Hi all! Relatively new to System Extensions, we're looking to finally perform a widespread upgrade of our computers to Big Sur/Monterey along with ordering newer M1 devices in the near future. What are your best practices on configuring information below provided by the software vendors?
Allowed System Extensions
Allowed System Extension Types
You can specify Allowed Extension Types or Allowed System Extensions together.
Similar to Kernel Extensions, if you create a payload with "Allowed System Extensions" and use the proper Team Identifier, in most cases you *should not* need to specify the extensions directly.
This is what I personally use for one of our products and it works perfectly, though I am actually not sure if one part is redundant over the other.
I would definitely include "System Extensions" and Allow users to approve them on their own (this should work if they install other software that we haven't whitelisted)
Because I allow the Team Identifier explicitly, I do not need to specify all the system extensions for the program to work properly. (And there are a lot more than just the 2 listed below). Such as mdredr.kext, mdrfp.kext, mdrnet.kext, devmac.kext and a few others.