This is because the author didn't delete the entire volume group. You have to delete the whole volume group, i.e. erase the entire drive and it's partitions to reinstall OSX.
This isn't new with the M1 Macs. This has been a thing since they introduced APFS. When they went into disk utility after the cli - Then they could delete everything and kick off the OSX Install.
If the APFS Volume Group still exists the installer will try to unencrypt and work with it. So.. In short, just make sure you delete the volume group. There's a specific button for it. I just did this yesterday on a T2 Mac.
I was kind of shocked at how hard it is to factory reset a MacBook. I had one at work and I had to pass it on and the guide is a multi step process which I messed up the first time and ended up reinstalling with my user account still there. Had to start again which takes hours.
Why does the recovery not just have a button called factory reset which unlinks your apple account, deletes the volume and then sets it all up like new.
While I'm not disagreeing that this should be possible to (easily) factory reset a device, it also shouldn't be possible for just _anyone_ with physical access to completely reset the device either. Easy resets also mean more interesting to steal
Why, though? Physical access to the hardware should prevent you from accessing existing files (encryption at rest) but should not prevent you from resetting/reusing the device.
Does your fridge come with FridgeID? Or a book? Introducing such mechanisms is really hostile to users, especially poorer users of second-hand hardware who have to go through extra (shady) hoops to get a device running just because some rich Silicon Valley start-uppers thought locking hardware down was a feature.
I think the argument that locking down hardware is unfair to thieves is not likely to garner a lot of support. But the larger argument that it's unfair to users should. The majority of whom didn't know they were signing up for a machine that is so theft-proof they can't give it to a grandparent or donate it to a school. I don't think it's unreasonable to say that easily-bricked hardware leads to more sales for Apple (and I hope I don't need to wipe my Mini any time soon...)
> I think the argument that locking down hardware is unfair to thieves
That was not my point. Most times, users of a stolen device are unaware and not complicit in the fact it was stolen in the first place. They usually have acquired it from legitimate second-hand markets.
Who is going to walk a away with my fridge?
How about my car? Many users appreciate having anti-theft protections on their easy to physically-access devices, and very few need to wipe of the owner's account.
It's great that you have a niche use case, but that doesn't make your case the priority over the main use cases.
People would steal your wallet, your jewelry... There's a lot more value to be extracted from a stolen credit card than from a "smart" phone.
> It's great that you have a niche use case, but that doesn't make your case the priority over the main use cases.
You're taking it the other way around. The common use case for first-world software developers is the niche use case for the rest of the world. In the rest of the world (i.e. the vast majority), who can't afford buying new luxury devices, people are more concerned with getting locked out after forgetting their password (or after their kids changed it) or about acquiring a second-hand device, than about "protecting" their device from thieves.
Because this "protection" doesn't protect anything. Once your iPhone is stolen, it's gone. No iCloud lock is going to bring it back, so why prevent other, less-privileged folks from using it when you can't use it? That type of "mine or noone else's" capitalist mentality is actively harming users and destroying the environment
Think of it as a 'fuck you' to the thief and whoever might get the brick.
Maybe you get that, otherwise you can be bitter all you want about the inequality and how stealing will resolve that.
More practically, I want to remove the financial incentive from stealing my phone. I want a thief to see it and think "why bother, I can't get anything for it".
From what i can see, it does not seem to work. Here in western Europe in the big cities many people buy locked phones second hand and the vendor explicitly says you have to get it unlocked, which is a service provided by many phone shops (somewhat under the table).
These locked iPhones sold for 50-200€ are acquired by users who will turn to their tech friends/neighbors to get it unlocked. When these tell them they can't help with that (no package in Debian for that yet), they end up spending 20-50€ in a shop to get it unlocked anyway, financing a very shady market.
Quote from the article that sparked the discussion:
> To do this, they phish the phone’s original owners, or scam employees at Apple Stores, which have the ability to override iCloud locks. Thieves, coders, and hackers participate in an underground industry designed to remove a user’s iCloud account from a phone so that they can then be resold.
At the end of the day, if the thief doesn't get the phone unlocked themselves, they will sell the phone for half (or less) the price they would have sold it unlocked, but they're still making a buck.
You make the argument against locking devices (which I agree with) for reasons related to that not deterring theft - which has a point.
Thieves will not profile a person using a premium locked phone against stealing it because it might not be worth it. They don't care about that. They will take whatever they can if only for practicing their skills.
Locking phones does not deter theft but unlocking them will offset the price of unlocking from the phone-shop to the thief increasing the profitability of theft.
I personally don't care about Apple, their phones, their M1's and their ecosystem. But acting out your premise leads to a place I don't like. And others as well. And if you think you can buy a cheaper premium phone if it is unlocked, ask yourself why thieves would continue to sell you cheaper if they know they give you a usable device?
> Once your iPhone is stolen, it's gone. No iCloud lock is going to bring it back, so why prevent other, less-privileged folks from using it when you can't use it?
Because I would like to inflict damage back. Stealing from me cause damage. I do not believe thieves should get a free pass on causing me damages just because they are less privileged.
Ideally, a small amount of C4 and a "remote explode" taking a few fingers off the thief would be a proper deterrent, as well as a good use of Sharia law.
> For Apple, there is a different set of axioms and some people seem to agree with them.
I don't think this is true for all Apple products though, or at least that was not the case in the past. To my knowledge, setting up a free OS on a second-hand Macbook has never been a problem.
However, you are correct Apple is trying to impose new axioms with the iPhones: unique app market (taking controversial posture, such as forbidding alternative browser engines), iCloud lock, non-interoperable hardware (eg. power socket)...
we used to say there's no security if you have physical access... any measure to protect physical access vulnerabilities is bound to cause annoyances and limit freedom of what you can do with your own devices sooner or later
This was a response to a comment about a potential feature as described:
"Why does the recovery not just have a button called factory reset which unlinks your apple account, deletes the volume and then sets it all up like new."
