Recent versions of macOS have been moving steadily towards a secure boot process. Some see this as Apple constraining users by increasing controls over their Macs. This short article tries to explain why boot security is so important, and how the secure boot process in M1 Macs is better for users.
Before the T2 chip
Intel Macs without T2 chips are forgiving and flexible. If they have problems with their internal storage, it’s easy to start them up from an external boot disk. You can boot from almost any external storage, so long as it has a compatible version of macOS which has been appropriately ‘blessed’. Protection is limited to:
eficheckperiodically compares a firmware checksum against its permitted list, which provides a measure of protection against malicious firmware (High Sierra and later).
- A firmware password can be set, but is rarely used (and can be bypassed).
- Individual volumes can be encrypted using FileVault.
In practice, anyone equipped with a suitable external boot disk can walk up to a pre-T2 Intel Mac and start it up from that, and their boot system is essentially unprotected against attack.
By default, Macs with T2 chips can’t be started up from external disks, because of their more secure boot process. That can only be changed by entering Recovery Mode and changing that Mac’s security settings. The T2 chip also manages and checks the integrity of its firmware, but (prior to Big Sur) there are limited checks beyond those.
Control over booting from external disks is global: when a user opts for Medium Security settings to be able to start up from an external disk containing Mojave or Catalina, that permits other boot disks to be used as well. Those could include a version of macOS with exploited vulnerabilities, or even a maliciously crafted boot disk.
Thus the T2 chip brings greater boot security only as long as it’s kept at its default setting of not allowing that Mac to start up from an external disk at all.
The aim of boot security in M1 Macs is to provide a verified chain of trust through each step in the boot process to the loading of macOS, which can’t be exploited by malicious components. This starts with the Boot ROM, which validates the Low Level Bootloader (LLB), stage 1 of the boot process. The LLB in turn validates other firmware to be used in Stage 2, the LocalPolicy to be applied to the startup disk (internal or external), and iBoot (Stage 2) itself, in accordance with the requirements of the applicable LocalPolicy.
The user controls LocalPolicy through Startup Security Utility, which is only accessible in Recovery Mode, and requires user authentication. There is no LocalPolicy which applies to all users and all disks, though: each LocalPolicy is specific to a System Volume Group and authorised user. For example, these can allow:
- a single bootable external disk to be used to start up two or more Macs;
- one Mac to be started up from any of several System Volume Groups, which can be running older versions of macOS, or load third-party kernel extensions.
Default LocalPolicy created for each bootable external disk provides Full Security. iBoot (Stage 2) validates kernel collections, signed System volumes, and other components to ensure their integrity, and that the kernel, extensions and macOS to be loaded have the same (or a later) version number compared to the boot system on the internal SSD. (Ideally that should be the same as the most recent release from Apple, but if that were enforced, Macs would be unable to update to a new version when booted from their internal storage.)
To boot from an older version of macOS, which will invariably contain unfixed vulnerabilities and could therefore be exploited, the user has to designate that System Volume Group with a LocalPolicy which is set not at Full Security, but at Reduced Security, using Startup Security Utility in Recovery.
Users are thus in complete control over which disks and versions of macOS their Mac(s) can boot. Workflows might include:
- To update an older version of macOS on an external disk – set its LocalPolicy to Reduced Security using Startup Security Utility, restart from the external disk, install the update, return its LocalPolicy to Full Security using Startup Security Utility.
- To make an older version of macOS bootable on an external disk – assign an authorised user, then set its LocalPolicy to Reduced Security using Startup Security Utility.
- To make a current version of macOS bootable on an external disk – assign an authorised user; the default LocalPolicy will then allow that external disk to be used for booting in Full Security.
Secure boot on an M1 Mac thus provides the flexibility and versatility of a pre-T2 Intel Mac. Full Security provides a verified chain of trust throughout the boot process; users are also able to designate specific boot disks which can be used with Reduced Security when they consider it necessary.
Intel Macs without a T2 chip can normally boot from any compatible external disk. They have essentially no boot security.
T2 Macs can be set to boot from any compatible external disk, according to their security settings. They only have full boot security when booting from external disks is disabled.
M1 Macs provide full boot security by default, but users can reduce that to allow that Mac to start up using older versions of macOS. Changes are set in LocalPolicy, which is specific to that disk’s System Volume Group.
(Amended in response to comment from fds below.)