Jamf Nation Community

If you have them whitelisted before installation, it should stage them all and let them "chain" together for a single reboot.

It's not like the system HAS to be rebooted immediately upon acceptance of the extension, it's just that the extension won't be fully loaded until after that reboot.

I've had to make almost no changes to my DEPNotify workflow to handle System Extensions. Still one reboot.

I also think the idea that a user NEVER has to reboot is setting themselves up for pain. My first question for every end user is "Have your rebooted yet?"

That being said, looking forward to any solutions to this issue.

@wmehilos - Can you explain a bit more about your definition of "white listing" in this context? You may have just solved this issue for more many of us! Thanks!

@cainehorr Check out this discussion here, lots of good resources. https://www.jamf.com/jamf-nation/discussions/33964/how-to-system-extension-in-macos

I want to clarify something here, and add more context. In Big Sur, apps can still use kernel extensions, which in some cases are required for full functionality. For example, Carbon Black can run in kernel or system extension mode, but many important features require the kernel extension to be loaded.

Big Sur will still call kernel extensions "system extensions" in dialogs, so this can be confusing when we all discuss it. Whitelisting the kernel extension does not allow it to load, and another action is needed: either manual approval by the user (and a restart), or a special MDM command to rebuild the kernel extension cache (which also forces a restart). It's this MDM command that Jamf does not support, leaving us with user approval as an absolute requirement for the software to function.

Can't you rebuild the kext cache manually with kextcache -i /?

Can't you rebuild the kext cache manually with kextcache -i /?

Can you Please explain how to use it ?