Revoking third-party kext permission

macOS requires that a user visit the "Security" section of System Preferences in order to approve running third-party kernel extensions.

How does one reset the approval list or remove a specific vendor's key from the list?

Example use case: Enabling QA to re-test application logic which is only reached before the extension is allowed to run

Post not yet marked as solved Up vote post of mcgroarty Down vote post of mcgroarty


In theory, you can run "spctl kext-consent" from recovery. It would probably be better to just use a VM that can be easily reset.

Here are the instructions for modifying your kext consent database. It isn't too hard.