TROUBLESHOOTING: Video card not seen - kext not loaded

In some case, if a video card is not seen even though it seems to be working fine and drivers are installed, a possible cause of the issue is that a system extension is blocked by the macOS (starting with macOS High Sierra 10.13).

 

What is this security?

This means that when you install your AJA, Blackmagic-Design or Deltacast drivers for the first time on a macOS 10.13 or later, you should have seen a warning saying:

page11image3996036320

 

When you see this warning, do NOT click on OK, but click on "Open Security Preferences", it will open the following window:

HighSierra_kext_requestApproval.png

Click on "Allow". That's it, you should be good to use your AJA or Blackmagic-Design device.

Note that you may have to enter an admin password to allow the kernel extension to load.

 

What have I missed - why don't I see the card?

The problem is that this warning window (the one saying "System Extension Blocked") will be shown only once the first time you install, and you won't be able to use the card until you have "allowed" the extension to run.

The approval is done in "System Preferences > Security & Privacy > General". See the following screenshot:

Security_Privacy_SoftwareBlocked.png

 

This message in the System Preference pane is also displayed only 30 minutes. So in case you did not see the warning message, and it has been more than 30 minutes and you don't see it in system preferences pane, check the troubleshooting below.

 

 

 

TROUBLESHOOTING

Make sure it is an extension not loaded issue

The first thing would be to confirm that the issue is indeed an issue with the extension not loading, and not an issue with the card itself or with a cable, PCI slot, or something else.

But it is not that easy. You can check in Terminal with a command line that will ask the macOS to load the kext.

For example AJA:

~ admin$ sudo kextutil /Library/Extensions/AJANTV2.kext 

For Blackmagic-Design it will be:

~ admin$ sudo kextutil /Library/Extensions/BlackmagicIO.kext

For the Deltacast cards it will be:

 ~ admin$ sudo kextutil /System/Library/Extensions/DELTA-hd.kext

 

It will ask for the admin password and if the extension can not be loaded it will return something like this:

Kext rejected due to system policy: <OSKext 0x7fb95472b540 [0x7fff97b7e5b0]> { URL = "file:///Library/StagedExtensions/Library/Extensions/AJANTV2.kext/", ID = "com.aja.iokit.ntv2" }
Kext rejected due to system policy: <OSKext 0x7fb95472b540 [0x7fff97b7e5b0]> { URL = "file:///Library/StagedExtensions/Library/Extensions/AJANTV2.kext/", ID = "com.aja.iokit.ntv2" }
Diagnostics for /Library/Extensions/AJANTV2.kext:

 

Get the macOS to show you the message

So if you think it's the extension not loaded issue, the thing is now to get the macOS to show you the message again. First, try this:

  • make sure that the card is connected to the Mac (the extension only loads if a card is connected)
  • then reboot the computer
  • check if the message is shown in "System Preferences > Security & Privacy > General"

If the message is not displayed, try to do the terminal requests below (with kextutil), this will force the extension to load.

And if still you can't see the card, try to

  • run the driver uninstaller (from AJA or Blackmagic-Design),
  • delete the preferences of the card (in ~/Library/Preferences/ , search for the files starting with com.AJA or com.Blackmagic)
  • once you  sure the drivers are properly uninstalled, restart the computer,
  • reinstall the drivers.

 

You are controlling the computer remotely and can not click

For security reasons again, if you are controlling the computer with a screen sharing service (VNC, Screen Sharing, TeamViewer, etc...), you won't be able to click on the "Allow" button. This can also happen if the mouse or trackpad are emulated by a 3rd party application  such as MagicPrefs, BetterTouchTool, Synergy, etc.

There are 2 solutions:

  • (Recommended but not always possible). Have a user that has a physical access to the Mac to click on the button.
  • A workaround (not sure it will always work), that is a bit tricky is to run an AppleScript which would do the click: tell application "System Events" to click at {890, 460}

 

Even more advanced. 

Disclaimer: the following info is for experienced admin users and Softron can not be liable to any consequences of the modifications done.

There is also a way to allow the kext to load. But that's even more complicated, and do this only if none of the above solution worked for you, it's only at last resort. 

 

Get the TeamID of the kext

First you need to get the TeamID of the Kext you want to allow to run. To do that, first make sure that you have installed the driver of the card you want to run, then start the application "Terminal" and type:

sudo sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy

enter your admin password, and it should now show this:

SQLite version 3.24.0 2018-06-04 14:10:15
Enter ".help" for usage hints.
sqlite>

Now type:

SELECT * FROM kext_policy;

It should now return the list of kext that are installed. If you have installed drivers for the AJA cards, it should show something like this (probably a bit more):

KernelExtensions_TeamID.png

The first characters (before the "|")show you the TeamID of the kernel extension. 

 

Allow kext to load in recovery mode

Now that you have the TeamID of the kernel extension:

  • restart your Mac in recovery mode (hold the keys cmd+R when restarting your Mac)
  • When the computer has restarted, go to the menu "Utilities" and select "Terminal"IMG_1648.jpeg
  • Then in Terminal, type the following (just replace TEAMID with the characters of the Kext's TeamID):
  • /usr/sbin/spctl kext-consent add TEAMID
  • Then use carriage return, and then type "reboot" to restart the computer

 

 

New in macOS 10.14.5 and later

As you can read in the macOS 10.14.5 release notes, "Kernel extensions signed after April 7, 2019 must be notarized in order to load on macOS 10.14.5."

If the kernel was signed after April 7, 2019, but not notarized it will not load on macOS 10.14.15. This warning will show up:

MovieRecorder_SystemExtensionBlocked.png

The only solutions in that case are:

  • Revert to a macOS version prior to 10.14.5
  • Downgrade the drivers to one released before April 7, 2019
  • Upgrade the drivers to a version that has been properly notarized

 

 

A few more info

If the drivers were installed before an upgrade to High Sierra then there won't be any issue. But if they are installed afterwards, the user will need to approve them. 

 

What is a "Kext"?

"A kernel extension (or kext) is a dynamically loaded bundle of executable code that runs in kernel space. You can create a kext to perform low-level tasks that cannot be performed in user space."

So this is what the video cards manufacturers use for their drivers. If their driver is not loaded, it means that the card can not be seen...

You can read more about kext on Apple's website

 

What is "User-Approved Kernel Extension Loading" ?

"To improve security on the Mac, user consent is required to load kernel extensions installed with or after installing macOS High Sierra or later. Any user can approve a kernel extension, even if they don’t have administrator privileges."

 

More links

More info on this can be found here: https://developer.apple.com/library/content/technotes/tn2459/_index.html

Disclaimer: Some of the text here comes from the following document: https://www.apple.com/business/resources/docs/macOS_Security_Overview.pdf

Have more questions? Submit a request

Comments