macoskernel-extension

Packages installer how to detect if user consent to kext


I have a Packages created installer, people always forget to allow the consent for loading the kext, is there anyway to detect if user allowed or not in the privacy settings so that the installer could prompt user to allow it?


Solution

  • Quoting from the official documentation on the kext approval "feature":

    To determine if a KEXT has failed to load because it does not have user approval:

    If you are using kextutil or kextload, check for the exit code 27. In addition, kextutil will produce the error message System policy prevents loading the kernel extension. If you are using the KextManager APIs in IOKit/kext/KextManager.h, check for the result code kOSKextReturnSystemPolicy.

    So you could call out to a shell script or similar from your installer package, or use an installer plugin, to invoke kextload/kextutil or the KextManager API. Note that on Big Sur, the user will additionally have to reboot for the kext to load, so the kext still won't load immediately even after the user has approved it.