Now that I have been able to unravel Catalina’s security data files in more detail, I’ve realised that, whilst it does have a new security system to handle kernel extensions (KEXTs), the old system hasn’t gone away either.
As I detailed yesterday in my account of Catalina’s security data, the former Kernel Extension Exclude List kernel extension is still alive and well, just living in hiding on the Data volume, in the path Library/Apple/System/Library/Extensions/AppleKextExcludeList.kext. Within it is a new exception list, named ExceptionLists.plist, which Apple may decide to update in the future. I have therefore reinstated its checking in my two free apps which check updates to security data files, SilentKnight, LockRattler, and the command tool
SilentKnight 1.4 is available from here: silentknight14
LockRattler 4.24 is available from here: lockrattler424
silnite 3 is available from here: silnite3
Each is also available from Downloads above, from their joint Product Page, and the two apps are available through their auto-update mechanism.
These updates are recommended for anyone currently running, or intending to run, Catalina, as they now check and report the KEXT blocker in 10.15. They don’t change anything of significance for Mojave or earlier versions of macOS, though.
As far as I’m aware at present, these three utilities now cover Catalina’s security systems as fully as possible. One outstanding issue is that Macs running the last release of Mojave and those running Catalina remain using different EFI firmware versions. SilentKnight and
silnite, which check firmware versions against my database, continue to use the versions for Mojave, which should be the same for most models running Sierra and High Sierra.
It isn’t clear at present whether Apple intends to release updates for High Sierra and Mojave systems which will bring them into sync with Catalina. If that doesn’t happen, I will be updating my database and those utilities to expect different firmware versions according to the version of macOS that they are running. I will make a decision about this when Apple releases the next macOS Security Update for High Sierra and Mojave, which will provide a clear indication of its intentions. That is my next probable update to these utilities.