Apple recently introduced a new security feature in Mac OS High Sierra for 'User Approved Kernel Extension Loading'.
"...a new feature that requires user approval before loading newly-installed third-party kernel extensions (KEXTs). When a request is made to load a KEXT that the user has not yet approved, the load request is denied. Apps or installers that treat a KEXT load failure as a hard error will need to be changed to handle this new case."
Does this mean developers can sign kexts with their own developer certificates, and no longer need specific Apple approved certificates to ship kexts to users?
Heard back from Apple that this does not change the kext code signing process, you still need certificates from them to sign your kext.