MacOS High Sierra KEXT Loading - Are there any ways to cancel user approval?

Question

As some kinds of MacOS developers know, Apple implemented Secure Kernel Extension Loading .

Users can approve third party KEXT by clicking Approve

Answer 1

The information about approvals is stored in sqlite3 database:

/var/db/SystemPolicyConfiguration/KextPolicy

The tables you're interested in are: kext_policy and kext_load_history_v3. E.g. here is how you can view the data and the table schema:

sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy

sqlite> select * from kext_policy;
54GTJ2AU36|com.joshuawise.kexts.HoRNDIS|1|Joshua Wise|1

sqlite> .schema kext_policy
CREATE TABLE kext_policy ( team_id TEXT, bundle_id TEXT, allowed BOOLEAN, developer_name TEXT, flags INTEGER, PRIMARY KEY (team_id, bundle_id) );

Removing the approval is tricker, since the System Integrity Protection does not allow you to modify the database. So, you'd need to reboot into a recovery partition, or a different MacOS installation, then cd into the root of your volume, and run the commands like these (replace with your team_id, or use other criteria):

usr/bin/sqlite3 var/db/SystemPolicyConfiguration/KextPolicy
delete from kext_load_history_v3 where team_id='54GTJ2AU36';
delete from kext_policy where team_id='54GTJ2AU36';
.quit