Skip to content

Glossary

kext

A kernel extension bundle. Mach-O binary + plist + dependencies, loaded into the kernel address space to extend it at runtime. Being phased out in favor of DriverKit.

A kext (kernel extension) is a bundle the kernel can load on demand to add functionality — typically a driver, occasionally a filesystem or a network filter. Each kext contains:

  • A Mach-O binary with one or more IOService subclasses (or a generic kernel module's _start / _stop).
  • An Info.plist with one or more personalities — dictionaries IOKit matches against new hardware.
  • A list of link dependencies on other kexts.
apple-oss-distributions/xnuiokit/Kernel/IOService.cppIOService — the base class kexts subclass for hardware support.View on GitHub(line )

At install time kmutil (formerly kextcache) merges installed kext plists into the prelinked kernel image so the boot loader has a single artifact. At runtime, when a personality matches incoming hardware, the kernel walks the kext's dependencies, links it into the kernel address space, and instantiates the class.

Since macOS 10.15, Apple has been steadily reducing the kext surface — every API that can be moved to userland has been moved to DriverKit, where the same IOKit object model is preserved but the driver process is user-mode and isolated. The vast majority of third-party kexts can no longer be installed without explicit user approval and a security-policy change.

See also: IOKit.