So yes, it currently does not work like that. But such a feature would allow Macbooks to be easily stolen and reused by others.
Yep, just like it does on iPhones - where Apple has a button for this and it’s really easy. I’m sure a lot more iPhones get stolen than laptops every year, and I doubt the factory reset button behind its password prompt makes that any worse.
The weird thing is that when my partner turned in an old Mac mini to Apple for recycling they wouldn’t do it because her account was still on there and there was a system password.
But we couldn’t figure out what they were talking about, we had reinstalled the OS. It’s embeded in there somewhere deep.
What's wrong with using stolen hardware? I mean we could argue stealing is wrong, in which case we'd have to take a look at why people are stealing and from whom (partitioning of wealth) so we can find solutions.
If we're not looking at the root of the problem, then we're just complicating legitimate use cases. Preventing theft is only the official argument, but it doesn't stand any form of scrutiny: as long as there's inequality (i.e. incentives to expropriate people who have too much, to serve people who have too little) there will be theft.
The truth behind iCloud lock is Apple has been involved in mafia-style dealings with national mobile phone operators (which involved promises/contracts to sell millions of units), inundating the market with operator-sponsored iPhones, and they really don't want a second-hand market at all because they are a luxury brand.
Most victims of crime are also socially disadvantaged, so enough with the Robin Hood crap. Theft is also strongly associated with violence, intimidation and mental stress on the victims. Promoting or justifying crimes in your comments here is reckless and irresponsible.
If someone wants to sell a device second hand it's pretty easy to voluntarily wipe your device. Apple devices have very long lives, receive software updates for much longer than competing devices and keep their second hand value very well and so make excellent and very economical second hand devices. Contrary to your claims of Apple not wanting a second hand market, they support the device wiping process and even have a trade in program that channels refurbished iPhones to 3rd world countries.
If you really do care about the environment and supply chain ethics, you'll also be happy to know Apple get the highest score of any of the big tech companies from Greenpeace. In fact the only tech company at all that beats them is Fairphone, but since they get only 2 years of updates I think Greenpeace doesn't sufficiently take into account device longevity.
> Most victims of crime are also socially disadvantaged
True in most cases, but not when it comes to owning a recent iPhone. Millions of people struggle for eating decently, and most of these folks are certainly not spending >500€ on a phone.
What may not have been clear in my original comment is most users who have a stolen device don't have knowledge of it, and are not complicit in it. So why do they have to be the ones paying the price?
> If someone wants to sell a device second hand it's pretty easy to voluntarily wipe your device.
In my experience, it's not uncommon that neighbors seek support because a relative offered them their old phone willingly but are far away and unable to remember their password over the phone. Sometimes, it's a phone/account they had not used in years. I've encountered this situation at least twice in the past year, and i'm not even working in a computer/phone shop.
> Fairphone, but since they get only 2 years of updates I think Greenpeace doesn't sufficiently take into account device longevity
Fairphone only supports updates for 2 years, but there's a growing ecosystems of distros targeting the Fairphones (LineageOS, /e/, PostmarketOS), while Apple have been condemned for pushing updates that made iPhones slower (to encourage them buying new ones).
> So why do they have to be the ones paying the price?
What price?
The original price of the device? Because we all do.
Or the price of having to buy a different machine than the $200 MacBook from the shady person online which came without the original box, warranty or charger? For the same reason, and also because they're stupid.
The price of having to pay a shady black market of "icloud unlocker" (usually through legit phone stores) to unlock of phone they have already paid for in good faith.
> the $200 MacBook from the shady person online
It's not just an online thing, and the person doesn't have to be shady (they're usually just a middleperson who have little clue). You can find questionable hardware in most open markets and second-hand shops.
> without the original box, warranty or charger?
Most second-hand hardware i purchase from legit sources comes with at least two of those missing (when not three) out of three.
> also because they're stupid.
I agree it's stupid to purchase a device you have no idea how to access/use/unlock. But i strongly disagree that good-faith people, who genuinely paid for an Apple device (after being advertised into thinking they need one), should suffer because of a lack of judgement on their part.
There’s no way to slice out crime against owners of a ‘recent iPhone’ as being acceptable, crime doesn’t work like that. There’s no way you can know when buying a stolen phone who it was taken from but disproportionately they come form people who can least afford to lose them.
There are over a billion iOS devices active right now, are all of those people rich exploiters who deserve to have their phones stolen? What your saying isn’t anti-capitalist, it’s advocating disproportionate oppression of the most vulnerable in society and you should be thoroughly ashamed of yourself.
How dare you come here, advocate crime and criticise owners of devices with the highest recyclability, lowest ecological impact and longest device lifetimes in the industry on moral grounds.
I’m sure your perfectly aware of what the purpose of those software updates were, to extend device lifetimes when batteries start to fail, but you’re perfectly prepared to betray your ecological ideals which should be in favour of this in order to score points. It’s absolutely disgraceful. These arguments might work against people unaware of the facts, but you’re not going to get away with this disingenuous claptrap here.
Why downvote? Please argue with facts. Although i understand defending vendor lock-in, ecological damage, and forced sales is a hard sell... All the more when trying to protect from criticism a corporation making billions on the backs of exploited children in mines & factories.
> The truth behind iCloud lock is Apple has been involved in mafia-style dealings with national mobile phone operators (which involved promises/contracts to sell millions of units), inundating the market with operator-sponsored iPhones, and they really don't want a second-hand market at all because they are a luxury brand.
