3rd party Kexts not loading when booted from external disk on Apple Silicon Macs

ileradeltercomondo wrote:

Can you show us where this is documented?

If this is true, why is there a boot drive selection tool within the Recovery Mode that then allows you to boot from an external disk, then select "Reduced Security" and under that, "Allow user management of kernel extensions from identified developers."? All this while actually booting from that external drive and selecting these settings for that particular selected and booted-from external drive.

If Apple had a policy of disallowing 3rd party kexts for people booting off external drives (which for this user's case and mine, are actually signed by Apple for use in previous versions of the OS) then are you saying that someone forgot to tell the person responsible for implementing the method of setting this very switch to enable it in Recovery Mode?

Apple is only concerned about their default configurations which is booting macOS from an internal drive. This is all Apple tests. Just because Apple allows an option for booting from external media, does not indicate Apple fully supports it. Apple does not care about custom configurations which includes bootable external drives or moving a macOS user account to an external drive.....yes it is possible to customize your system in these ways and others, but it is not officially supported by Apple. These forums are full of posts where users encounter issues due to deviating from a default configuration.

It would not surprise me that bootable external media is no longer possible in a few more years. Everything about the Apple computers and macOS show Apple is moving them to be more like glorified iPads. iPads are completely locked down with no significant customization options. I can tell you that Apple' security enclave has major bugs especially when using multiple boot drives (internal or external). Apple is focused on a simple consumer device which conforms to Apple's single minded vision. I expect more & more traditional advanced features will keep getting removed.

Keep in mind Apple is a very secretive company. Apple doesn't like to reveal anything even if everyone else in the world already knows it, Apple still won't confirm it even when it is not a state secret or of any major importance....Apple just loves to keep secrets. Many of the things we know about Apple products & their behaviors comes from the people who are trying to support Macs. At best you may stumble across a forum post here or there with some small details, but you will rarely find these issues fully documented by anyone. If you knew of the things I've encountered while trying to support my organization's thousands of Macs (things I have never seen mentioned anywhere online), you probably would never buy another Apple computer. In fact, I no longer recommend Apple computers to any friends or family because of what I've seen and how I see Apple moving forward with newer products.

My advice to people using Apple products......just stay with the Apple default configurations and do things like Apple wants you to do things as you will have fewer problems (notice I did not say "no problems" because some features are just not well implemented or tested, or even documented). If you like to do advanced customizations like booting from external media, having a home user folder on external media, or other fancy things, then you need to look somewhere beside Apple unless you are prepare to deal with trying to figure out how to fix things when Apple breaks it because Apple will break it at some point. Don't expect people online to be able to help you fix a broken custom configuration because there will only be a small number of people with such customizations.

Apple and Apple products are not what they were 20 years ago, heck not even 10 years ago.

FYI, Apple is not on these forums. We are just other regular users such as yourself volunteering our own personal time to assist others. You can try to escalate the issue internally with Apple if you can open a tech support case with Apple and they decide to escalate it or provide a bug report (the latter requires a developer account and lots of information & details to be provided....not an option for most people....no guarantee Apple will do anything).

You can provide Apple with product feedback here (Apple won't contact you...who knows whether Apple will do anything with the information unless a lot of other people are also reporting the feedback):

Product Feedback - Apple

About the only thing I can think of is that you may need to reduce the Mac's security settings:

Change security settings on the startup disk of a Mac with Apple silicon - Apple Support

I don't think Apple really cares much about external boot drives these days...it wouldn't surprise me if one day they won't be allowed at all. The security enclave on Apple Silicon Macs is a bit more particular than with the 2018+ Intel Macs so it doesn't surprise me there are odd issues with external boot drives.

Since we users cannot fix this, and Apple has been making booting from external drives harder and harder in their quest for ever tighter security, I strongly recommend that you consider a different option.

Nothing forces you to keep everything in the same drive. I would install the system in the internal drive and put larger stuff on the external. You can easily make aliases inside the home folder to folders on the external drive and keep your data organized.

jb5d wrote:

There is an error with Apple's handing of kexts for 3rd party apps when an Apple Silicon Mac is booted from an external disk.

This is by design. Don't try booting from an external disk.

I believe this is causing a lot of turmoil in software/hardware vendor threads where there appears to be no solution and the vendors/developers are unable to resolve some issues.

The solution is not to try booting from an external disk or not to use software that depends on kernel extensions. Kernel extensions are deprecated. If you rely on them, you are committing yourself to using second-hand Macs that can still run your old software. Any companies that rely on sales of software that uses kernel extensions will soon go out of business.

Here is my configuration:

Mac mini M1

2. RME Fireface 800 audio interface

3. 1yr of flawless performance with macOS Monterey and RME M1/M2 drivers (v 3.41 for context).

4. Last week, due to running low on 250GB internal storage, Purchased Samsung 2TB Portable SSD T7 (USB 3.2 Gen2, 10Gbps)

Macs are not upgradeable. Ideally, buy a computer that has enough storage to meet your needs. If life gets in the way and you need more, that's fine. Just plug in some external storage and use it. Do not attempt to boot from it. I don't care what you've heard elsewhere on the internet. Do not attempt to boot from external storage.

I am hoping this can be escalated as a software issue and and prioritized for a fix

Not a chance.

the developer thread did not seem to be going anywhere

The developer forums are a wasteland. Don't bother.

there are comments as recent as this week of users looking for an update from apple.

There will be no update. Everything is working as designed.

Well, that isn't really true. There will definitely be updates. Each update will make external booting more difficult. Each update will deprecate more kernel extensions until they flat-out won't run at all.

