Kernel extensions help expand macOS capabilities by allowing software to interact with the operating system at a deeper level. However, due to Apple’s increased focus on security and stability, the company introduced stricter security measures that impact the installation and usage of kernel extensions on M1/M2 Macs.
If you want to harness the full potential of your Mac’s hardware, this step-by-step guide will provide you with the necessary instructions to overcome these limitations and enable system (kernel) extensions on M1/M2 Mac.
What are System (Kernel) Extensions?
System (Kernel) Extensions are an essential part of your Mac’s operating system. They provide extra code to be loaded into the running kernel, the core of your operating system, extending its functionality in various ways.
These extensions load directly into the kernel, operating at a low level of the system. They can interact with hardware or affect system processes, providing robust capabilities.
System extensions allow third-party developers to integrate their software deep within your Mac’s operating system. They can enhance or modify system features, improving your Mac’s functionality and personalizing your experience.
Do I Need System (Kernel) Extensions on M1/M2 Mac?
In essence, you don’t need kernel extensions on an M1/M2 Mac because they’re not supported. Any hardware or software that previously required a kernel extension will need to be updated to use system extensions instead.
With the introduction of macOS Catalina, Apple has been discouraging traditional kernel extensions (KEXTs) in favor of system extensions, mainly due to security and stability reasons. System extensions provide similar functionality but run in user space, not kernel space.
Kernel Extensions run directly within the operating system’s kernel — the core part of the OS. They have high-level permissions and can interact directly with the system hardware. This access makes KEXTs powerful but risky because a poorly designed or malicious KEXT can cause system crashes or security breaches.
With the move to Apple Silicon, this change becomes even more pronounced. The new architecture of these chips doesn’t support traditional kernel extensions.
If you’re unsure whether your Mac has a silicon chip or Intel processor, go to Apple’s official page to check.
Where Can I Use System Extensions on Mac?
System Extensions are often used in several scenarios where an application needs to interact more deeply with macOS than is typically possible.
Here are some common situations where you may require system extensions on Mac:
- 🖨️ Hardware Support: Some hardware devices require specific drivers to function, and these drivers may be implemented as System Extensions. This includes devices like printers, scanners, graphics tablets, audio interfaces, and more.
- 🌐 Networking: Network extensions can allow applications to interact with network traffic in various ways. For example, VPN applications often use network extensions to reroute your internet traffic through their service. Firewall applications might use them to monitor and control inbound and outbound network connections.
- 🛡️ Security Tools: Security software often needs deep system integration to function correctly. For example, antivirus software may use system extensions to monitor file system activity and scan for malware. Similarly, data loss prevention (DLP) tools might use them to monitor and control data transfers.
- 💾 File System Support: Some applications provide support for non-native file systems (like NTFS or ext4) through system extensions. These extensions allow macOS to read and write files on drives formatted with these file systems.
- 📊 Performance Monitoring and System Utilities: Some performance monitoring tools and system utilities use system extensions to gather detailed system statistics or to modify low-level system settings.
- 💻 Virtualization and Emulation Software: Applications like Docker or Parallels that allow you to run other operating systems on your Mac may use system extensions to improve performance and integration.
How to Enable System (Kernel) Extensions on M1/M2 Mac
This guide is applicable to all Apple Silicon Mac devices, including MacBook Air (M1, 2020), MacBook Pro (13-in, M1, 2020), Mac mini (M1, 2020), iMac (24-in, M1, 2021), MacBook Pro (14-inch, M1 Pro/M1 Max, 2021), MacBook Pro (16-inch, M1 Max/M1 Max, 2021), Mac Studio (M1 Mac/M1 Ultra, 2022), MacBook Pro (13-inch, M2, 2022), and MacBook Air (M2, 2022).
Apple silicon processors use different security measures than Intel ones, and these need to be modified if you intend to install kernel extensions from third-party sources.
But if you still want to enable system (kernel) extensions on M1/M2 Mac, you have to modify its security policy by booting your Mac into Recovery Mode. Here’s how to authorize kernel extensions on M1/M2 Mac using macOS Recovery:
Step 1: Open Security Settings
- After you install a program that requires macOS kernel extensions, select Open Security Preferences from the System Extension Blocked notification.
- This will open Privacy & Security window in System Settings.
Step 2: Allow Applications from Identified Developers & Enable System Extensions
- In the Security section of the Privacy & Security window, select App Store and identified developers under Allow applications downloaded from.
- Then, click the Enable System Extensions button.
Step 3: Shutdown Your Mac
Now, a pop-up will appear, indicating that to enable system extensions, you need to modify your security settings in the Recovery environment. Click the Shut Down button on this pop-up to turn off your Mac.
Step 4: Boot into macOS Recovery Mode
- Shut down your Mac completely.
- Then, press the Power button once and then keep pressing it until you see Loading Startup Options.
- Click Options and then Continue to boot the M1 or M2 Mac to macOS Recovery Mode.
Step 5: Open Startup Security Utility
In the Recovery Mode, select Startup Security Utility from the Utilities menu at the top of your screen.
Step 6: Modify the Security Policy
- When you see the Startup Security Utility, click the Security Policy button.
- In Startup Security Utility, choose Reduced Security and check the Allow user management of kernel extensions from identified developers option.
- Click OK, enter your administrator password, and wait for the security level change to complete.
- After the changes are done, click Startup Disk in the menu bar and click Quit Startup Disk.
- It will take you to the previous screen. Here, click the Apple icon and select Restart to let your Mac restart normally.
Step 7: Confirm Changes
- When your Mac restarts, go to Privacy & Security window in System Settings and click the Allow button under “System software from developer “Chengdu Aibo Tech Co., Ltd. Was blocked from loading” in the Security section.
- Enter your administrator password and restart your Mac to make the change take effect.
Only Enable Trusted System (Kernel) Extensions on M1/M2 Mac
Kernel extensions have the potential to compromise your Mac’s security, so only enable them if they originate from reliable developers.
Here are some more tips for keeping your Mac safe and running and at maximum potential:
- If your system is acting up, you can boot your Mac into Verbose mode to see what happens behind the scenes during the startup process.
- Sometimes, booting your Mac into safe mode lets you figure out why random crashes and shutdowns occur.
- If you’re seeing a gray screen on your Mac, that may be a kernel panic error. Check out my guide to learn how to fix kernel panic error on your Mac.
Frequently Asked Questions
Is it safe to change Mac’s default security settings and enable system extensions?
It is safe to change Mac’s default security settings and enable system extensions if the software you are installing requires reduced security for installing kernel extensions. That’s because only identified and trusted developers by Apple can ask you to allow system extensions.
Should I revert to Full Security after installing the software to safeguard my computer?
No, it isn’t necessary to revert to Full Security after installing the software to safeguard your computer. Doing so could hinder the proper operation of your newly installed software, as system extensions would be blocked.
Why am I unable to activate system extensions on my M1 Mac?
You may be unable to activate system extensions on your M1 Mac if it operates on macOS Big Sur 11.0 or macOS 11.1. Therefore, it is strongly advised to ensure your Apple Silicon Mac is running macOS 11.2 or a later version.