- forcing the operator to buy a minimum amount of devices over 3 years
- preventing the operator from defining target prices
- forcing the operator to give funds to a marketing agency affiliated to Apple
- forcing the operator to finance the marketing of iPhones in store, mandating a minimal marketing budget
- enabling Apple to use the trademarks of the operator, but not the other way around
- imposes strict conditions for device orders, but lifts any responsibility on Apple's side
- forces the operator to financially support device repairs
- gives Apple the right to break said contract, without respecting legal delays
- enables Apple to use patents from the operator
Some of this was covered on public television by "Cash Investigation", so that was quite a public outcry. But this is only for France, and i'm assuming such mafia-like practices are common in other countries, as they are common in different branches of industry (not just IT, where well-known example include Microsoft and Intel).
About the consequences for the environment and (lack of) recycling of electronic waste:
About Apple not wanting a second hand market, i obviously meant a second hand market they do not control. They do have certified programs for second hard hardware. Sorry if that was not clear.
I hope i've provided enough evidence of the facts i was presenting. Please let me know if that's not the case.
See, you keep saying "second-hand market" when you're really referring to stolen devices.
For legitimate second-hand sales, Apple even has a page on their website to explain how to check for activation lock before buying a phone, and how to disable it before it's sold or given away: https://support.apple.com/en-us/HT201365
So just stop with your crap. You believe you're some kind of Robinhood or whatever, and want to be able to steal shit without consequence. Guess what, the vast majority of people don't want their shit stolen and are happy that Apple makes your "job" harder.
> See, you keep saying "second-hand market" when you're really referring to stolen devices.
No, i'm refering to the actual second-hand market, eg. second-hand stores and open markets, where a lot of less-privileged folks do their shopping anyway. In there, stolen hardware represents a tiny minority of the tons of devices, but it's still a reality.
Even hardware donated in good faith is sometimes locked. Sometimes, it's possible to find the original owner and have them unlock their device. Sometimes, this person who gave away an old phone to a local association, a "ressourcerie" or sold it for a very low price to a second-hand shop cannot be found again.
Sometimes, you find them but they have forgotten the code to a device they haven't used in years. When it's not an iPhone (think laptop), we just setup a new OS and the device is good to go for another few years. When it's an iPhone, we're left with a brick.
> So just stop with your crap. (...) Apple makes your "job" harder.
This kind of personal attack is not okay. You are assuming things that are entirely untrue based on my political opinions ("property is theft"). I do not sell anything, and i certainly do not steal iPhones, whether for money or for fun. i am a free-software person and i have avoided apple for years because of the reasons we are discussing in this thread. No economic incentives in it for me, i'm just criticizing Apple for being user-hostile, in a way that particularly affect the poorest people who rely on second-hand devices because they can't afford brand new ones.
Like iPhones, new Macs are linked to an account and you can’t activate a new installation without access to the account. This is a pretty strong theft deterrent.
Of course this only works if you need access to the account to break this link.
I strongly disagree with your opinion. For economic reason, i'm using (and supporting many users from my neighborhood of) second-hand hardware. Some systems like Apple's make our life incredibly difficult and most times people will just have to pay a shady phone store to have the device they purchased unlocked, adding 20-30€ to the bill.
It's important to note that most people are incredibly gullible when it comes to technology, and they won't hesitate to buy a second-hand iPhone (whether stolen or not) for a few bucks assuming they'll be able to use it, because that's what a phone does, only to find themselves trapped in iCloud lock.
Locking devices does not protect users (contrary to encrypting the local storage), and does not deter anyone from stealing. It simply adds one layer of mafia to deal with (iCloud unlock shady companies) when you're just trying to find a second-hand phone.
"Similar to New York City, San Francisco also provides evidence that mobile device theft prevention technologies work. In 2009, Apple smartphones constituted the vast majority (69%) of smartphones stolen in San Francisco robberies; in the six months after Apple made Activation Lock available, iPhone robberies in San Francisco declined 38%."
This statement appears to be false, which I guess is the entire point.
People absolutely should be able to sell a device second hand, so perhaps re-authentication should be easier and more obvious, but making stolen equipment harder to sell is a net win.
You are not making any sense by saying it does not deter anyone from stealing. Sooner or later everyone will know that buying stolen Apple hardware is meaningless, and without a market to sell into, thiefs will be less interested in stealing it.
There actually is a way to do this easily, and it only seems to work if you have FileVault enabled.
Boot into recovery, when it asks for a password say youve forgotten it, you don't have a key, and click the resulting "Erase Mac" button. This will erase the drive properly removing the partitions, iirc.
Yeah, that's the right way to do it. You can do it without FileVault enabled, too. Enter `resetpassword` in Terminal, and the Erase Mac option is in the menu bar.
I'll grant that this is poorly documented and not intuitive in the least. A secure erase and reinstall is a common task. It shouldn't require an obscure menu bar option or the use of Terminal.
If you are reading this and you want to truly restore the internal drive to factory original state minus wear and you have a Macbook that is able to boot a Linux from USB:
If you have nvme storage use blkdiscard to wipe it:
Adding on to this: blkdiscard should work fine for SATA or NVMe drives, if you just want to make the drive blank. SATA drives technically have the option of ignoring TRIM commands, but I'm not sure it was ever actually common for them to do so.
Suspending and waking a PC to unlock a drive can be necessary for SATA or NVMe drives. SATA drives also give you the alternative of hot-swapping the drive, but that's not practical for consumer NVMe drives or consumer host systems.
I've found the process is fast if you have a good internet connection to download macOS again. Otherwise, that's where it seems a lot of the time goes.
They obviously want people to buy a new one (and disposing of their current one) instead of doing a factory reset. If it is increasingly harder to do, this means that eventually factory reset will not be possible and you won't even be allowed to sell "your" mac when you want to switch or upgrade.
Finally sold our old 12" MacBooks on eBay earlier this year and had to format them all. Made the same mistake with the first one, total nightmare. Once I realized the issue the other 2 were a breeze. Seems like a super obvious place to have a big warning message!
