Change startup disk security settings on a Mac with Apple silicon
A Mac with Apple silicon uses the sophisticated security features of its signed system volume to protect your Mac against malicious tampering. By default, your Mac uses the highest level of security, called Full Security. Before a legacy system extension (also known as a kernel extension or kext) can be installed on a Mac computer with Apple silicon, the security policy must be changed to Reduced Security.
If an organization-owned Mac is enrolled in mobile device management (MDM), MDM can remotely manage kernel extensions and software updates. This management can be authorized automatically if the serial number of the MDM-managed Mac appears in Apple School Manager or Apple Business Manager. If the serial number of the MDM-managed Mac doesn’t appear in Apple School Manager or Apple Business Manager, the MDM administrator can ask a local administrator to manually change the security policy to Reduced Security to authorize remote management of kernel extensions.
Change the level of security used on your startup disk
On the Mac with Apple silicon, choose Apple menu
Press and hold the power button until you see “Loading startup options.”
Click Options, then click Continue.
If requested, enter the password for an administrator account.
Your Mac opens in Recovery mode.
In macOS Recovery, choose Utilities > Startup Security Utility.
Select the startup disk you want to use to set the security policy.
If the disk is encrypted with FileVault, click Unlock, enter the password, then click Unlock.
Click Security Policy.
Review the following security options:
Full Security: Ensures that only your current OS, or signed operating system software currently trusted by Apple, can run. This mode requires a network connection at software installation time.
Reduced Security: Allows any version of signed operating system software ever trusted by Apple to run.
If necessary, select Reduced Security, enter your administrator user name and password, then do one of the following:
Select the “Allow user management of kernel extensions from identified developers” checkbox to allow installation of software that uses legacy kernel extensions.
Select the “Allow remote management of kernel extensions and automatic software updates” checkbox to authorize remote management of legacy kernel extensions and software updates using an MDM solution.
Click OK.
Restart your Mac for the changes to take effect.
Note: If you’re having difficulty starting up your Mac with Apple silicon, and you believe the problem might be related to installing third-party software, you can try starting up your Mac in safe mode.