Have you tried going into System Preferences, Security, Advanced (I think it's "advanced", it's at the bottom right of the screen.) There you'll find a list of drivers, or something, that you can enable. I can't be more specific than that since my mac here is under IT control, and the feature is disabled.

I believe those are the instructions for kernel extensions that are "approved" but distributed by third-parties.

Someone here suggested that you could do `csrutil enable --without kext` to load untrusted kernel extension without disabling SIP entirely.

I was in the same boat. I just happened to come across a years-old forum post mentioning the `/var` symlink right before I reinstalled the OS.

Historically I've kept SIP disabled to be able to use Dtrace, which was neutered by it. Sure won't be installing any Google software though...

As rgovostes already pointed out, you could use `csrutil enable --without dtrace` instead.

Interesting, why can't you do that with SIP? (not a Mac user)

From what I understand, Apple removed the ability for TB2. In order to use an eGPU, some system files need to be patched [0].

0. https://github.com/mayankk2308/purge-wrangler

Can't they be patched once, and then re-patched when system updates change make changes to system files?

Could, it's just a hassle.

I'm in a similar boat with a kext that enables unsupported Thunderbolt 3 docks.

Yep. I make some changes that SIP would catch, but I'm mostly comfortable with the boot into Recovery -> run a script -> boot back again. It's not kext stuff, though.

I might have to use PurgeWrangler for an older iMac. Apparently, can keep it mostly enabled, but you need to mind updates and be ready to recover if your modifications are invalidated https://github.com/mayankk2308/purge-wrangler/issues/2#issue...

Presumably the driver is not signed with a kext developer certificate, which means SIP must be disabled for macOS to load it.