This article covers the issues related to the installation of our kernel/system extensions in 10:13 and above. It covers what is needed to manually 'Allow' these extensions to be installed and some of the issues that you can encounter in the troubleshooting section. Please review both sections.
In November 2020 Apple officially released Big Sur and ARM (M1) processors and semi-enforced the use of system extensions in these systems instead of kernel extensions as used by the driver at that time.
These 'codeless' extensions are used by the driver to defined the USB devices supported by the installed driver and require access to the device. In theory this should prevent any other driver handling the device, leaving it free for UPDD to process.
To conform to the requirement to use system extensions, UPDD version 6.0.698 and above all V7 realeses utilise a new system extension in macOS 10.15 and above.
Due to security considerations, since macOS 10.13, users must manually 'Allow' these extensions to be installed, and will be advised they are 'Blocked' until enabled.
Further, macOS 14 has added an additional step prior to issuing the Blocked dialog when installing over a previous installation:
| macos 13 and above |
macOS 10.13 - 12.x |
 |
 |
You should select 'Open Security Preferences' to manually allow the system extension to load.
If installing on top of an existing UPDD installation the above prompts may not be shown because the system extension was previously allowed. However, this does not always allow our driver access to the USB device and you may also see the notification 'Failed to connect to USB device'. In this instance, uninstall the software, reboot and reinstall until the above prompt is shown.
The driver is able to determine if the system extension has been allowed (activated) and if not will issue a notification thus;
If this is issued, please take the following steps:
- Reboot the system
- Allow the system extension as shown here:
| macOS 10.13-12.x |
macOS 13 and above |
 |
|
If touch still does not work, see Troubleshooting section below.
Please do not confuse this system extension approval with the 'Allow' requirement in the General section of the Privacy and Security dialog!
If touch still does not work, try uninstalling and reinstalling the software.
Troubleshooting
The issues that occur with system extensions are:
- You do not 'Allow' our kernel to load
- You do 'Allow' the extension to load, but we still report it's not been Allowed
- You do 'Allow' but an error occurs
- You confuse 'Allow'ing the software to load with the Accessibility settings in Privacy and Security dialog
- MDM configuration prevents system extensions being installed
When issues occur and touch is not working we will ask you to run UPDD Diagnostics.
Part of the diagnostics requests the status of our System Extension and this is captured in the System Extension load log file. You can view this inside the diagnostics .zip file.
'Allow' has not been performed
If it has not been Allowed the log file will show:
2021-06-09 13:04:56 +0000 - UPDD System Extension application has started
2021-06-09 13:04:56 +0000 - Activating DriverKit extension...
2021-06-09 13:04:56 +0000 - ...submitted activation request
2021-06-09 13:04:56 +0000 - Request needs user approval...
Once allowed, it will show the following entry:
2021-10-10 15:54:36 +0000 - UPDD System Extension application has started debug01
2021-10-10 15:54:36 +0000 - Activating DriverKit extension...
2021-10-10 15:54:36 +0000 - ...submitted activation request
2021-10-10 15:54:36 +0000 - Request successfully completed with result: 0
'Allow' has been performed
A number of users have report that they have allowed the extension to load such that the Allow option is no longer seen and yet the System Extension load log file reports that it is still '.... needs user approval (as above)
We have no idea why this should be the case and thus far our only advice is to reboot and /or uninstall UPDD (Utilities/UPDD Uninstall), reboot and try again. In most cases this seems to resolve the issue albeit one user reported it needed 30 reboots!
'Allowed' but error occurs:
In this situation the log file often shows the System Extension Header text
2021-10-10 15:51:59 +0000 - ----------------------------------------------------
2021-10-10 15:51:59 +0000 - UPDD System Extension application has started
2021-10-10 15:51:59 +0000 - Activating DriverKit extension...
2021-10-10 15:51:59 +0000 - ...submitted activation request
normally followed by (1, 10 and 13 error codes)
2021-10-10 15:51:59 +0000 - Indicating to system that it should replace existing System Extension...
2021-10-10 15:51:59 +0000 - Request failed with error code: 1
2021-10-10 15:51:59 +0000 - An error occurred: The operation couldn’t be completed. (OSSystemExtensionErrorDomain error 1.)
or
2023-09-21 10:44:23 +0000 - Indicating to system that it should replace existing System Extension...
2023-09-21 10:44:23 +0000 - Request successfully completed with result: 1
In the above situation a reboot will be required to allow the system extension to load
or
2022-03-22 20:33:52.473 UPDD System Extension[1642:19421] Request failed with error code: 10
2022-03-22 20:33:52.476 UPDD System Extension[1642:19421] An error occurred: The operation couldn’t be completed. (OSSystemExtensionErrorDomain error 10.)
Indicates the installation is "forbidden by system policy" such that Mobile Device Management software has been installed with a profile that explicitly disallows the installation of an unknown system extension.
You need to add the system extension to the approved list.
or
2021-10-10 15:52:00 +0000 - Request failed with error code: 13
Indicates that "authorization required" and is issued when the user cancels the authorization dialog that appears when deactivating the kext.
Users that encounter this issue always manage to get the extension to successfully load at some point!
MDM configuration considerations
Mobile Device Management (MDM) is a technology commonly used to administer end-user computing devices and under macOS can be used to restrict the acceptance of system extensions.
