Are external boot disks a thing of the past?

With changing Mac hardware, the use and value of external boot disks is changing. This article is a short overview of what’s happening, and its consequences.

All-Intel Macs

Before the arrival of Macs with T1 or T2 chips, each model stored its entire firmware in chips on the logic board, and bootable systems were wherever the user wanted them. Whatever happened to that Mac’s internal storage, all you needed to boot that Mac was a functioning logic board, and a bootable disk either connected to that logic board or accessible via a supported bus.

The snag with this is that it also works well with hijacked and stolen Macs. Even with a fully-encrypted internal boot disk, it’s all too easy for a third-party to make off with your Mac, boot it from an external disk, and wipe its internal disk. One defence against that is the Firmware (or EFI, or hardware) Password, although that apparently can be bypassed.

The benefit, as many Mac users are aware, is that the user can replace their internal storage in the event of its failure, indeed they can leave a non-functioning internal disk in place and continue booting from an external disk. The only ‘soft’ failure which could prevent booting was corruption of the firmware, which Apple addressed by making firmware ‘self-healing’. Bricking a Mac was almost impossible.

Intel-T2 Macs

When Apple added first a T1 then a T2 chip to Intel Macs it changed the boot process. In addition to a firmware password, the T2 chip can enforce Secure Boot and External Boot policies. The first is concerned with validation of the operating system to be used to boot that Mac, and the second determines whether that Mac can boot from external disks.

A T2 Mac is therefore dependent on firmware stored on the logic board, Secure Boot and External Boot policies, and the appropriate boot disk. When a T2 Mac is configured to be unable to boot from an external disk, which is the default, no matter how much you might try to cajole it, the only way to enable it to do so is to boot into Recovery Mode and change its security settings.

Coupled with encryption of internal storage, this effectively prevents a thief or intruder from being able to boot that Mac. The penalty is that any hard failure of the T2 chip or internal storage can only be fixed by replacement of the whole logic board. This initially also applied to ‘soft’ failure of the T2 chip, which some users discovered bricked a Mac, although that has been largely addressed by improvements in Configurator to tackle T2 firmware problems. The value of the external boot disk declined markedly with T2 chips.

M1 Macs

Although M1 Macs do away with the External Boot policy of the T2 chip, and give the impression that they can boot entirely from an external bootable disk, that’s actually an illusion. They’re even more dependent on their internal storage than T2 Macs.

What has confused users is that they think they can erase the internal storage while leaving their Mac still bootable from an external disk. In fact, Disk Utility should prevent that from happening, and all that is being erased is the macOS boot container on the internal SSD, leaving two other containers untouched. If those containers are also erased, and the whole internal SSD reformatted, the only way to recover that M1 Mac is to put it into DFU mode and perform a Restore using Apple Configurator 2.

Although this might appear more threatening than the failure modes of T2 Macs, in practice M1 Macs should prove more resilient, and more easily recoverable. The most common ‘soft’ mode of failure is damage to the macOS boot container on the internal SSD, which can be recovered in 1 True Recovery, which runs from a separate container. Far less common are soft failure of either of the other two containers, which can be addressed in DFU mode by any user with a second Mac and Internet access. Hard failure of the internal SSD should be exceptionally rare.

As far as external bootable disks are concerned, M1 Macs are more permissive than Intel models with a T2 chip, but what they permit is more restricted: there can be nothing equivalent to Boot Camp, for example. The official way to support other operating systems such as Linux and Windows is within virtualisation, as has been developed by Parallels. Those run within the M1’s security environment, with 1 True Recovery and all the features of the special containers on the internal SSD. Booting into a ‘native’ Linux is a far greater challenge, and the aim of the team developing Asahi Linux.

For most users, external boot disks provide M1 Macs with an operating system layered on what’s installed on their internal SSD. That’s very different from Intel Macs before the T2 chip.