hoakley April 13, 2021 Macs, Technology

Are external boot disks a thing of the past?

With changing Mac hardware, the use and value of external boot disks is changing. This article is a short overview of what’s happening, and its consequences.

All-Intel Macs

Before the arrival of Macs with T1 or T2 chips, each model stored its entire firmware in chips on the logic board, and bootable systems were wherever the user wanted them. Whatever happened to that Mac’s internal storage, all you needed to boot that Mac was a functioning logic board, and a bootable disk either connected to that logic board or accessible via a supported bus.

The snag with this is that it also works well with hijacked and stolen Macs. Even with a fully-encrypted internal boot disk, it’s all too easy for a third-party to make off with your Mac, boot it from an external disk, and wipe its internal disk. One defence against that is the Firmware (or EFI, or hardware) Password, although that apparently can be bypassed.

The benefit, as many Mac users are aware, is that the user can replace their internal storage in the event of its failure, indeed they can leave a non-functioning internal disk in place and continue booting from an external disk. The only ‘soft’ failure which could prevent booting was corruption of the firmware, which Apple addressed by making firmware ‘self-healing’. Bricking a Mac was almost impossible.

Intel-T2 Macs

When Apple added first a T1 then a T2 chip to Intel Macs it changed the boot process. In addition to a firmware password, the T2 chip can enforce Secure Boot and External Boot policies. The first is concerned with validation of the operating system to be used to boot that Mac, and the second determines whether that Mac can boot from external disks.

A T2 Mac is therefore dependent on firmware stored on the logic board, Secure Boot and External Boot policies, and the appropriate boot disk. When a T2 Mac is configured to be unable to boot from an external disk, which is the default, no matter how much you might try to cajole it, the only way to enable it to do so is to boot into Recovery Mode and change its security settings.

Coupled with encryption of internal storage, this effectively prevents a thief or intruder from being able to boot that Mac. The penalty is that any hard failure of the T2 chip or internal storage can only be fixed by replacement of the whole logic board. This initially also applied to ‘soft’ failure of the T2 chip, which some users discovered bricked a Mac, although that has been largely addressed by improvements in Configurator to tackle T2 firmware problems. The value of the external boot disk declined markedly with T2 chips.

M1 Macs

Although M1 Macs do away with the External Boot policy of the T2 chip, and give the impression that they can boot entirely from an external bootable disk, that’s actually an illusion. They’re even more dependent on their internal storage than T2 Macs.

What has confused users is that they think they can erase the internal storage while leaving their Mac still bootable from an external disk. In fact, Disk Utility should prevent that from happening, and all that is being erased is the macOS boot container on the internal SSD, leaving two other containers untouched. If those containers are also erased, and the whole internal SSD reformatted, the only way to recover that M1 Mac is to put it into DFU mode and perform a Restore using Apple Configurator 2.

Although this might appear more threatening than the failure modes of T2 Macs, in practice M1 Macs should prove more resilient, and more easily recoverable. The most common ‘soft’ mode of failure is damage to the macOS boot container on the internal SSD, which can be recovered in 1 True Recovery, which runs from a separate container. Far less common are soft failure of either of the other two containers, which can be addressed in DFU mode by any user with a second Mac and Internet access. Hard failure of the internal SSD should be exceptionally rare.

As far as external bootable disks are concerned, M1 Macs are more permissive than Intel models with a T2 chip, but what they permit is more restricted: there can be nothing equivalent to Boot Camp, for example. The official way to support other operating systems such as Linux and Windows is within virtualisation, as has been developed by Parallels. Those run within the M1’s security environment, with 1 True Recovery and all the features of the special containers on the internal SSD. Booting into a ‘native’ Linux is a far greater challenge, and the aim of the team developing Asahi Linux.

For most users, external boot disks provide M1 Macs with an operating system layered on what’s installed on their internal SSD. That’s very different from Intel Macs before the T2 chip.

17Comments

Add yours

1

EcleX on April 13, 2021 at 6:58 am

Thanks. As said in the previous article, I hope that Apple allows bootable disks on APFS, including backups made with utilities like SuperDuper and Carbon Copy Cloner. As said, that is important for many reasons. For instance, to boot desktop Macs with large screens from an external disk at both work and home (or whenever in the world) carrying just the external bootable disk, for troubleshooting booting from external disks, to backup such disks as bootable disks, etc. That is also possible with other OS like Windows or Linux.

