hoakley May 30, 2021 Macs, Technology

Last Week on My Mac: How it took 6 months for M1 Macs to work properly

Last week, with the release of Big Sur 11.4, Apple finally addressed most of the problems users had been experiencing getting external boot disks to work properly with their M1 Macs. Today I’m going to look back over the last six months, since the first M1 models shipped, and ask what went wrong.

Being able to boot a Mac from an external disk is a fundamental feature on which many Mac users have relied since the release of Mac OS X and well before. It’s widely used by software engineers, for example, to enable a single Mac to be run using several versions of macOS, and with the imminent release of the first betas of macOS 12 will soon assume even greater importance. Some rely on it so that they can work in an identical environment across two or more different Macs. It has also been a mainstay for many system administrators and advanced users to maintain or repair Macs which have developed soft problems. It may not be the most popular configuration, but that doesn’t make it any less important.

Within a month of the first new M1 Macs being delivered to users, there were several reports of problems getting them to work with bootable external disks. Tim Standing of OWC reported some of these, and a few days later I described them here. At this stage, trying to create a bootable external disk often failed, with a variety of different problems, whether in macOS 11.0.1 or 11.1, which had been released on 14 December.

Just before Christmas, when still testing with 11.1, I discovered a way which appeared to work for some Thunderbolt 3 SSDs. I then revisited the problems with 11.2 and 11.2.1 and still couldn’t get all my test SSDs to work properly. As I wrote in my conclusion there:
“M1 Macs currently don’t work reliably with bootable external disks. Users who want to boot from an external disk would be wise not to buy an M1 model, until Apple has fixed these problems completely.”

A few days later, I discovered that SATA/USB-C disks worked better when connected to the USB-A port on my M1 Mac mini, but that some Thunderbolt 3 disks still wouldn’t update macOS using Software Update, and of course had no option to use a different type of port. I later revisited the problem of updating a working bootable external SSD, and concluded that “At present, trying to use external bootable disks with an M1 Mac is a nightmare.” In growing despair, I asked whether external boot disks might even be a thing of the past.

In fact, Apple had already stated unequivocally that external boot disks were intended to be supported by M1 Macs running Big Sur. Its Platform Security Guide states:
“If a user chooses to boot from external media, that operating system version must first be personalized using an authenticated reboot from recoveryOS. This reboot creates a LocalPolicy file on the internal drive that’s used to perform a trusted boot from the operating system stored on the external media.
This means the configuration of booting from external media is always explicitly enabled on a per operating system basis, and already requires user authorization, so no additional secure configuration is necessary.”

On 26 April, Apple released macOS 11.3, and at first I was encouraged, which led me to conclude that booting an older version of macOS was a matter of changing LocalPolicy for the external disk, which I elaborated here, completely incorrectly as it turns out.

By this time, with 11.3.1 installed on my M1 Macs, Apple had revised its Platform Security Guide, in which it defined the three levels of security for an M1 Mac:

“Full Security: The system behaves like iOS and iPadOS, and allows only booting software which was known to be the latest that was available at install time.”
“Reduced Security: […] This allows the system to run older versions of macOS. Because older versions of macOS inevitably have unpatched vulnerabilities, this security mode is described as Reduced. This is also the policy level required to support booting kernel extensions (kexts).”
“Permissive Security: The system behaves like Reduced Security […], but it also tells iBoot that it should accept some boot objects being signed by the Secure Enclave with the same key used to sign the LocalPolicy. This policy level supports users that are building, signing, and booting their own custom XNU kernels.”

In practice I had found that, in macOS 11.3.1, all attempts to install an older version of Big Sur on an external SSD failed, and once the internal SSD had been updated to 11.3.1, it wasn’t even possible to update older versions of macOS on external SSDs. The only way to solve the latter was to downgrade the disk to Reduced Security. That behaviour didn’t appear consistent with the definition of Full Security, but could be one interpretation of Apple’s description of Reduced Security.

When Apple released Big Sur 11.4 update, nothing in its release notes indicated that any change had taken place in support for bootable external disks. Indeed, as far as I can tell, Apple hasn’t mentioned these problems, and anyone considering buying an M1 Mac would probably be completely unaware of their gross unreliability with bootable external disks.

It was a great surprise to discover that almost all these problems have been fixed in 11.4, and that in most cases external disks can now run older releases of Big Sur without downgrading security, or connecting a perfectly good SATA/USB-C disk to a USB-A port. Software Update and old installer apps which had previously been unreliable at best, and generally failed to work with external disks, suddenly work fine.

There’s an obvious explanation which I came across when looking at what had changed in the 11.4 update: a brand new kernel extension AppleVPBootPolicy.kext which is concerned with the management of LocalPolicy, which determines security level on boot disks. What’s also a little odd about that kernel extension is that its text refers to Aruba hardware, which appears to be Apple internal language for the A12Z SoC used in only one Apple Silicon Mac, the Developer Transition Kit (DTK), which isn’t supported by 11.4 and had to be returned to Apple by the end of February 2021.

