Some Kernel Extensions Won’t Work in macOS 11 Big Sur

macOS Catalina logo

If you updated to macOS Catalina 10.15 you may have seen a warning message about kernel extensions. That’s because Apple is deprecating some of them in macOS 11 Big Sur.

Kernel Extensions

The message refers to “legacy system extensions” and says they “aren’t as secure or reliable as modern alternatives.” Apple is replacing some of them with an Endpoint Security Framework. In a support page Apple mentions the change:

In 2019, Apple informed developers that macOS Catalina will be the last macOS to fully support legacy system extensions, and we’ve been working with developers to transition their software. By moving beyond these extensions, developers are helping to further modernize the Mac, improve its security and reliability, and enable more user-friendly software distribution methods. A final transition date has not yet been set.

Image of warning about kernel extensions
What the warning looks like in macOS Catalina 10.15.4

Deprecated

The following kernel extensions will be deprecated, and Apple’s support page tells developers which frameworks to use instead.

  • KAUTH: Use EndpointSecurity
  • Network Filter: Use Network Extension
  • IOHIDFamily: Use HIDDriverKit instead
  • IOUSBFamily: Use IOUSBHostFamily or USBDriverKit
  • USB Networking: use USBDriverKit (for USB KPIs) or NetworkingDriverKit (for IONetworkingFamily KPIs)
  • USB Serial: Use USBDriverKit (for USB KPIs); SerialDriverKit Or USBSerialDriverKit (for IOSerialFamily KPIs)
  • USB Vendor Specific IPC: Use USBDriverKit or IOUSBHost (for USB KPIs) or DriverKit for communication channels

The move is meant to increase user security because the kernel is a sensitive part of the operating system that controls everything else. Keeping third-party apps out of this area is a good thing.

Note: This article was originally published on March 26, 2020. It has been updated with new information.

5 thoughts on “Some Kernel Extensions Won’t Work in macOS 11 Big Sur

  • It would be nice to see old software like SEP/McAfee finally be put out to pasture.

    Maybe this will do it, they’ll never be ready, heck they’re still wrestling with 10.15.

    1. I had at the option of creating a windows box for my dusty shop, or creating a mackintosh. Most of my software and workflows are MacOS based. Apple has decided to make only few models that don’t fit my shops needs, and how can they? They don’t know how I work or what my workflows need. So, I grabbed some used PC parts and made a Hackingtosh I call Uglybox. It has several integrated dust particle filters and several more integrated USB ports than any production Mac computer has ever had. Sure, I could have bought a new Mac, built a massive and expensive dust filter box and then added problematic USB cards to it, but wait… there wasn’t one available that addressed my shops needs. That means that I would have had to purchase a used 2012 MacPro, which are very pricey for the kinds of jobs that I need a computer to control. In the end it was a used Dell that I Hackingtoshed into something to run my shop. I really wish that there was a version of MacOS available, with limited support, that could be used for peripheral use cases. I have not seen a plan to address this market segment, as it is probably quite small and not really sexy.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.