Deprecated Kernel Extensions and System Extension Alternatives

System extensions on macOS Catalina 10.15 or later allow software, such as network extensions and endpoint security solutions, to extend the functionality of macOS without requiring kernel-level access. As part of our ongoing effort to modernize the platform, improve security and reliability, and enable more user-friendly distribution methods, kernel extensions have been deprecated. Starting with macOS Big Sur, macOS releases no longer load kernel extensions that use deprecated kernel programming interfaces (KPIs) by default.

Transitioning your kernel extensions

Certain kernel extensions are unsupported on macOS Big Sur. If your software uses deprecated and supported KPIs for older versions of macOS, you’ll need to factor out deprecated components into a stand-alone system extension. If your software uses new system extensions and legacy kernel extensions, you can distribute to supported operating systems. Software that supports a broad range of macOS versions should continue to use kernel extensions for older versions and run system extensions where supported.

Below is a list of unsupported KPIs as of macOS Big Sur. Any kernel extension using an unsupported KPI will not load.*

KAUTH

Unsupported: macOS Big Sur 11.0
Deprecated: macOS Catalina 10.15

The following KPIs are unsupported in macOS Big Sur. Clients should use EndpointSecurity instead.

  • kauth_listen_scope
  • kauth_unlisten_scope

Socket

Deprecated: macOS Catalina 10.15

The following Socket KPIs continue to be deprecated in macOS Big Sur. Clients should use NetworkExtension instead.

  • sock_accept
  • sock_bind
  • sock_close
  • sock_connect
  • sock_getpeername
  • sock_getsockname
  • sock_getsockopt
  • sock_gettype
  • sock_ioctl
  • sock_isconnected
  • sock_isnonblocking
  • sock_listen
  • sock_receive
  • sock_receivembuf
  • sock_release
  • sock_retain
  • sock_send
  • sock_sendmbuf
  • sock_setsockopt
  • sock_shutdown
  • sock_socket

Network filter

Unsupported: macOS Big Sur 11.0
Deprecated: macOS Catalina 10.15

The following Network Filter KPIs are unsupported in macOS Big Sur:

  • ipf_addv4
  • ipf_addv6
  • ipf_inject_input
  • ipf_inject_output
  • ipf_remove
  • sflt_attach
  • sflt_detach
  • sflt_register
  • sflt_unregister
  • sock_inject_data_in
  • sock_inject_data_out
  • sock_setpriv
  • sockopt_copyin
  • sockopt_copyout
  • sockopt_direction
  • sockopt_level
  • sockopt_name
  • sockopt_valsize

IOHIDFamily

Unsupported: macOS Big Sur 11.0
Deprecated: macOS Catalina 10.15

All KPIs in IOHIDFamily are unsupported in macOS Big Sur. Clients should use HIDDriverKit instead.

IOUSBFamily

Unsupported: macOS Big Sur 11.0
Deprecated: OS X El Capitan 10.11

All KPIs in IOUSBFamily are unsupported in macOS Big Sur. Clients should move to IOUSBHostFamily or USBDriverKit, where appropriate and as outlined below.

USB networking

Unsupported: macOS Big Sur 11.0
Deprecated: macOS Catalina 10.15

The combination of using IONetworkingFamily KPIs as well as any USB KPI (IOUSBHostFamily or IOUSBFamily) is unsupported in macOS Big Sur. USB KPIs have alternatives in USBDriverKit. Clients of IONetworkingFamily KPIs should use NetworkingDriverKit instead.

USB serial

Unsupported: macOS Big Sur 11.0
Deprecated: macOS Catalina 10.15

The combination of using any IOSerialFamily KPI as well as any USB KPI (IOUSBHostFamily or IOUSBFamily) is unsupported in macOS Big Sur. USB KPIs have alternatives in USBDriverKit. Clients of IOSerialFamily KPIs should use SerialDriverKit or USBSerialDriverKit instead.

USB vendor-specific IPC

Unsupported: macOS Big Sur 11.0
Deprecated: macOS Catalina 10.15

Any kernel extension using USB KPI (IOUSBHostFamily or IOUSBFamily) that doesn't tie into the IO Family subsystem and uses IOUserClient, or subclasses, for IPC is unsupported in macOS Big Sur. USB KPIs have alternatives in USBDriverKit or consider IOUSBHost framework. DriverKit also has mechanisms for communication channels.

PCI networking

Unsupported: macOS Big Sur 11.0
Deprecated: macOS Catalina 10.15

The combination of using IONetworkingFamily KPIs as well as IOPCIFamily KPIs is deprecated. PCI KPIs have alternatives in PCIDriverKit. Clients of IONetworkingFamily KPIs should use NetworkingDriverKit instead.

Contacting us

Entitlements

To deploy drivers built with DriverKit or use the EndpointSecurity API, you’ll need an entitlement from Apple.

Request an entitlement

Feedback

Your feedback is valuable and helps inform the direction of our system extension development. Send us your API enhancement requests or bug reports through Feedback Assistant.

Provide feedback