Kernel Extensions

A kernel extension, or kext, is a bundle that extends the kernel. With System Integrity Protection, kernel extensions must be signed with a Developer ID for Signing Kexts certificate, and installed into the /Library/Extensions directory.

As of OS X El Capitan, the kext-dev-mode boot-arg is now obsolete.

$ sudo nvram boot-args="kext-dev-mode=1" # Has No Effect

You can build unsigned kexts for internal testing, and disable System Integrity Protection on your test systems to allow unsigned kexts to load. See Configuring System Integrity Protection for more information.

You should sign a kernel extension using a Developer ID certificate only when it reaches its final stages of testing and is being evaluated for release to customers. You can request a Developer ID Certificate for signing kexts by visiting and filling out the required details.

For more information, see Kernel Extension Overview in Kernel Programming Guide.