To be honest I’m not 100% sure if the ‘sign out of iCloud’ also removes activation lock, but I do think so. They also refer to the steps in the Activation Lock article:
I deleted the entire volume if I remember correctly. But even I made a mistake, there should be a warning. I used to HFS FS were there aren’t the volumes so it could have been my error but Apple should put a warning!
Not the entire drive, just the entire OS volume group (containing multiple volumes), which is one GPT partition. There are 3 volume groups (partitions), two of them are hidden by the main listings in diskutil (but still exist). If you mess those up, the only way to recover is Apple Configurator 2.
> This is because the author didn't delete the entire volume group.
Similarly you can get your disks in a state where the Windows installer can’t make heads or tails of it, so you need to just write zeros over the boot sector before Windows can install.
I bricked my first TouchBar MacBook the day I received it, trying to do a factory reset as my company's security policies demanded. Not sure exactly how I triggered that state. Thankfully Apple took it back as a return.
It should not be possible to brick a device by pushing the wrong button. I was shocked that this wasn't caught by anyone at Apple before release.
Adding another comment since the edit window on my sibling reply has elapsed. To be clear, I'm an IT professional who knows how to restore a device from boot media. I once managed a university computer lab, and wrote the linux-based image management software for 2000+ campus computers. I've written my own hobby operating, including the boot an initialization process.
I thought any problem encountered reinstalling an OS is something I could handle. But that was not the case. Near as I could tell when I followed up with Apple after the incident, the boot process involved the security chip reading some data off the drive and validating it before handing off control. If that data (which is on the Apple reserved partition) was wiped, the firmware would not boot. And since the security chip was configured to not boot from media (the default state, IIRC), it was effectively bricked.
So the very first generation of TouchBar MacBooks would not boot into recovery mode if you wipe the drive, nor would they boot any kind of recovery media. It's a state that required shipping to Apple for refurbishment to fix. It's my understanding that this was fixed in later models, perhaps even as a result of my incident.
No that’s not what I mean. I bricked the device. I’m not saying I wiped the hard disk and just can’t boot. I’m saying I put the machine in a state where it would NEVER AGAIN boot. Completely unrecoverable.
I still can't access recovery mode because I had the same issue in attempt to setup proper Full-Disk-Encryption (no, you can't do that on M1 and need to use special encrypt user instead).
Recovery know I have OS installed, but because it's not installed the same way it no longer able to find credentials for authentification. And yeah I don't have second Macbook to properly factory reset it.
Along the way I stuck into 3 huge bugs and experience was terrible. Fortunatelly Apple support page actually show how to bypass it's bugs with command line magic which is easy for me as Linux nerd.
You even have to go through "Erase Mac" twice in process. It's only work if you reboot it properly after each time which is not mentioned on support page. Such a mess.
Big Sur appears to have introduced several new security features that complicate this process. I attempted a wipe on my 2019 16" Intel MBP to upgrade to Big Sur.... and after this, it required you to do something like sign in with a user to disable startup security, because it would not trust its own official Big Sur installer due to signatures maybe.
I think the reasoning is that it's to prevent a stolen laptop from being stolen, wiped and resold without the owner allowing it through their credentials.
I remember a poster on HN saying that after some exploit for the T2 security chip came out, they were making money from being paid by thieves to use the exploit to wipe the devices.
Of course they said they don't ask any questions which as we all know is an iron clad defence lol
Wanted to clarify that this wasn't the Apple ID activation lock screen. This was asking for my regular user password for an account that had been deleted from the system. Activation Lock only runs when the system is doing the first use setup.
Same, or similar behaviors with the 2020 Intel MBP. I ended up having to format the drive as an exFAT drive and then reformat again as APFS to get it to reinstall it was a real pain in the ass.
M1 Macs are not like Intel macs, Apple have done a dismal job of documenting them, and their "for users" tooling is still buggy and broken because the launch was clearly rushed.
Here is what you need to know to actually understand these things:
The SSD has 3 partitions. Each partition is an APFS container. Each container contains multiple APFS volumes.
Your OS, and everything you care about, is on the second partition/container.
The first partition contains boot configurations. The third partition contains the One True Recovery OS (1TR), which includes the Boot Picker menu (that thing you get when you hold down the power button). These partitions form part of system firmware, think of them as part of UEFI/BIOS. Do not touch these. If you mess up those volumes, the only way to recover the machine is via Apple Configurator 2 from another Mac (DFU mode).
Disk Utility, the GUI, is broken sometimes. If something doesn't work properly there, ditch it and use the command line.
Both Disk Utility, the GUI, and diskutil, the CLI, will hide the first and last APFS containers from you to stop you from shooting yourself in the foot. They're still there, just hidden from the main listing. You can get info for them. Be careful with that.
To do OS reinstalls, you want to be in 1TR. This is not the macOS recovery. Hold down the power button and pick Startup Options from there. Then you can use diskutil (preferably the command line version). You should delete the whole APFS container (disk0s2 usually) corresponding to your install, which will contain multiple volumes. Re-create it as APFS. That will create a container with one volume. You can then install to it and the macOS installer will create all the other volumes.
Additionally, the SEP data is stored separately from the OS (in one of the volumes of the first container). To wipe that, after wiping the partition and before reinstalling, run `xartutil --erase-all`. I've never tried that myself, and I suspect it's not really required because a reinstall should start with a fresh store, but it's probably a good idea to try if you have authentication/user-related issues after reinstalling.
There is also OS recovery, which is the recovery instance that comes with an OS install. It looks exactly the same as 1TR, but it's not the same, and this is highly confusing. For any serious digging around, you want to be in 1TR. Booting holding down the power button will get you there, usually; after a failed macOS boot I've seen it go into regular recovery anyway. To be absolutely sure, boot into 1TR (holding down power, then startup options), then do a clean shutdown, and boot again the same way.
