KEXTs to a System Extension equivalent before Apple continues to take more steps toward phasing them out. And in the meantime, if you’re looking for an MDM solution that will stay up-to-date with the latest Apple announcements, look no further than Kandji.

If you want to learn more about which KPIs are deprecated, you can find a complete list in this Apple developer support article.