Setting up a new (or repurposed) Mac: 8 The problem of updating firmware

One issue in setting up any new or repurposed Mac which tends to get glossed over is ensuring that its EFI and other firmware is up to date. This is a particular problem if you intend using an imaging solution, whereby a boot disk image is copied to its internal storage from a master.

For some years now, Apple has only distributed EFI and other firmware updates bundled within macOS system installers and updaters. This is one of the reasons why macOS updates are so large: each (even the recent 10.14.3 Supplemental Update) now contains a full set of EFI, SMC and other firmware updates, even though the firmware may not have changed for some months.

If you want to set up a new or repurposed Mac which is identical (the same model) to another, and both are running the same firmware versions throughout – and those include EFI, SMC, and SSD controller – then you should still get away with using imaging, so long as the Mac doesn’t have a T2 chip.

If any of that firmware needs to be updated during installation, for example if the new Mac is still running High Sierra, then imaging won’t accomplish the necessary firmware updates; only an Apple system installer with the correct firmware installer within it will achieve that. At best, you’ll be left with a new Mac which is running outdated firmware, which is a good reason for instability. At worst, you may end up with an unbootable mess.

The T2 chip, with its Secure Boot, makes this even worse. Glance back at my visual summary of the boot process, and you’ll see how early the T2 chip initialises in the process. T2 firmware updates are even more reliant on the Apple installer, and their update payloads don’t even appear within its contents.

Although deep imaging can ensure that boot.efi is copied across correctly, it can’t copy the T2’s firmware. Furthermore, if the new Mac is running in Full Security mode, the default when supplied, online signature checks may fail, which could force a reinstall of macOS, which should then bring the required firmware updates.

If you are imaging from an identical model to a new Mac which already has identical firmware throughout its T2 chip, EFI, SMC, and anything else, then you may be able to get away with an imaging solution. If you’re interested in reading about one solution which worked on 2018 Mac minis, then the comments by Haltah to this article outline his method.

As a means of setting up one or two new Macs with T2 chips, imaging is dead and gone.

2Comments

Add yours

1

ToneWilliams on February 11, 2019 at 6:38 pm

This is yet another example of how Apple fails its customers today. Making it yet more difficult to manage the Mac platform does not augment the user experience. Period. Welcome to 1984. Et tu, Apple?

LikeLiked by 1 person
- 2
  
  hoakley on February 11, 2019 at 6:55 pm
  
  Thank you.
  Well, yes and no. Apple has been taking the issue of firmware security extremely seriously. The benefit to the user is that the Mac should now be the most robust platform in defence against firmware malware. As with iOS, Apple should also have a high installed user base running the current release of macOS, which makes it harder again to target the platform with malware, and cuts their costs in providing effective defence.
  Imaging was becoming increasingly unusual anyway. It’s still possible when setting up a lab, etc., in the hands of experts. I’m not sure it was ever really a good idea for others, so the loss isn’t that great really. It is perhaps more psychological?
  Howard.
  
  LikeLike

The Eclectic Light Company

**Setting up a new (or repurposed) Mac:** 8 The problem of updating firmware

Share this:

Like this:

Related