> Additionally, the SEP data is stored separately from the OS (in one of the volumes of the first container). To wipe that, after wiping the partition and before reinstalling, run `xartutil --erase-all`.
I believe the "Erase Mac" function in Recovery Assistant also erases the SEP data, based on the output of `xartutil --list` before and after. If I'm correct about that, going through Recovery Assistant should be the recommended way to fully erase an M1 Mac (short of a DFU restore through Apple Configurator which also restores firmware).
On T2 Macs, `xartutil --erase-all` would wipe all SEP data, including the encryption keys used for the drive. In other words, it was the equivalent of a secure erase and was my recommended way to fully erase a Mac before resale. I suspect Recovery Assistant is just doing the equivalent of `xartutil --erase-all`, but I haven't tried `xartutil --erase-all` on an M1 because I'm afraid to brick the machine to the point of needing a DFU restore, and I don't have another Mac at hand to run Apple Configurator with right now.
I think the best bet, security-wise, if you really want to do a full/complete/total OS format/reinstall, is to boot external media, force zeroize all of disk0 (including 1TR), and use DFU mode to restore the .ipsw using Apple Configurator.
This is, of course, way more of a pain in the ass, and requires another computer, and internet access, but hopefully has the added benefit of leaving very little (really, the smallest amount practically possible without disassembly/extreme measures) persistent state on the machine from before the reinstall.
By the way, how do you get into OS recovery (not 1TR)? `man bputil` does allude to a distinction between the two, as you mention:
> Boot environment requirements: software-launched macOS Recovery or 1TR.
The only way I know of to get to any recovery mode is by holding down the power button, which the man page says is 1TR (though I know you mention seeing that boot into regular recovery anyway).
Apple released a new platform security guide today. [1] According to that, there is a "fallback recovery OS" that can be accessed if you "[f]rom a shutdown state, double-press and hold the power button." I wonder if this one works if you zero the disk.
It also answers my question about the distinction between OS recovery and 1TR:
> Note: Apple uses the term One True recoveryOS (1TR) to indicate a boot into the primary recoveryOS which is achieved using a physical power button press. This is different from a normal recoveryOS boot, which can be achieved using NVRAM or which may happen when errors occur on startup. The physical button press increases trust that the boot environment isn’t reachable by a software-only attacker who has broken into macOS.
I recently encountered something similar on my M1 air when i tried to erase it (if you got a new m1 air don't do it it's not really necessary). So turns out, with I believe Catalina, APFS has a system partition and a data partition on an m1 mac. one is read only with SIP on. I don't know how exactly APFS stores snapshots but the read only is for snapshots + macos updates sort of like iOS. If you erase the mac (btw there is an erase mac option like in iOS in recovery if you don't know decryption key so manually doing it is unnecessary) then your mac will basically clean your drive and reinstall macOS to the latest version. Now once you do that the read only partition is basically a dynamic container and remaining software is in the partition called untitled. This is similar but here the partition scheme messes up a little. You can delete local snapshots if you use time machine to free up space but the system snapshots (not the back up ones this is something different to protect system integrity) stay. If you really want to erase an M1 mac do it using the configurator which btw people have claimed has bugs so maybe wait. But otherwise this is going to be like iOS so you can just keep using your mac with delta updates because your system partition is going to be read only with snapshots for any failed updates called macos - System while all your data will be in macos - data. This 'erasing / formatting' a computer is reminiscent of Windows experience. It's just easier to clean everything and start again. But ideally it shouldn't be needed for Apple silicon macs (once macos bugs are sorted ofcourse).
The best way to zeroize (as much as can be done closed-case without dedicated research) an M1 mac is the following, as far as I can tell:
* boot external USB installer media
* run `diskutil zeroDisk force /dev/disk0`
* run `nvram -c`
* power system off
* system will now fail to boot anything, including external media, because it has no firmware available
* put system in DFU mode [1]
* plug in USB-C cable to the correct port (only one usb-c port can be used for this purpose) and connect to another mac running Apple Configurator 2 (which, sadly, is only available via the App Store, so requires an Apple ID, and also requires internet access to activate the attached M1 device)
* Restore IPSW such as [2] (note that this is for 11.2.0 and is no longer current as of a week or two ago)
This is the best way to get an M1 back into as close to a "factory" state as possible. Unfortunately, it requires an Apple ID (to use the App Store), so you have to dox yourself to Apple (email and working phone number, at the minimum) to get the Apple Configurator 2 app. (If anyone knows how to copy an App Store app from one mac to another, freshly installed mac, and have it work without logging in, please email me.)
PS: If you're looking to go even deeper, following the zeroDisk you might wish to create a 100% blank/empty hfs volume on the disk0, and then "repair" it, which will TRIM the free space (99%+ of the disk) at the disk controller level as well. This may or may not have the same effect as writing all zeroes. You'll likely have to use `diskutil` to do this, as Disk Utility is mostly garbage.
You didn't delete all the partitions, then. If you actually delete all the partitions on an M1 Air, it will not only not boot, it won't boot any external media either, as the firmware is missing. The machine then has to be put into DFU mode and restored from .ipsw via USB, like an iPad or iPhone.
The OOBE install contains apps you might not want or need (Garageband, iMovie, Pages/Numbers/Keynote). If you have one of the smaller SSDs, saving gigabytes of space on the first two might be interesting for you.
That "bricks" your Mac, and you have to do a DFU restore with Apple Configurator 2 to recover from it.
The SSD on these Macs contains system firmware, including the boot picker and recovery mode. Do not wipe the entire top-level block device. They cannot boot from external media, by design.