LikeLiked by 1 person
- 2
  
  hoakley on April 13, 2021 at 7:07 am
  
  Thank you.
  There’s no indication that should change. I think the problems in making an external bootable disk are due to the engineering challenges rather than any policy on Apple’s part.
  However, it’s important to realise that what an external bootable disk does now is considerably more limited than in the past, which is the whole point of this article. You could almost consider that it presents a system ‘flavour’ rather than a complete new system less the firmware.
  Howard.
  
  LikeLiked by 1 person
  - 3
    
    EcleX on April 13, 2021 at 9:32 am
    
    Thanks. Do you mean that it is no longer possible to boot from an external disk on two different desktop Macs located at different sites, like the work’s office and home? If that is true, I understand that it is only with macOS 11 Big Sur.
    
    Well, I hope that Apple fixes it, because otherwise it is a deal breaker for many people at out University. Yes, I know that people can use a MacBook, but many prefer using two different Mac desktops (one at work and other at home) booting from the very same external disk (your work in your pocket). BTW, Apple sells not just one, but two Mac desktops in such scenario.
    
    LikeLiked by 1 person
    - 4
      
      hoakley on April 13, 2021 at 11:47 am
      
      Thank you. No, that’s not what I wrote. Indeed, I have verified here that you can do that, at least with an M1 Mac mini and MacBook Pro.
      But M1 Macs don’t boot entirely from an external disk: it isn’t that simple, as I’ve explained above. There’s no reason that you shouldn’t work off a common external boot disk in that way, but with M1 Macs it works differently: each M1 Mac starts the boot from their internal SSD, which sets security policy, provides recovery, and the underpinnings for macOS. That’s quite unlike the way that pre-T2 Macs work, where only the firmware is set by the Mac.
      Howard.
      
      LikeLiked by 1 person
5

alberic on April 13, 2021 at 9:50 am

Howard, you may well be right that Apple has fenced itself in with the “unbreakable” Macintosh. I do not see the point of having evolutive and modular computers like all Mac Pro’s (except maybe the Mac Pro 2013) if you are restricted to boot just one OS. The Mac Pro 2019 is probably the last Mac of its kind.

LikeLiked by 1 person
- 6
  
  hoakley on April 13, 2021 at 11:55 am
  
  Thank you.
  An M1 Mac isn’t restricted to booting just one OS. But it starts the boot process from its own internal SSD, which sets security policy, provides recovery, and all the underpinnings for the OS which it then boots on top.
  There’s nothing to indicate, for example, that when macOS 12 is released, you won’t be able to boot 11 from an external disk. But you can’t boot Windows from there, for example, in the way that you can with an Intel Mac and Boot Camp. Asahi Linux aims also to be a bootable OS in that sense.
  However, the preferred method for running other OSes is within virtualisation, and that’s how you can currently run Linux and Windows on an M1 Mac. I suspect that will be true of macOS 11 when you can upgrade your internal SSD to macOS 12, but there you should also have the option of booting that from an external SSD if you prefer.
  Inevitably, for the moment at least, M1 Macs won’t run non-ARM operating systems at all. Whether that will ever happen I don’t know, but that will rely on something like QEMU for emulation.
  Howard.
  
  LikeLike
  - 7
    
    alberic on April 13, 2021 at 1:20 pm
    
    Emulation is great, I am a great fan of VMware Fusion, but you have to be happy with the emulated hardware. If you have specific hardware running on (let’s say) Windows, you are left in the cold. I guess Apple hardware engineers run their some of their development tools on Windows because none exit on Mac, but I digress.
    
    LikeLiked by 1 person
    - 8
      
      hoakley on April 13, 2021 at 9:19 pm
      
      Thank you. Yes, if you’re committed to hardware or software which is only support by Intel Windows systems, Apple Silicon Macs aren’t going to help.
      Howard.
      
      LikeLike
9

wowfunhappy on April 13, 2021 at 5:45 pm

Software bugs aside, it’s not so much that the M1 can’t boot external disks, but that the M1 _bootloader_ can’t boot external disks. When you boot an external disk, what’s really happening is you’re booting into an instance of macOS on the internal disk, which then reboots the computer from an external disk.

Once done, however, the Mac really is running the OS entirely from the external disk.