Suspicions that these problems were the result of bugs in Big Sur’s updaters or installers therefore have little support. The evidence is that these problems were the result of bugs in managing and implementing LocalPolicy, which were fixed by that new extension, and other changes in macOS 11.4. In other words, M1 Macs didn’t work properly for a period of six months because their Secure Boot system was broken.

It’s possible that Apple wasn’t aware of this until early this year, but that appears most unlikely. Far more probable is that Apple knew full well for the whole period of six months that Secure Boot prevented external bootable disks from working properly. Over that period, when DTK systems were still out with developers, Apple re-engineered macOS to address these issues, notably in the AppleVPBootPolicy kernel extension.

Not only did Apple fail to warn the millions buying M1 Macs that their new computers couldn’t boot and run reliably from external disks, but when it updated its Platform Security Guide in February 2021, the account given there was an aspiration not reality.

26Comments

Add yours

1

performa475 on May 30, 2021 at 9:12 am

The uncertainty surrounding the boot ability of external drives connected to my M1 MacBook Pro has forced me to make changes to my recovery strategy. I still maintain regular Time Machine backups but I no longer even try to make bootable Carbon Copy Cloner backups, just Data volume only. Should the MacBook Pro’s recovery volume get corrupted, presumably I can restore a working macOS via a bootable Big Sur installer on a USB stick or use internet recovery failing that. Regarding potential failures of the internal drive on M1 machines, I dread to think of what the up front cost of the replacement hardware is?

LikeLiked by 2 people
- 2
  
  hoakley on May 30, 2021 at 3:09 pm
  
  Thank you.
  On M1 Macs, there’s no Internet Recovery: there’s 1 True Recovery, which can download and install the current version of macOS much better.
  Should 1 True Recovery – which is not a volume, but a separate container (previously partition) – have a problem, there’s Fallback Recovery which can do the same thing. I have an article publishing tomorrow morning which explains this a bit more clearly.
  If you have a soft failure of the internal SSD, then you need to put your M1 Mac into DFU mode and restore the whole of its ‘firmware’ and macOS using another Mac with Configurator 2. If you can’t do that, Apple stores and service folk can do it for you in less than 15 minutes.
  If you have a hard failure of the internal SSD, then your Mac’s logic board needs to be replaced. I expect that would be performed free of charge for the time being, either under your basic Apple warranty or AppleCare (which I recommend as it ensures that it won’t cost). As M1 Macs are relatively inexpensive, I think you’ll find the logic board is also rather cheaper than most Intel replacements.
  Howard.
  
  LikeLiked by 3 people
- 3
  
  chrish1961 on May 31, 2021 at 9:55 pm
  
  I, like you, only backup data. I maintain a Time Machine backup. My most important data is in iCloud documents. I also Arq that stuff to two separate cloud providers. And approximately weekly, I make a local Carbon Copy backup to an external SSD. If something terrible happens to my machine, Configurator running on a second Mac will restore my M1 Mac to factory fresh and from there I will just reinstall my apps and data.
  
  LikeLiked by 2 people
  - 4
    
    hoakley on May 31, 2021 at 11:11 pm
    
    Thank you – I concur.
    Howard.
    
    LikeLike
  - 5
    
    performa475 on June 1, 2021 at 8:02 am
    
    I have never really studied Configurator but it seems it is an excellent tool for restoring my M1 machine should the need arise. Some bed-time reading methinks 🤪 Regarding CCC, I may yet attempt to create bootable backups for my Intel MacBook Air given that, if its internal SSD fails, I can still boot from a backup external SSD.
    
    LikeLiked by 1 person
6

Nigel Barker on May 30, 2021 at 10:36 am

Just last week bought a base model Mac Mini (8GB/256GB) & was starting to think that I should return it & get a model with more internal storage. I had already decided to purchase a 2TB Samsung X5 & migrate my user files there but now that booting from an external disk is a realistic possibility I may use that as my only drive basically just using the internal disk to bootstrap the external disk.

I may still return the Mini & get a 16GB/256GB model as I bought the base model just to dip my toe in the water with the cheapest M1 available but now I’ve used it I can see that this machine is going to be useful for years & I don’t want to find I need more RAM in 2-3 year time. My other Macs in use are a 2014 15″ MBP & a 2013 15″ MBP & a maxed out 2008 Mac Pro 3,1 so I have form for having onto my Macs & I still have a 2009 Mac Mini 3,1 sitting in a cupboard somewhere.