M1 Macs are not PCs, and you shouldn't blindly apply whatever you think you know from the PC world. Their low-level design is much closer to an embedded device like a Raspberry Pi, minus the SD card slot. https://github.com/AsahiLinux/docs/wiki/M1-vs.-PC-Boot
It's hard to truly brick these things (you need to wipe NOR flash for that, and even then Apple can fix it without taking them apart, but you can't, because if you wipe NOR flash calibration data is gone and it has to go back through part of the manufacturing test process), but wiping the entire SSD isn't going to help you. If you start messing at that level, you'd better be prepared with another Mac and Apple Configurator 2 to get a proper clean start.
Their low-level design is much closer to an embedded device like a Raspberry Pi, minus the SD card slot.
...or like a iPhone.
From that article you linked:
Some PC motherboards implement a similar feature as part of a separate chip, which can flash the UEFI firmware from a USB stick without actually turning on the motherboard normally, but this is only common in higher-end stand alone motherboards.
That might be referring to boot-block recovery, and I haven't seen any with a "separate chip" besides the dual-BIOS type; it's in the same flash (just a normally write-protected part) as the rest of the BIOS. The older ones will look for a flashable ROM image on the first floppy drive, but I'm not surprised if the newer ones will do it with USB instead.
How would boot block recovery work without a CPU installed at all?
Because modern bios flashback does indeed read from the USB and write to one of the bios chips without even the CPU in place. Obviously there is some form of micro-controller performing this.
On intel, I suppose it would be possible for the management engine CPU in the chipset to do this, but I doubt intel lets motherboard makers run custom code on that, so if it is not some standardized feature, it could not be that. On AMD Ryzen, I'm not aware of a CPU in the chipset.
This all makes me think there is some other microcontroller somewhere that controls the bios flashback process, which would almost certainly be an extra chip.
> This all makes me think there is some other microcontroller somewhere that controls the bios flashback process, which would almost certainly be an extra chip.
I believe they just have some sort of extra microcontroller wired to a USB port and the SPI flash chip that stores the BIOS, probably with some sort of switch to ensure the host can't touch the SPI flash when the external microcontroller is attempting to flash it.
That's scary. Back on my old PowerBook, I saw it as an advantage that OpenFirmware could boot from external devices in the most straightforward way, and could act in target disk mode, and so did Apple. Hearing of all these troubles, I'm genuinely concerned with using MacOS today because of these unknown unknowns. What's the threat that this Apple bossing is supposed to shield against that couldn't be achieved by mere disk encryption?
You do realise if you get this wrong, you can't simply 'replace' the SSD on an Apple Silicon based Mac? You'll likely brick the device if the recovery partition is also wiped in the process.
For years, Intel Macs have been able to net boot to install the OS onto an empty drive. Did Apple ditch that functionality or move it from the firmware to a recovery partition with the M1 Macs?
From what I can tell, Internet Recovery (which downloaded a recovery OS) is gone and replaced by 1TR which is stored on a hidden flash partition. 1TR is capable of downloading the OS and installing it, so in a way it can be considered the replacement for Internet Recovery.
While architecturally simpler (and probably more secure by allowing the network stack to be removed from the low-level boot infrastructure?), the disadvantage is that you can mess up the 1TR partition. If you do, the only way to recover the machine is to do a DFU restore from another Mac via Apple Configurator. That's not terribly convenient if you don't have another Mac around. (An Apple Store can DFU restore for you, but last I checked Apple Stores are appointment-only due to COVID and it's almost impossible to get an appointment there these days.)
This option is horrendously inefficient on most modern drives. For many SSDs, issuing a secure erase request is an almost instantaneous process as it only requires the drive to generate a replacement encryption key, and need not even entail bulk writing or erasing physical flash pages
Writing 1 GB of zeros is also almost instantaneous. Even though it's overkill, writing 1 GB is hardly worth worrying about. Though I'd recommend also wiping the backup GPT at the end of the drive.
It is still bad advice, zero filling an SSD is not nearly the same as erasing it due to the presence of large (up to 10% or more of the drive) overprovisioning areas present in all devices, ignoring the permanent wear zero-filling the drive also causes, and the fact the controller believes real data remains stored, placing restrictions on its ability to perform internal maintenance
It's fine advice. The wear of writing 1GB of zeros can and should be ignored. It's insignificant. And the drive's spare area is only relevant if you're trying to thoroughly wipe sensitive information from a device before disposing of it. But right now we're just trying to make a device appear functionally empty so that we can re-install an OS without remnants of any previous installation getting in the way. This does not require the (sometimes dubious) security assurances of a secure erase command.
> But right now we're just trying to make a device appear functionally empty so that we can re-install an OS without remnants of any previous installation getting in the way
The only portable, reliable, robust way to accomplish this is wiping the drive. If the original author had issued a secure erase, they would not have encountered any subsequent difficulties, all of which were due to partially erasing the device.
> The only portable, reliable, robust way to accomplish this
That's setting the bar too high. If we're comfortable with solutions that will work on all mainstream PC platforms including Macs, then it is sufficient to overwrite partition tables with zeros. I have never heard of an OS installer that scans for deleted partitions, and worrying about the possibility of such a thing causing problems is unreasonable.
GPT along with most filesystems store a bunch of stuff at random places around the disk, for many filesystems it's even configurable.
The most usual problem with your approach is recreating a set of partition tables exactly matching the old tables, while failing to wipe out a filesystem signature buried halfway into the disk. One reboot later, and magic header bytes start to be recognized as valid filesystems by whatever OS installer or BIOS utility you happen to be using. Even worse if you're been taking some hacky shotgun approach to blowing holes in the drive by zeroing out random sectors that belong to one of those recognized filesystems.
So once again,
> The only portable, reliable, robust way to accomplish this is wiping the drive
> GPT along with most filesystems store a bunch of stuff at random places around the disk, for many filesystems it's even configurable.
