Change security settings on the startup disk of a Mac with Apple silicon
A Mac with Apple silicon uses the sophisticated security features of its signed system volume to protect your Mac against malicious tampering. By default, your Mac uses the highest level of security, called Full Security. Before a legacy system extension (also known as a kernel extension or kext) can be installed on a Mac computer with Apple silicon, the security policy must be changed to Reduced Security.
If an organisation-owned Mac is enrolled in mobile device management (MDM), MDM can remotely manage kernel extensions and software updates. This management can be authorised automatically if the serial number of the MDM-managed Mac appears in Apple School Manager or Apple Business Manager. If the serial number of the MDM-managed Mac doesn’t appear in Apple School Manager or Apple Business Manager, the MDM administrator can ask a local administrator to manually change the security policy to Reduced Security to authorise remote management of kernel extensions.
Change the level of security used on your startup disk
On the Mac with Apple silicon, choose Apple menu > Shut Down.
Press and hold the power button until “Loading startup options” appears.
Click Options, then click Continue.
Select a startup disk, then click Next.
Select an administrator account, then click Next.
Enter the password for the administrator account, then click Continue.
In the Recovery app, choose Utilities > Startup Security Utility.
Select the system you want to use to set the security policy.
If the disk is encrypted with FileVault, click Unlock, enter the password, then click Unlock.
Click Security Policy.
Select one of the following security options:
Full Security: Ensures that only your current OS, or signed operating system software currently trusted by Apple, can run. This mode requires a network connection at software installation time.
Reduced Security: Allows any version of signed operating system software ever trusted by Apple to run.
If you selected Reduced Security, select any of the following options, if needed:
Allow user management of kernel extensions from identified developers: Allows installation of software that uses legacy kernel extensions.
Allow remote management of kernel extensions and automatic software updates: Authorises remote management of legacy kernel extensions and software updates using a mobile device management (MDM) solution.
If you changed the security, click the User pop-up menu, choose an administrator account, enter the password for the account, then click OK.
Choose Apple menu > Restart.
You must restart your Mac for the changes to take effect.
Note: If you’re having difficulty starting up your Mac with Apple silicon, and you believe the problem might be related to installing third-party software, you can try starting up your Mac in safe mode.