LikeLiked by 1 person
- 7
  
  hoakley on May 30, 2021 at 3:13 pm
  
  Thank you.
  I have several recent articles here which you may find aid your decision making: they’re listed in the M1 Macs page, accessed in the menu right at the top of the page.
  However, if you postpone making your decision ten days or so, you might wait to see what Apple might announce at WWDC before deciding. You might fancy something different again!
  I think the M1 mini – albeit with 16 GB – is a superb desktop system. Mine is pretty well as fast and capable as my $5,000 iMac Pro, although of course it doesn’t have the gorgeous 27-inch display.
  But I’m waiting until WWDC in the hope that Apple will be releasing more models in the coming couple of months.
  Howard.
  
  LikeLike
8

Jim Robertson on May 30, 2021 at 2:28 pm

Assuming that the creation of a bootable external installation of Big Sur requires the physical media to be “blessed” by the internal SSD, is it likely that we’ll EVER get to the point that bootable clones return as a way to keep working while on the road with an Apple Silicon laptop AND a previously bootable clone whose internal SSD fails for some reason? Would this require the security localization to reside somewhere else on the motherboard than on the internal SSD?
And, may I ask a generic question related to your site? There are TWO clickable checkboxes attached to your comments interface; the first indicates the user’s desire to be notified of new comments. The second is not accompanied by any text? Does it have some purpose that’s important to the reader?

LikeLiked by 1 person
- 9
  
  hoakley on May 30, 2021 at 3:20 pm
  
  Thank you.
  It isn’t a matter of merely blessing an external disk: every M1 Mac starts its boot process from its internal SSD, no matter which disk it may complete it with. A dead internal SSD is a dead M1 Mac and can only be fixed by replacing the logic board. However, the chances of that happening a very much lower than with previous models: after the first couple of weeks use, the failure rate of SSDs is almost negligible until they start to age after several/ten years of use.
  Soft failure of the SSD is slightly more likely, and can be fixed by putting the Mac into DFU mode and restoring its internal SSD using Configurator 2 on another Mac. That’s something any Mac store or service provider can do for you if you’re on the road. You then set that up as a new Mac, so carrying a recent Data clone or backup will enable that to turn your revived M1 Mac into its former state.
  I’m sorry about the second of those checkboxes – I have no idea what it does. This is an Automattic-hosted site, and they provide the WordPress which it uses, putting it outside my control.
  Howard.
  
  LikeLike
  - 10
    
    Jim Robertson on May 30, 2021 at 3:38 pm
    
    Wow! Thanks for that so prompt reply. I’ve held off on purchasing an “Apple Silicon” Mac for one reason alone. I’m in Western Montana, where the nearest Apple Retail Store is a LONG day’s other-state car drive away, and where the nearest authorized 3rd party service provider/retailers have yet to receive even sample 24″ iMacs. Even an annual oil change funded by my “everything’s covered” long term service contract on my Audi SUV requires a 500 mile round trip road trip. Makes me wonder if Apple’s engineers just didn’t spend enough time thinking about WHY road warriors attach such importance to bootable clones.
    
    That said, my guess is that there ARE solutions to this issue, but Apple’s calculus likely is that they’d devalue their entire first generation of M1 Macs, so we’ll see the “we goofed” admission broadcast via an “amazing development” akin to tossing the butterfly keyboard and touch bar in the trash bin and replacing them with more reliable hardware they’d previously discarded as “obsolete.” I AM, of course, looking forward to June 7.
    
    LikeLiked by 1 person
    - 11
      
      hoakley on May 30, 2021 at 7:15 pm
      
      Thank you. I understand your remoteness: it takes half a day from here to get anything fixed at our local Apple store.
      There is a good alternative, though, if you have an old Mac running Big Sur (although I think Catalina may suffice). You can do exactly what the technician would, yourself: put your M1 Mac in DFU mode, connected via a USB-C cable to the other Mac. On that you run Configurator 2, which can download the 13 GB IPSW file which is needed, and restore it to your M1 Mac. It seems a daunting procedure the first time that you do it, but in reality it’s quick, simple, and a wonderful way of completely restoring everything on the M1. It has no parallel for Intel Macs.
      Howard.
      
      LikeLiked by 1 person
12

moseskravitz on May 30, 2021 at 3:40 pm

thank you for reliving that nightmare with all of us.
Light at the end of the tunnel!

LikeLiked by 1 person
- 13
  
  chrish1961 on May 31, 2021 at 9:56 pm
  
  And macOS 12(?) coming soon!
  
  LikeLiked by 1 person
14

Javier Gallardo on May 30, 2021 at 7:14 pm

…I think there was, added to your examples, a more “mundane” use for a bootable disk: you could “take” your personal mac to other mac. I suspect I miss something, but believe it’s not so easy as having your own “Data” volume copied on an external disk; or is it?
I understand this can be accomplished with a bootable disk (and setting security properly), but this new disk structure changes backup strategy for a normal user, so perhaps “taking” your mac in the pocket is possible in a new way…
(…but yes, perhaps you’re right and these nice abilities of external disks are now for pro and not intended for general use… 😦 )

LikeLiked by 1 person
- 15
  
  hoakley on May 30, 2021 at 7:19 pm
  
  Thank you. That use case is on the list of reasons for external boot disks at the start of this article. And it remains important for many, and should now be fully accessible from M1 Macs too, with 11.4.
  Howard.
  