This is not remotely accurate. GPT is at the beginning of the disk, with a backup copy at the end of the disk. Wiping the GPT makes the layout of filesystem structures within partitions completely irrelevant. Wiping the primary GPT at the beginning of the disk is usually (possibly always) sufficient to make an OS installer believe the disk to be empty. The backup GPT at the end of the disk is something I've only seen used by manual partitioning tools that are more powerful and complex than the automatic partitioning tools that are part of OS installers.
> The most usual problem with your approach is recreating a set of partition tables exactly matching the old tables, while failing to wipe out a filesystem signature buried halfway into the disk. One reboot later, and magic header bytes start to be recognized as valid filesystems by whatever OS installer or BIOS utility you happen to be using.
Rebooting and re-detecting everything between partitioning and mkfs is not part of any ordinary OS installation procedure. Do you have any evidence that this failure mode can actually occur in practice with real shipping operating systems?
Remember, for the purposes of this hypothetical, we have to assume that at least one of the user or the OS installler is actually trying to make the process work. You can't assume that they're both trying to interfere with the process and are both going out of their way to cause problems.
At least Ext4 repeats the complete superblock at the beginning of every block group, so yes, it is not only remotely accurate, but entirely accurate. In the case of GPT, Linux requires explicit command line options to enable alternative GPT use, but do you know this is true for all systems in existence and all versions of Linux?
> Rebooting and re-detecting everything between partitioning and mkfs is not part of any ordinary OS installation procedure
Yes, I've personally bumped into this on desktop and unattended server installs - numerous times.
But you're externalizing the onus to prove cases where some hacky approach won't ever break when there is a vastly simpler way to avoid this entire class of problem. This is exactly the reverse of sound logic -- I'm offering you concrete real world examples of why you should avoid the hack and you're simply ignoring them
At this point I'm considering this not only to be offering up worst-practice advice, but actively trolling. Possibly the worst case of "a little knowledge is dangerous" I've seen recently. Regards
> Yes, I've personally bumped into this on desktop and unattended server installs - numerous times.
Name and shame, please. Because your spurious complaints about SSD write endurance haven't exactly established your credibility, and you do otherwise seem to be postulating that non-standard nonsensical actions will somehow insert themselves into the process under discussion.
> I'm offering you concrete real world examples of why you should avoid the hack and you're simply ignoring them
No, you're not offering any concrete real-world examples. You're offering hypothetical examples of how a malicious user might be able to trip up a non-specific hypothetical automated OS installer.
> At this point I'm considering this not only to be offering up worst-practice advice, but actively trolling. Possibly the worst case of "a little knowledge is dangerous" I've seen recently. Regards
You are the one who called something "bad advice" but three comments later have yet to prove that it could ever fail in practice. I'm not trolling, and I'm not saying that a dd to the first 1GB of a drive is the best way to clean a drive. I'm just taking exception to your unfounded claims about what "could" go wrong.
Look, I get that you don't like the advice to overwrite the first 1GB of a drive, probably because it strikes you as inelegant and suboptimal. But you've done a horrible job of identifying any real problems with that method, and it's certainly simpler and more reliable than the procedures in the blog post that didn't work. And your proposed "portable, reliable, robust" method is by any measure less portable, and not available at all on macOS.
As long as you don't shoot yourself in the foot by touching other NVMe namespaces (and even that should be recoverable) and the SPI flash onboard, things can be restorable through DFU.
While it would make a lot of sense for Apple to use NVMe namespaces in this manner, it appears from information posted elsewhere in this thread by marcan_42 that Apple is not doing so, and is just using regular GPT partitions within a single NVMe namespace to store the stuff that isn't on the motherboard's NOR flash.
I can tell you that devices with Apple CPUs _do_ have multiple NVMe namespaces.
The recovery OS and 1TR are not data needed to be saved permanently (as in serial number and such, without which you cannot restore the device), you can recover them through DFU.
Data critical for being able to restore is in the SPI flash. (and it's assumed that some of it might be in other NVMe namespaces too)
I agree that disk management of M1 Macs is poorly documented, but the author's issue appears to stem from:
> Nope, this don’t work as I suspected… so, let’s check online, Apple suggests a long procedure and a short by typing “resetpassword” in terminal, that was a chance but since it founds no users, there’s no passwords to reset.
"resetpassword" opens Recovery Assistant. Recovery Assistant is primarily intended to provide a "forgot password" flow, which is why it wants to identify a user. However, in the app menu bar, there is an option called "Erase Mac." That is how you do a full secure erase of an M1 Mac. It will work without any user, and even without any OS install at all. (I have tested this myself by erasing a machine multiple times without reinstalling the OS.)
I also have lots of issues with reinstalling broken Big Sur. The installer apparently needs to phone home to Apple to get permission to reinstall the OS, and this fails. When this doesn't fail, it doesn't get permission to write to nvram, so the OS reverts itself to previous version after reboot.
I like Macs having iPad-like performance, but I don't like the boot process is so locked down that it reminds me this computer belongs to Apple, not me.
Interesting. These are all the issues I will avoid from early adopters when I eventually get a newer Apple Silicon based Mac computer.
I have no time to go through the thorns and landmines over incompatible systems or buggy system software tools from Apple as described by the blog post.
Again, I will wait until the software on Apple Silicon is mature and the developer ecosystem catches up to it which by then I'll be getting an M2 or M3 based Mac.
This seems to be a good strategy with Apple's OS updates too. Most of my colleagues who updated to Big Sur have encountered problems so I'm keeping the strategy of "current minus one", and plan to update to Sur when the next one is out.
Not sure what happened with this guy but I was able to erase my brand new M1 Mac 5 times. My Mac had issues with the recovery process and wasn’t transferring all the files.