Recommended reading from the Asahi Linux folks: https://github.com/AsahiLinux/docs/wiki/M1-vs.-PC-Boot It’s a tad technical, but not too bad.

LikeLiked by 1 person
- 10
  
  hoakley on April 13, 2021 at 9:27 pm
  
  Thank you. Yes, that’s what I’m trying to explain without making the reader imagine that their M1 Mac first boots completely into macOS on their internal storage, then that boots the system on the external disk.
  Howard.
  
  LikeLike
11

Sebby on April 13, 2021 at 5:57 pm

At least T2 Macs can be configured to allow external disk bootability with no reliance on an internal disk while the internal disk is working. So if you have a T2 Mac, it might be a safety net if you were to enable external bootability. I don’t know for sure though, because my internal disk is fine just now; it might simply fail to boot any drive at all if it stops working.

I didn’t check, but does Internet Recovery count as an external boot device? It probably does, and that would be too bad because then you couldn’t recover from a reset of the T2 boot parameters for any reason if the internal disk just happened to have failed. But actually, now I think of it, even that isn’t guaranteed, because you need an admin account to change policy. So again, best to not reset your boot policy after you have initially set it up.

And what about NVRAM reset from the keyboard? Does that, in addition to erasing the NVRAM variables, also reset the T2 boot policy?

I could live with a T2 Mac running an alternative OS exclusively if it could be ensured against internal disk failure by the disabling of the external boot restriction. It’s not going to be perfect, because of the way T2-equipped Macs expose their SSDs to the operating system, but it’s doable and clearly better than losing access to your Mac entirely. I understand why Apple tied boot policy changes to an established account on the internal installation of macOS, but it does make things much more difficult for non-macOS situations. Probably best to travel the path Apple has set.

So glad to be the proud owner of a 2019 iMac!

LikeLiked by 1 person
- 12
  
  hoakley on April 13, 2021 at 9:34 pm
  
  Thank you. I believe that, so long as the T2 is working fine, a T2 model doesn’t require any sort of bootable system on internal storage. However, that does require the correct security settings first.
  T2 boot policy isn’t, I believe, stored in NVRAM, but in the T2 itself. Resettting NVRAM doesn’t affect the T2’s settings AFAIK.
  In the days when internal storage was a hard disk, the need to be able to replace that was fairly great. With modern SSDs it should be exceedingly low.
  Howard.
  
  LikeLike
  - 13
    
    rpmurray on April 14, 2021 at 1:53 pm
    
    I disagree about the replacing of the SSDs. The way I understand it, the new M1 Macs are wearing out their SSDs at a faster rate than those on the Intel Macs, but that just might be because of changes in Big Suck rather than hardware.
    
    LikeLiked by 1 person
    - 14
      
      hoakley on April 14, 2021 at 9:18 pm
      
      Thank you.
      This is a fascinating subject, although a bit involved for comments, perhaps. As the owner of two M1 Macs, it is dear to my heart and wallet, but I’m delighted to say that neither of mine is affected.
      I’m unconvinced that this has anything to do with M1 Macs or Big Sur. Although I often run Xcode and plenty of other memory-hungry apps, none of my Macs ever dips into VM. And I think it is heavy use of VM which has resulted in these apparently alarming reports.
      Given that they come from early adopters, many of whom have been pushing their M1 Macs to the limit, this is similar to users of low-end Intel MBA and MBP computers perhaps with only 8 or 16 GB of physical memory doing the same sort of things. I thus think this isn’t so much a reflection on the M1 or Big Sur, but the lengths we’re going to.
      It’s also important to recall that the models which they’ve replaced also had similarly small amounts of RAM soldered into place.
      Howard.
      
      LikeLike
15

Michael Tsai - Blog - Booting an M1 Mac From an External Disk on April 15, 2021 at 6:36 pm

[…] Update (2021-04-15): Howard Oakley: […]

LikeLike
16

James on April 22, 2021 at 7:45 am

Thanks for the interesting article.

Do you know if the issues with updating the OS on external boot drives have been solved at this point?

LikeLiked by 1 person
- 17
  
  hoakley on April 22, 2021 at 1:36 pm
  
  Thank you.
  No I don’t know. I’m rather hoping that rumours of it being fixed in 11.3 might turn out to be true. Whether than means that 11.3 has to be installed afresh and it will work with subsequent updates I don’t know yet.
  Howard.
  
  LikeLike