  LikeLike
16

creator2014 on May 31, 2021 at 5:21 pm

I’ve been extremely frustrated by the frequent crashing of–of all things–TextEdit on my M1 Macbook Air. You’d think something as fundamental as TextEdit would be taken care of as a priority! Come on, Apple!

LikeLiked by 1 person
- 17
  
  hoakley on May 31, 2021 at 6:11 pm
  
  Thank you.
  Although I have experienced one or two odd glitches in TextEdit, I haven’t experienced it crash at all. Which version of Big Sur are you running?
  Howard.
  
  LikeLike
18

chrish1961 on May 31, 2021 at 10:02 pm

I love your research into macOS Howard. Thank you so much for sharing with the world. Recent macOS changes highlight how much of a software transition is accompanying the Mac’s hardware transition. Apple has so far done an excellent job making the present transition as seamless as possible to most people and we still see continued improvements. I am excited for WWDC to show us what the next version of macOS will bring. I look forward to your analysis.

LikeLiked by 1 person
- 19
  
  hoakley on May 31, 2021 at 11:12 pm
  
  Thank you.
  Howard.
  
  LikeLike
20

moseskravitz on June 1, 2021 at 4:49 pm

what is the difference between using Configurator as compared to using “Trtue Recovery” or whatever I would use to restore my M1 to factory?

LikeLiked by 1 person
- 21
  
  hoakley on June 1, 2021 at 5:43 pm
  
  If you start your M1 Mac up in Recovery and use that to wipe your boot disk and install a fresh copy of macOS, it doesn’t set it back to the way your Mac was configured in the factory. The macOS container is just one of three on its internal SSD: the other two provide ‘firmware’ and boot support, secure storage, and the Recovery system itself. With Recovery, you will only ever get the current release of macOS and its firmware.
  When you perform a restore using Configurator, with your M1 Mac in DFU mode, the whole of its internal SSD is wiped, firmware, Recovery system, and macOS, and replaced by completely fresh installations. It’s then to all intents and purposes a brand new M1 Mac, and has to be set up from scratch. You can choose to do that with any of the IPSW files which Apple provides, which allow you, if you wish, to revert the whole Mac to an earlier release of the firmware and macOS.
  I hope that is clear.
  Howard.
  
  LikeLike
  - 22
    
    moseskravitz on June 1, 2021 at 7:58 pm
    
    In the past I thought you could use Internet Recovery to boot into 3 different systems depending on key stroke combination:
    1. original system
    2. system most recently on computer
    3. latest system machine capable of running
    
    and I realize I’m not considering firmware, etc.
    
    Can you still do the same with the M1s.
    Or does True Recovery or the other ways limit how/what you can restore?
    
    LikeLiked by 1 person
    - 23
      
      hoakley on June 1, 2021 at 8:01 pm
      
      No: this is a completely different system developed for Apple Silicon Macs. The only version of macOS available in Recovery is the current one.
      Howard
      
      LikeLike
    - 24
      
      moseskravitz on June 1, 2021 at 8:31 pm
      
      got it…thx
      
      LikeLiked by 1 person
25

Foo on June 11, 2021 at 9:18 pm

You seem to forget that M1 Macs come with an Apple designed implementation of USB4 (Thunderbolt) hardware and firmware. It may stand to reason that there are bugs and incompatibilities that needed more time to be “smoothed out”.

LikeLiked by 1 person
- 26
  
  hoakley on June 11, 2021 at 9:27 pm
  
  You are incorrect. I have not forgotten in the least, and have recorded it elsewhere, noting that the M1 models are the first to rely on Apple’s own hardware for Thunderbolt.
  But, pray tell me, where has Apple ever warned users – you know, those of us who spend our money on Apple’s products – that the TB4 implementation in M1 Macs had any bugs?
  If you bought a new car, and then discovered that you couldn’t close its sun-roof, wouldn’t you think it reprehensible that its manufacturer didn’t warn you of that defect, even if it intended, in 6 months or so, to get round to fixing it?
  I’d be very grateful if you could provide a link to Apple’s warnings to users that the TB and USB-C features of M1 Macs didn’t work as expected, but those bugs would be “smoothed out” in 6 months.
  Don’t get me wrong – my two M1 Macs are wonderful. But if Apple knew there were problems which it was still resolving, then why the hell didn’t it have the grace to inform its customers? Or don’t we matter?
  Howard.
  
  LikeLike