I was able to fully erase and install OS X from recovery 5 times. My biggest issue was time machine. I opened a support ticket and they took a bunch of logs.
The one area with these M1 Macs that seems barely even half cooked is how they treat their disks. Does anyone know if this due to hardware limitations in the M1 architecture, or are the restrictions in the firmware level? I'm wondering if this is even fixable by Apple in later updates.
I suspect is due to a security choice from Apple, a firmware upgrade should fix it, or at least put a warning or doesn’t allow you to erase the whole SSD if you can’t install macOS after.
You can't wipe actual physical volume on M1 without some command line magic and even then I not sure it's gonna work. Recovery disk utility say it's will wipe it, but it do nothing and Erase Mac option is the same: all it do is erase user data.
I got stuck with almost the same issue even though I'm system administrator and programmer with decade of experience. I can't imagine how all this mess should feel for average Mac or Windows user.
You absolutely can wipe the main APFS container on M1, from 1TR mode (the recovery menu that you get by holding down power). That will wipe the OS along with user data. Unless you have something broken in system firmware at that point, it's a clean start.
This works from the GUI Disk Utility too, usually, though that tool is flaky sometimes. It definitely works from the command line.
The thing it doesn't look like we are actually erasing the device but a volume group inside it. I say that because there seems to be a protected partition that contains the OS installer. I could be wrong tho but I've reinstalled at least 2 systems like that.
You are erasing the container (as in one APFS container of multiple volumes) that contains the OS and data and everything else that is what, on a PC, you would consider "the whole drive" for fresh-install purposes. On an M1, that is only one GPT partition, but that doesn't really matter. The point is that that (plus perhaps clearing xART data) will fix pretty much any "normal" issues you have in the machine, equivalent to a fresh reinstall with full data wipe. The filesystem data structures are independent at the volume group level, so this will also fix any filesystem issues you might have (it would be very rare to have FS problems in the other two system APFS volume groups, as they are very rarely written to, and even more rarely have metadata/complex changes).
Compare: this is like wiping boot, system, data, and vendor on an Android phone. You wipe the whole OS and user data. You do not wipe the bootloader and other partitions (because if you did, you'd brick the phone). This is as much of a "factory reset" as almost anyone will ever need.
If you really want to wipe the whole drive, you need Apple Configurator 2 and another Mac to re-install, as the machine is then unable to boot in anything except DFU mode if you wipe the system containers. Unlike Android phones though, this is supported by Apple, so you can't in fact brick these Macs like that - just be aware that this option does (currently) require another Mac to do the re-install.
Reminds me of the endless reinstalls I had to do of windows back in the 2000s and the anxiety of it all working again once it was back running. So glad that isn't necessary anymore.
With windows 98? So many reasons. Driver issues, viruses, just not starting and you aren’t sure why. Crashing and you aren’t sure why. Blue screen of death and you aren’t sure why.
I genuinely still have my 25 digit windows 98 license key memorised from having to reinstall it so many times.
Back then it was mainly driver issues - you could also boot safe mode and see it trying to load many various versions of a driver - usually the graphics driver.
You could fix it by hand or you could do a fresh install - which would also wipe out any errant startup programs, etc.
Windows and macOS are both very reluctant to tell the user what's actually happening on their disk. They both insist on abstractions that hide the reality of how partitions and filesystems are arranged behind the scenes. Sometimes that's a useful simplification, but sooner or later hiding that information from the user always leads to the OS lying about whether a device or filesystem is truly empty.
MacOS upgrades are often heavily breaking stuff. So developers will have to release new versions of their software fixing various bugs or be compliant with some new demand from MacOS for running. This often also leads to the new versions not being compatible with older OS versions or at least not being maintained. So as a user you're often forced to upgrade the OS if you want to use the newest versions of various software.
Every MacOS update is a minefield. We have a dedicated Slack channel at work where people discuss if they dare to upgrade yet, and share which software now is breaking on their computers, warning others to wait.
Thanks. It is webP support in Safari that interests me (well, my friend...).
So this arrived in September 2020. What I want to know is if normal Apple users, i.e. not programmers, whether they can benefit from webP images yet, when using the default Safari browser.
I have no idea in this pandemic about basic things.
It's optional as long as your version of macOS is supported by the apps you're using, which is usually somewhere around five years. You can then still continue to use the old version, you just won't be able to update the apps / install new ones which require the new OS version from the App Store.
The easiest way to reinstall <strike>iOS Big Sur</strike>macOS on M1 Macs is to treat them as what they really are, glorified iOS devices, and DFU restore the operating system from another Mac with Apple Configurator or similar tools (macOS is downloaded as an .ipsw file and deployed on the M1 Mac). Works like a charm and is quite fast and guaranteed (barring bootrom/physical hacks) to ensure the device is not running non-Apple software.
P.S. T2 Macs are actually the most difficult to restore to the latest OS sometimes. The installer is anal about asking local password, booting from external USB, etc. and you might end up having to go through internet restore once and then upgrade the OS. M1 is actually an improvement and simplification from clean OS install perspective.
If an issue takes less than 5 different attempts to resolve and under 1-2 hours to fix, that can't really be called painful, merely annoying. Especially when it's only a one-time problem.
If your bar is "I want to do X, let's start by reading the Arch Wiki", then sure.
If your bar is "It just works", then for me at least, if it takes me more than 1 minute I'd describe it as painful. My mother would describe anything that's not immediately obvious as painful.
This isn't new with the M1 Macs. This has been a thing since they introduced APFS. When they went into disk utility after the cli - Then they could delete everything and kick off the OSX Install.
If the APFS Volume Group still exists the installer will try to unencrypt and work with it. So.. In short, just make sure you delete the volume group. There's a specific button for it. I just did this yesterday on a T2 Mac.