Deprecated Kernel Extensions and System Extension Alternatives
System extensions on macOS Catalina (10.15) allow software like network extensions and endpoint security solutions to extend the functionality of macOS without requiring kernel-level access. At WWDC19, we announced the deprecation of kernel extensions as part of our ongoing effort to modernize the platform, improve security and reliability, and enable more user-friendly distribution methods. Kernel programming interfaces (KPIs) will be deprecated as alternatives become available, and future OS releases will no longer load kernel extensions that use deprecated KPIs by default.
Transitioning Your Kernel Extensions
If your software uses deprecated and supported KPIs, you’ll need to factor out deprecated components into a stand-alone system extension. If your software uses new system extensions and legacy kernel extensions, you can distribute to supported operating systems. Software that supports a broad range of macOS versions should continue to use kernel extensions for older versions and run system extensions where supported.
Below is a list of deprecated KPIs as of macOS 10.15. In macOS 10.15.4, use of deprecated KPIs triggers a notification to the user that the software includes a deprecated API and asks the user to contact the developer for alternatives.
KAUTH
Please use EndpointSecurity instead of the following deprecated KPIs:
- kauth_listen_scope
- kauth_unlisten_scope
Network Filter
Clients should use NetworkExtension instead of the following deprecated KPIs:
- ipf_addv4
- ipf_addv6
- ipf_inject_input
- ipf_inject_output
- ipf_remove
- sflt_attach
- sflt_detach
- sflt_register
- sflt_unregister
- sock_accept
- sock_bind
- sock_close
- sock_connect
- sock_getpeername
- sock_getsockname
- sock_getsockopt
- sock_gettype
- sock_inject_data_in
- sock_inject_data_out
- sock_ioctl
- sock_isconnected
- sock_isnonblocking
- sock_listen
- sock_receive
- sock_receivembuf
- sock_send
- sock_sendmbuf
- sock_setpriv
- sock_setsockopt
- sock_shutdown
- sock_socket
- sockopt_copyin
- sockopt_copyout
- sockopt_direction
- sockopt_level
- sockopt_name
- sockopt_valsize
IOHIDFamily
All KPIs in IOHIDFamily are deprecated. Clients should use HIDDriverKit instead.
IOUSBFamily
IOUSBFamily has been deprecated and headers removed from SDK since macOS El Capitan (10.11). All clients should move to IOUSBHostFamily or USBDriverKit, where appropriate and outlined below.
USB Networking
The combination of using IONetworkingFamily KPIs as well as any USB KPI (IOUSBHostFamily or IOUSBFamily) is deprecated. USB KPIs have alternatives in USBDriverKit . Clients of IONetworkingFamily KPIs should use NetworkingDriverKit instead.
USB Serial
The combination of using any IOSerialFamily KPI as well as any USB KPI (IOUSBHostFamily or IOUSBFamily) is deprecated. USB KPIs have alternatives in USBDriverKit. Clients of IOSerialFamily KPIs should use SerialDriverKit or USBSerialDriverKit instead.
USB Vendor Specific IPC
Any kernel extension using USB KPI (IOUSBHostFamily or IOUSBFamily) that does not tie into the IO Family subsystem and uses IOUserClient, or subclasses, for IPC is deprecated. USB KPIs have alternatives in USBDriverKit or consider IOUSBHost. DriverKit also has mechanisms for communication channels.
Contacting Us
Entitlements
To deploy drivers built with DriverKit, allow other developers to use your system extensions, or use the EndpointSecurity API, you’ll need an entitlement from Apple.
Feedback
Your feedback is valuable and helps inform the direction of our system extension development. Send us your API enhancement requests or bug reports.