I am working on new laptop deployment with DEP, Catalina, trying to reduce clicks and suppress all confusing popups :)
I have a Config Profile with third party extensions and team IDs including the only one I have found for HP.
I also have the box checked to allow users to approve System Extensions in that profile.
I have hp-printer-essentials-S-5_14_6 installing at enrollment and it is asking for approval and a regular user cannot approve. The Kext config profile is installed. The other interesting thing is that there are HP drivers installed so it looks like it installed despite the need for approval button...
Only found this page after figuring out myself but landed on the same solution as @cbrewer.
Shouldn't have any issues with the latest "Essential Drivers" from HP Easy Admin and the Approved Kernel Extensions:
Team ID: 6HB5Y2QTA3
Installing the HP Essentials package on an M1 Mac running Big Sur (has config profiles whitelisting the HP Team ID for both Kext and SysExts, not explicitly listing the extensions) shows a prompt "System Extension Block" (this really means Kext but Big Sur gui always says system extension?). Same setup on a T2 Mac or older Intel Mac and no prompt at all.
Is this the expected behaviour? On M1 with Big Sur the end user always has to allow Kexts? I guess this is Apple's way of upsetting users until the developers move from Kext to SysExts?
I have seen this issue on our (2) M1 test Macs in IT. Usually, this error pops up behind our DEPNotify GUI at enrollment/deployment once the HP pkgs are installed.
I have both System Extensions and Kernel Extensions approved via Jamf MDM profiles with HPs Team ID '6HB5Y2QTA3' and Extension Type 'Driver Extension' But haven't configured granular extension names.
I haven't seen any other options yet. Not sure if this is an HP or Apple issue/bug.
@dstranathan I found a couple other posts about the configuration profile install issue. Looks like it may be related to PI-009052: (Third-Party Issue) Configuration profiles with Kernel Extension Policy payloads may fail to install on computers with M1 chips if the computer cannot receive a Bootstrap Token from Jamf Pro during profile installation. Additionally, Startup Security settings must be set to allow MDM to manage legacy kernel extensions.
What does "Startup Security settings must be set to allow MDM to manage legacy kernel extensions" mean?
Unlike Catalina (and earlier), macOS Big Sur (on ARM or X86) cant load kernel extensions at all, correct?