To improve security on the Mac, kernel extensions installed with or after the installation of macOS High Sierra require user consent in order to load. This is known as User Approved Kernel Extension Loading. Any user can approve a kernel extension, even if they don’t have administrator privileges.
Kernel extensions don't require authorization if they:
- Were on the Mac before the upgrade to macOS High Sierra.
- Are replacing previously approved extensions.
If you want to disable User Approved Kernel Extension Loading, boot into macOS Recovery and use the spctl command. Run the command by itself to get more information about how to use the spctl command.
In macOS High Sierra, enrolling in Mobile Device Management (MDM) automatically disables User Approved Kernel Extension Loading. The behavior for loading kernel extensions will be the same as macOS Sierra.
In a future update to macOS High Sierra, you will be able to use MDM to enable or disable User Approved Kernel Extension Loading and to manage the list of kernel extensions which are allowed to load without user consent.