The preferred way for accepting 3rd party kernel extensions ("kexts" for short, and sometimes referred to as "system extensions") is to hit the "Allow" button that comes up in the "Security & Privacy" PrefPane, typically during software install. However sometimes this method doesn't work properly, and manual intervention must take place. For HyperFS you need to allow a kext from "Blue Whale Information Technologies"

Manually allowing kexts:

Boot into a recovery OS (hold Cmd+r while booting), open Terminal, and run the appropriate command below


spctl kext-consent add JS776ETM39

For ATTO (both software and drivers):

spctl kext-consent add FC94733TZD


While still in the recovery terminal , you can check that the kext IDs have proper consent to load with:


spctl kext-consent list

Which should give output similar to this:

afx01:~ digital08$ spctl kext-consent list
Allowed Team Identifiers:
afx01:~ digital08$

Alternatively, from a normally-booted system, you can get a list of approved kext IDs at runtime:

sudo sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy

Once withing the sql prompt, run this query:

SELECT * FROM kext_policy;

This will give an ourput similar to this:

sqlite> SELECT * FROM kext_policy;
FC94733TZD|com.attotech.driver.ATTOiSCSI|1|ATTO Technology, Inc.|5
FC94733TZD|com.ATTO.driver.ATTOThunderLinkNC2|1|ATTO Technology, Inc.|5
JS776ETM39||1|Tianjin Zhongke Blue Whale Information Technologies Co., Ltd.|1
JS776ETM39||1|Tianjin Zhongke Blue Whale Information Technologies Co., Ltd.|1
FC94733TZD|com.ATTO.driver.ATTOThunderLinkNC|1|ATTO Technology, Inc.|1

You can now leave the sql prompt with exit or hitting Ctrl+d

Disabling Gatekeeper

This is not a supported method, but can be used for testing purposes. It essentially bring back the "Anywhere" option for which software developers to allow apps to run from:

From a normal macOS terminal (recovery is not needed for this), run this command:

sudo spctl --master-disable

To revert the changes, simple re-enable:

sudo spctl --master-disable