Apple some time ago announced that Kernel Extensions would be deprecated and this is supposed to be so in macOS 11 aka Big Sur. Indeed one presumes this is the main reason the older Sophos version does not work under Big Sur.
However even Apple's own doc on this subject seems to be confused. See - https://support.apple.com/en-gb/HT211860
The above Apple article seems to suggest it is still possible to manage Kernel Extensions in Big Sur and this in turn implies they should still work. I can confirm KEXT files are still part of a standard Big Sur install e.g. video GPU drivers.
However the above is not the main purpose of my post. It was possible under previous macOS versions to use a variety of methods to determine the TeamID or BundleID of KEXTs so one could pre-trust these via an MDM system e.g. Jamf. I did this in fact for Sophos. This article https://technology.siprep.org/getting-the-team-id-of-kernel-extensions-in-macos-10-13-and-higher/ describes various way to do so. Here are the results for the older Kernel Extension based Sophos i.e. 10.0.1
- 2H5GFH3774|com.sophos.kext.oas|1|Sophos|5
- 2H5GFH3774|com.sophos.nke.swi|1|Sophos|5
- 2H5GFH3774|com.sophos.driver.devctrl|1|Sophos|5
- 2H5GFH3774|com.sophos.kext.sfm|1|Sophos|5
The first column is the TeamID and the second the BundleID.
I have not yet found any similar articles describing how to do this for System Extensions. On the assumption the new version of Sophos will use these instead of the now (allegedly) discontinued Kernel Extensions I will need to do a similar process to pre-trust these so Sophos works properly.
The nearest approach I have found seems to be using the following command line
systemextensionsctl list
As I currently don't have any System Extensions installed yet - including not yet have the new Sophos installed it reports zero entries, I therefore do not yet know what a real entry would look like.
Can anyone else confirm this is the best approach and perhaps provide an example result and what from that one would need to add to Jamf or a similar MDM?
PS. I am aware that Sophos now have an EAP for the new Sophos but I am very disappointed to see that it does not yet officially support M1 Macs. This seems completely back to front. ALL M1 Macs have to run Big Sur (or later) and are now shipping and hence are most immediately affected whereas for Intel Macs one can at least chose not to upgrade them or downgrade them to Catalina.