Step back and consider what you have. You have a computer that works. It works with your kernel extensions using the internal storage. You are at a precarious juncture. Any update you apply to this computer can put your working configuration at risk. Your setup will fail completely in the future. This is guaranteed. Instead of wasting time trying boot from external storage, look for new software that will run without kernel extensions. Purchase a new computer running the current (or beta) version of the operating system so you can see what's coming and be prepared.

Do not assume that Apple cares about kernel extensions, external booting, your firewire interface, your RME M1/M2 drivers, or anything else you are doing with it. I can assure you they do not.

Same here. This wouldn't be such an issue if the OS allowed stuff like audio plugins to be loaded from external drives.

I have almost 500gb of audio plugins, instruments, sounds that have to be installed in the system drive. Even offering a Mac with just a 250gb startup drive seems silly these days. If there was a way to load these audio plugins externally, there would be no problem. If you could stick an alias of the plugins folder in the home drive's library, it would help tremendously.

mjones524 wrote:

I have almost 500gb of audio plugins, instruments, sounds that have to be installed in the system drive.

Why?

Even offering a Mac with just a 250gb startup drive seems silly these days.

That's fine for some people. Apple makes consumer devices. If you are a professional, with 500gb of audio plugins, then you can afford a 2 TB drive.

Can you show us where this is documented?

If this is true, why is there a boot drive selection tool within the Recovery Mode that then allows you to boot from an external disk, then select "Reduced Security" and under that, "Allow user management of kernel extensions from identified developers."? All this while actually booting from that external drive and selecting these settings for that particular selected and booted-from external drive.

If Apple had a policy of disallowing 3rd party kexts for people booting off external drives (which for this user's case and mine, are actually signed by Apple for use in previous versions of the OS) then are you saying that someone forgot to tell the person responsible for implementing the method of setting this very switch to enable it in Recovery Mode?

I would argue that once you spent that much money on your livelihood's tools of the trade, needing to be spending money to upgrade to another Mac purely because of this issue would be rather insulting as a loyal customer.

Apple has made plenty of money from professionals, me included, and we make up an important part of Apple's business model in spite of what you may believe.

I believe that this is a technical issue that is causing them headaches, because they understand the desire and need for people to create for themselves a larger disk to boot from, owing, ironically, to all the restrictions around security, cloud storage, system files, Library folders, User folders, etc, all needing to be on the boot disk, however they cannot figure out how to protect such a system without installing the Owner Identity Key in the Secure Enclave. The glitch here, seems to be in the process of the transfer of "Ownership" to the external drive.

I'm pretty sure they're going to work this out eventually, quietly. We just need to keep in touch with each other and keep sharing information as it comes to us. One of us is going to either work it out or be there when Apple works it out. It might be as simple as changing the Apple Configuration Utility to allow to do a system "Restore" and be allowed to select the boot disk. At the moment, it defaults to the internal one and there's no way to change it. Doing this would encrypt the external drive, set the Secure Enclave up on that disk, and make it as secure as booting off the internal drive.

I still have faith!

ileradeltercomondo wrote:

Can you show us where this is documented?

I received information in March of 2022 by a developer of encryption software that used a kernel extension I was using on my M1 Macs "that it was not possible to start their software from an external drive, because third-party kernel extensions cannot be loaded on Apple Silicon Macs if macOS is started from an external drive". Furthermore, they said "There is nothing they could do about the issue, it would have to be fixed by Apple (is a known issue within Apple)". The developer filed a feedback report and to date Apple has not resolved the issue. However, the software with the kennel extension loads fine on my Intel Mac. The developer moved on to rewriting their application to use the File Provider API in place of the deprecated kernel extension method they were using.

I also attempting loading another software application using a kernel extension that works on my Intel Mac but fails when loading on my M1 Macs.

I recommend you file your own feedback report. Good luck..

ileradeltercomondo wrote:

I would argue that once you spent that much money on your livelihood's tools of the trade, needing to be spending money to upgrade to another Mac purely because of this issue would be rather insulting as a loyal customer.

Not sure I follow you there. This problem is caused by someone spending money to upgrade to newer Mac. No one needs to do that or is forced to do so. And the entire issue is a catch-22. They are spending money for a fancy new computer with a fancy new operating system, yet they demand that it work exactly like the old one. I don't think there is anyone loyal enough to spend new money on an old computer and use old operating systems.

Apple has made plenty of money from professionals, me included, and we make up an important part of Apple's business model in spite of what you may believe.

Actually you don't. Apple almost went bankrupt relying on Mac customer loyalty. It was only when Apple branched out into other products, and started this relentless yearly cycle of updates that actually started earning money for them. The only thing the keeps the Mac around at this point is Apple's own nostalgia.

I believe that this is a technical issue that is causing them headaches

It's not causing them any headaches at all.

I'm pretty sure they're going to work this out eventually, quietly. We just need to keep in touch with each other and keep sharing information as it comes to us.

Isn't that what I'm doing? Sharing information to help people have a better experience with their Mac? Seasons don't fear the reaper. Nor do the wind, the sun or the rain. We can be like they are.

One of us is going to either work it out or be there when Apple works it out.

You forgot the 3rd option - die waiting for what's never going to happen.

I still have faith!

Faith is for preachers and Auburn fans. Pour le reste, il faut cultiver notre jardin.

FWIW, I wouldn't expect a fix forthcoming for Monterey. Anything is possible of course, however unlikely.

Apple disallows 3rd party kexts to load from external drives for security reasons on Apple Silicon Macs by design.