Explainer: secure boot and boot security

Recent versions of macOS have been moving steadily towards a secure boot process. Some see this as Apple constraining users by increasing controls over their Macs. This short article tries to explain why boot security is so important, and how the secure boot process in M1 Macs is better for users.

Before the T2 chip

Intel Macs without T2 chips are forgiving and flexible. If they have problems with their internal storage, it’s easy to start them up from an external boot disk. You can boot from almost any external storage, so long as it has a compatible version of macOS which has been appropriately ‘blessed’. Protection is limited to:

eficheck periodically compares a firmware checksum against its permitted list, which provides a measure of protection against malicious firmware (High Sierra and later).
A firmware password can be set, but is rarely used (and can be bypassed).
Individual volumes can be encrypted using FileVault.

In practice, anyone equipped with a suitable external boot disk can walk up to a pre-T2 Intel Mac and start it up from that, and their boot system is essentially unprotected against attack.

T2 Macs

By default, Macs with T2 chips can’t be started up from external disks, because of their more secure boot process. That can only be changed by entering Recovery Mode and changing that Mac’s security settings. The T2 chip also manages and checks the integrity of its firmware, but (prior to Big Sur) there are limited checks beyond those.

Control over booting from external disks is global: when a user opts for Medium Security settings to be able to start up from an external disk containing Mojave or Catalina, that permits other boot disks to be used as well. Those could include a version of macOS with exploited vulnerabilities, or even a maliciously crafted boot disk.

Thus the T2 chip brings greater boot security only as long as it’s kept at its default setting of not allowing that Mac to start up from an external disk at all.

M1 Macs

The aim of boot security in M1 Macs is to provide a verified chain of trust through each step in the boot process to the loading of macOS, which can’t be exploited by malicious components. This starts with the Boot ROM, which validates the Low Level Bootloader (LLB), stage 1 of the boot process. The LLB in turn validates other firmware to be used in Stage 2, the LocalPolicy to be applied to the startup disk (internal or external), and iBoot (Stage 2) itself, in accordance with the requirements of the applicable LocalPolicy.

The user controls LocalPolicy through Startup Security Utility, which is only accessible in Recovery Mode, and requires user authentication. There is no LocalPolicy which applies to all users and all disks, though: each LocalPolicy is specific to a System Volume Group and authorised user. For example, these can allow:

a single bootable external disk to be used to start up two or more Macs;
one Mac to be started up from any of several System Volume Groups, which can be running older versions of macOS, or load third-party kernel extensions.

Default LocalPolicy created for each bootable external disk provides Full Security. iBoot (Stage 2) validates kernel collections, signed System volumes, and other components to ensure their integrity, and that the kernel, extensions and macOS to be loaded have the same (or a later) version number compared to the boot system on the internal SSD. (Ideally that should be the same as the most recent release from Apple, but if that were enforced, Macs would be unable to update to a new version when booted from their internal storage.)

To boot from an older version of macOS, which will invariably contain unfixed vulnerabilities and could therefore be exploited, the user has to designate that System Volume Group with a LocalPolicy which is set not at Full Security, but at Reduced Security, using Startup Security Utility in Recovery.

Users are thus in complete control over which disks and versions of macOS their Mac(s) can boot. Workflows might include:

To update an older version of macOS on an external disk – set its LocalPolicy to Reduced Security using Startup Security Utility, restart from the external disk, install the update, return its LocalPolicy to Full Security using Startup Security Utility.
To make an older version of macOS bootable on an external disk – assign an authorised user, then set its LocalPolicy to Reduced Security using Startup Security Utility.
To make a current version of macOS bootable on an external disk – assign an authorised user; the default LocalPolicy will then allow that external disk to be used for booting in Full Security.

Secure boot on an M1 Mac thus provides the flexibility and versatility of a pre-T2 Intel Mac. Full Security provides a verified chain of trust throughout the boot process; users are also able to designate specific boot disks which can be used with Reduced Security when they consider it necessary.

Summary

Intel Macs without a T2 chip can normally boot from any compatible external disk. They have essentially no boot security.

T2 Macs can be set to boot from any compatible external disk, according to their security settings. They only have full boot security when booting from external disks is disabled.

M1 Macs provide full boot security by default, but users can reduce that to allow that Mac to start up using older versions of macOS. Changes are set in LocalPolicy, which is specific to that disk’s System Volume Group.

(Amended in response to comment from fds below.)

6Comments

Add yours

1

Al on May 15, 2021 at 8:50 am

I have pre T2 mac and interesting can a user completly disable all M1 bot protections, so it behaves as pre T2 mac?

LikeLiked by 1 person
- 2
  
  hoakley on May 15, 2021 at 9:42 am
  
  Thank you.
  No, you can’t disable boot security on the M1. You can though set a specific disk to boot with reduced security, which allows it to start up from older versions of Big Sur. There’s an important difference.
  Howard.
  
  LikeLike
3

fds on May 15, 2021 at 11:39 am

Are you sure T2 Macs set to allow booting from external devices necessarily mean disabling Secure Boot? Wouldn’t make much sense to have the Secure Boot and External Boot options separate & independent in the Startup Security Utility in that case.
https://support.apple.com/en-us/HT208198

LikeLiked by 1 person
- 4
  
  hoakley on May 15, 2021 at 3:32 pm
  
  Thank you. You’re right, although the interactions between those settings, and with macOS, are complicated, with subtleties which I suspect few users fully understand (I’m not sure that I do fully, and I have two T2 Macs). As most T2 Macs are capable of running Catalina, and many Mojave too, users who want to be able to boot into those from an external disk are likely to relax to Medium Security, which does allow vulnerable versions of macOS to be run. As this is a global control, that allows other boot disks to be used. I have amended the text with credit, thank you.
  Howard.
  
  LikeLike
5

Bryan Christianson on May 16, 2021 at 7:24 am

The part that has meconfused is: “To make an older version of macOS bootable on an external disk – assign an authorised user”

How does one assign an authoised user?

When I try to set reduced security on an external disk using Startup Security Utility I get a dialog telling me there is no authorised user. The disk is bootable, but not upgradeable. It has an admin user so I’m guessing that’s not the same thing. Also, it makes no difference which port the disk is connected to.

LikeLiked by 1 person
6

EcleX on May 16, 2021 at 7:45 am

Thanks for the useful article. The Summary section is most welcome, and if possible would be most convenient in all articles. Not that I am lazy, but sometimes you are in a hurry and want to read the summary first. That is why scientific papers also have it, even at the begining of the article.

LikeLiked by 1 person

Share this:

Like this:

Related