Dear WeatherCat sys-admins,
The November 2017 issue of Mac|Life magazine has an article on a few feature of High Sierra that most of us probably weren't aware of. macOS will now disable any kernel extension unless you explicitly give it permission to be run in the in the Security and Privacy pane of the system preferences. Apple had provided a bulletin on the change that you can read here:
https://support.apple.com/en-us/HT208019Apple doesn't make the situation particular intuitive either. When you install a kernel extension, it will simple put up a dialog box saying the extension is blocked. There is an
<Okay> button but that simply dismisses the dialog. The only way to enable your kernel extension is to explicitly turn it on in the Security and Privacy pane.
It is also possible to disable this feature completely using a command line tool in recovery mode.
Any kernel extensions already on your computer are
"grandfathered" in so those of you with Davis stations who upgraded to High Sierra weren't effected. However, there is two situations when you might have to explicitly enable a kernel driver. The permission status of the extensions is stored in NVRAM. If you need to reset that, you'll need to explicitly give permission to your kernel extensions once more. The other situation is when changing computer. If you restore the contents of an older computer from a backup, the NVRAM of the new Mac won't have any kernel extension permissions. So once more you'll have to manually give permissions for your kernel extensions to run.
Sadly, the reviews of this new security measure aren't exactly stellar. What is a small matter for individual users is a nightmare for organizations with many Macs that have kernel extensions. At the same time, a security expert has already known that it is
"trivial" (his words) to get around this feature:
https://www.synack.com/2017/09/08/high-sierras-secure-kernel-extension-loading-is-broken/Once more as Jimmy Durante would state:
"Such are da' conditions that prevail . . . . . . "Cheers, Edouard