Home > Wiki Tips

What Are Kernel Extensions on Mac & Are They Safe?

Updated on Wednesday, January 3, 2024

iBoysoft author Connie Yang

Written by

Connie Yang
Professional tech editor

Approved by

Jessica Shee

English

What Are Kernel Extensions on Mac & How to Enable Them

Summary: This post by iBoysoft will explain what kernel extensions are on Mac, are kernel extensions safe, and stepwise steps to enable kernel extensions on Mac.

what are kernel extensions on Mac

You see "kernel extensions" when resetting the security policy on your Mac and are curious about what are they. Or, you see hints saying kernel or system extensions are blocked on your Mac when installing some apps.

As it happens, this article gives you a full-scale explanation of third-party kernel extensions on Mac. From here, you'll find answers to "What are kernel extensions", "Is it safe to enable kernel extensions on Mac", and more.

Overview of kernel extensions on Mac:

What are kernel extensions on Mac?

Kernel extensions (or kexts) are used to allow software developers to load codes into the macOS kernel freely. Then, the developers can implement certain functions in their software without any limitations.

In more detail, the kernel extension is a directory containing different data. Among them, the loadable object files and XML files are worth explaining. The loadable object files record the app's function that the app developer wants the system to help them realize. And the XML file (info.plist) contains the dedicated way how the kernel extension interacts with macOS and the loaded object files' working principle.

Explain to your friends what kernel extensions are on Mac.

 

Are kernel extensions safe for Mac?

Not safe, to be precise. The kernel extension is a double-edged sword. On the one hand, it indeed helps developers create multifunctional apps under the extended capabilities of macOS. And it also lets you use powerful third-party apps to do some tasks that the macOS pre-loaded programs can't do, for example, recover data from an unbootable Mac or enable macOS to read and write to NTFS drives.

On the other hand, it brings potential threats to your Mac machine. The kernel extension run in the kernel while is not controlled by the system security policies (which are defined and implemented by the kernel to protect the entire macOS). Thus, once a kernel extension exists a bug or threats from malicious sources, the system may be attacked. And then, Mac kernel panic may occur, or your Mac freezes suddenly.

That's why every time you are going to enable kernel extensions on Mac, the system will warn you.

What is the difference between kernel and system extensions in macOS?

In the 2019 WWDC, Apple announced that they prepared to make a transition from kernel extensions to system extensions from macOS Catalina. Simply speaking, Apple wants to change the way that software developers interact with macOS in a more controllable, stable, and secure way.

What are system extensions? System extensions are replacements for kernel extensions to help developers perform tasks to create apps. They allow software developers to extend macOS capabilities by running and managing macOS extensions in user space rather than at the kernel level. There are three main system extension frameworks that are used to replace kexts, including DriverKit, Network Extensions, and Endpoint Security.

Different from kernel extensions that run at the kernel level, System extensions work in user space. They enable app developers to access certain system functionalities without exposing vulnerabilities that kexts do.

system extensions blocked alert on Mac

In a word, system extensions have similar capabilities to kernel extensions but are more controllable.

Although kexts are still available in macOS Catalina, Apple encourages developers to move to use system extensions.

Tell the differences between kernel extensions and system extensions with more people.

 

How to enable kernel extensions on Mac?

Every time you install and run an app that requires enabling kernel extensions or system extensions in macOS Ventura, Monterey, or Big Sur, the system will alert you. If the app is authenticated and trusted by Apple like iBoysoft NTFS for Mac, you can reduce the security policies to enable kexts or system extensions on your Mac without worries.

How to enable kernel extensions on Apple Silicon Macs (M1 & M2):

  1. Click the Apple menu > System Preferences > Security & Privacy.
    open security and privacy on Mac
  2. Unlock the bottom lock with the admin password.
  3. Under the "Allow applications downloaded from" section, tick "App Store and identified developers".
  4. Click Enable System Extensions.
    enable system extensions on Mac running Monterey and M1 and M2 Mac
  5. Click Shutdown on the pop-up saying "To enable system extensions, you need to modify your security settings in the Recovery environment".
  6. Press down the Power button to turn on your Mac until you see "Loading startup options" on the screen.
  7. Select Options and then click Continue.
  8. Enter your admin account if asked to enter macOS Recovery Mode.
  9. Select Utilities from the top menu bar > Startup Security Utility.
  10. Choose your startup disk > Security Policy.
  11. Select Reduced Security and tick "Allow user management of kernel extensions from identified developers.
  12. Click OK.
  13. Click the Apple menu at the top and choose Restart to boot your Mac back to normal mode.

For non-Apple Silicon Macs, you only need to allow kexts or system extensions in System Preferences > Security & Privacy.

Conversely, you can remove third-party kernel extensions from your Mac at the place where you enable them.

FAQs about kernel extensions on Mac

A

Click the Apple menu > About This Mac > Overview. Then, click System Report. Scroll down to the Software section, click on Extensions. On the right pane, you can see the details about the enabled kernel extensions on your Mac, including their sources, versions, etc.

A

The third-party kernel extensions are drivers or codes running in user space to extend the capability of macOS, helping the third-party software reaching the goal of certain functionalities.