We have updated instruction in our product to allow for the removal of the admin requirement for "Allow"ing third party signed KEXTs based on the latest DP changes.
I have stepped through the procedure on a test bed and have to say that for the average user, this is just as confusing as before. The subtlety of having the "Allow" button enabled will cause a congitive dissonance for people also seeing the Admin lock icon at the bottom.
We have descriptive dialogs and open the Security and Privacy panel for our users, but why is this necessary? We cannot control the layering of the dialogs, some confusion will be unavoidable. And we cannot directly detect the cause of a potential failure of loading in the app without elevating to admin.
I understand the objective, but has this been really worked through by somebody with expertise in user experience?
Why do we have a warning dialog that does not immediately allow people to approve this? This was designed for engineers and IT people, not average users.