Last week’s debacle with macOS Mojave, High Sierra and Sierra updates seems to have resulted from a problem with the T2 chip firmware update. So how come this caused Apple to pull both the Security Updates, even for Macs which don’t have a T2 (or T1) chip?

Before Apple shipped Macs with T1/T2 chips, all EFI and other firmware updates were embedded in the update installer. When you installed an update using softwareupdate or the App Store, what arrived on your Mac was all that was required. This enabled Apple to release standalone installer packages which did exactly the same thing. If your Mac wasn’t connected to the Internet, it was easy to copy across a standalone installer, run that, and any firmware updates would be applied automatically without any need for additional downloads.

This changed with T1/T2 models. Rather than bundling their T1/T2 firmware updates in the standalone installer, those are delivered in a separate package. If your Mac has a T1 or T2 chip and you run a ‘standalone installer’ which needs to update their firmware, during the install the firmware update is downloaded from the update server and installed as part of the update. If your Mac can’t connect to an update server during the update, then that whole update should fail.

In theory, at least, if the problems in Security Update 2019-004 were confined to its T1/T2 firmware update, Apple could have left those two updates available for models which didn’t have T1/T2 chips. However, with a standalone installer intended for general use, this would require changing its scripts to stop it from being installed on models with T1/T2 chips. There may also have been changes required in the update itself, so Apple’s best option was to pull the whole installer until those issues were addressed.

This becomes more complex because you can also run a Software Update Server locally, as most system administrators do. That server maintains a copy of those updates which would normally be delivered direct from Apple’s servers, including T1 and T2 firmware updates. When a Mac on that network is to be updated, instead of fetching the T1/T2 firmware update from Apple’s servers, it’s obtained from the local server.

To prevent the broken T1/T2 firmware updates from still being served to local Macs, Apple pulled the affected firmware update from its servers, and that change was reflected across the many thousands of local mirrors. This was what we – and I here acknowledge the information provided by Al Varnell and Mr. Macintosh – saw earlier this week. Apple had pulled both the standalone installers for the Security Updates and one of the T2 firmware updaters.

Penalties for failed firmware updates for T2 chips are pretty serious too. At best you require another recent Mac for recovery, and at worst you have to take or send your Mac to a service provider for some hairy software surgery. Updating a T2 isn’t a trivial process.

Usually in such situations, someone from Apple talks to one of the commercial publications, and ‘leaks’ what Apple wants users to know. In this case, there was just silence, and normally informative sites didn’t even seem to notice what was going on. There has, though, been good coverage on the independent Macintouch site, and of course by Mr. Macintosh. But all we can do is study what users report, and watch what Apple pulls and pushes.

Some users point out that this is all made more complex by the use of T2 chips, which is of course true. But the onus is on Apple to ensure that when it releases firmware updates they won’t cause this sort of problem. Apple has been doing quite well recently, but this time has compounded our problems by remaining completely uncommunicative. The result will surely be that future updates won’t be adopted as promptly or enthusiastically, which is damaging to both Apple and its customers.

When all your hardware runs Apple firmware and software, losing confidence in their updates is a serious blow. With Catalina coming in just a couple of months, it couldn’t have happened at a worse time either.