As with all things, new versions of software causes bugs. Or, it reveals them. Either way, if you have found yourself unable to unlock your Mac with your Apple Watch after upgrading to WatchOS 7, here’s how to fix it:

1. Open Keychain Access. It’s located in your Applications folder, in the Utilities folder inside of it. From the View menu, click Show Invisible Items.
2. Once there, search for “Auto Unlock”. If you’re like me, you’re going to see about 50-60 keys. Delete them all.
3. Now, search for “AutoUnlock”, and you’re going to find four references. Delete all of these, as well.
4. Go back to the Finder, and from the Go menu, select Go to Folder… (or press Command-Shift-G) and enter this file path: ~/Library/Sharing/AutoUnlock
5. You will see two .plist files there, delete them both.
6. Go back to System Preferences > Security & Privacy > General Tab. Check the box to unlock your Mac with your Watch. When prompted, enter your password. It’s going to fail, and that is expected in this case.
7. Repeat step 6. This time it will work.

Once again, you can unlock your Mac with your watch. Ta-da!

Many thanks to Alex Narvey of Precursor in Winnipeg for the problem exercise, and LongZheng from the MacRumors forums for identifying the solution initially.

What Apple is doing here is using the iCloud Keychain to provide key-based access to your workstation using custom invisible keys that are paired between Watch and Mac, and then verifying that Watch is close enough to the Mac to reasonably unlock it, using time-of-flight Wi-Fi signal checking. This process resets all of the parts of that system to default. The initial attempt to turn it on rebuilds the scaffold entries and keys that are required to be used by the system, and then the second attempt to turn it on uses those now-rebuilt keys and plists to do the job.