The UPDD installer application contains a standard pkg with the filename UPDD.pkg normally required by the management system. The .pkg file can be accessed by right-clicking the app, picking "Show Package Contents", and then opening Contents / Resources.
When a system policy blocks the loading of a system extension we see the following error in the UPDD Diagnostics log and also when manually trying to activate the extension, as per this example:
dhb75@DD142 ~ % /Applications/Utilities/UPDD\ System\ Extension.app/Contents/MacOS/UPDD\ System\ Extension activate
2022-03-22 20:33:52.418 UPDD System Extension[1642:19421] UPDD System Extension application has started
2022-03-22 20:33:52.419 UPDD System Extension[1642:19421] Activating DriverKit extension...
2022-03-22 20:33:52.421 UPDD System Extension[1642:19421] ...submitted activation request
2022-03-22 20:33:52.473 UPDD System Extension[1642:19421] Request failed with error code: 10
2022-03-22 20:33:52.476 UPDD System Extension[1642:19421] An error occurred: The operation couldn’t be completed. (OSSystemExtensionErrorDomain error 10.)
You may also see this notification if a MDM profile exists that disallows user approvals:
An error code that indicates the system policy prohibits activating the system extension.
The unified log output also confirms the loading of the extension has been denied:
2021-01-04 13:23:59.863 Df sysextd[231:b19c7] Extension with teamID teamID("<redacted>"), identifier <redacted> is not in the list of allowed extensions.
2021-01-04 13:23:59.863 Df sysextd[231:b19c7] Activation decision for extension with teamID teamID("<redacted>"), identifier <redacted> is Deny
Adding UPDD System Extension to the approved list
In the MDM system extension configuration you can specify that the UPDD System Extension is approved
Team Identifier: U86H28HG4S
Bundle Identifier: com.touch-base.updd-system-extension-dext
Please also note that when using remote management you need to give Accessibility permission to updd.app, UPDD Commander, and UPDD Annotate to control the computer.
The bundle IDs you need to grant accessibility permission to are:
com.touch-base.updd
com.touch-base.upddannotate
com.touch-base.upddcommander
If you want use Smart Magnifier you need to give UPDD Commander permission in Screen Recording.
System Extension Commands
Once the extension has been given permission to load, there are commands that can be run to activate and deactivated the extension:
To manually activate the system extension, execute the following command in a terminal window:
/Applications/Utilities/UPDD\ System\ Extension.app/Contents/MacOS/UPDD\ System\ Extension activate
To manually deactivate the system extension: execute the following command in a terminal window:
/Applications/Utilities/UPDD\ System\ Extension.app/Contents/MacOS/UPDD\ System\ Extension deactivate
To see a list of all system extensions that have been activated (or are still waiting to be fully deactivated):
systemextensionsctl list
A brief note on terminal commands....there are two ways of dealing with spaces in file names and paths: either put the entire path in quotes, or precede every space with a backslash as above.
Error codes (as extracted from Apple's code)
Error codes meaning:
OSSystemExtensionErrorUnknown = 1,
OSSystemExtensionErrorMissingEntitlement = 2,
OSSystemExtensionErrorUnsupportedParentBundleLocation = 3,
OSSystemExtensionErrorExtensionNotFound = 4,
OSSystemExtensionErrorExtensionMissingIdentifier = 5,
OSSystemExtensionErrorDuplicateExtensionIdentifer = 6,
OSSystemExtensionErrorUnknownExtensionCategory = 7,
OSSystemExtensionErrorCodeSignatureInvalid = 8,
OSSystemExtensionErrorValidationFailed = 9,
OSSystemExtensionErrorForbiddenBySystemPolicy = 10,
OSSystemExtensionErrorRequestCanceled = 11,
OSSystemExtensionErrorRequestSuperseded = 12,
OSSystemExtensionErrorAuthorizationRequired = 13,
More details regarding the above codes here.
Resetting the Dext database
If all fails you could try resetting the dext database via the command 'systemextensionsctl reset' with system integrity protection disabled may resolve the issue.
The following sequence should reset the dext database. We are not aware of any issues with resetting the dext database but this procedure is undertaken at your own risk.
1. Start up from macOS Recovery
Determine whether you're using a Mac with Apple Silicon, then follow the appropriate steps:
Apple Silicon - Turn on your Mac and continue to press and hold the power button until you see the startup options window. Click the gear icon labelled Options, then click Continue.
Intel processor -Make sure that your Mac has a connection to the internet.
Then turn on your Mac and immediately press and hold Command (⌘)-R until you see an Apple logo or other image
If you're asked to select a user you know the password for, select the user, click Next, then enter their administrator password.
2. In recovery mode, pick the menu Utilities > Terminal
3. In the terminal window, enter the following:
csrutil disable
4. Reboot the system
5. Once rebooted, open Terminal and execute the following command:
systemextensionsctl reset
6. Enter your admin password when prompted
7. Reboot the system back into recovery mode
8. In recovery mode, once again pick the menu Utilities > Terminal
9. In the terminal window, enter the following:
csrutil enable
10. Reboot normally
Apple has claimed that at some point it will not be necessary to disable system integrity protection to do this (which is what "csrutil disable" does), which will make this process a lot easier!