If you’ve been following the story of Recovery Modes on M1 Macs, you should now be aware that there are often two: 1 True Recovery (1TR) which you engage by starting your Mac up with the Power button held until it loads Options, and Fallback Recovery (frOS) which requires a first short press on the Power button followed by a second which is held until it loads Options. This article describes a third Recovery Mode, simply known as recoveryOS.
1TR provides a full suite of recovery tools, which are detailed in these three articles:
Among the most important of those is Startup Security Utility, which lets you change security level of available boot volume groups. This is the only way that you can do that, a design decision made by Apple which it explains in its Platform Security Guide:
“On a Mac with Apple silicon, System Security Utility” [actually Startup Security Utility] “indicates the overall user-configured security state of macOS, such as the booting of a kext or the configuration of System Integrity Protection (SIP). If changing a security setting would significantly degrade security or make the system easier to compromise, users must enter into recoveryOS by holding the power button (so that malware can’t trigger the signal, only a human with physical access can), in order to make the change.”
1TR runs only from its own container on the internal SSD, and boots as its own operating system, which Apple calls recoveryOS. It also provides key tools such as Disk Utility, Terminal, and the ability to install the current version of macOS, making it a complete recovery environment.
When you update macOS on an M1 Mac, the previous recoveryOS is kept in reserve as Fallback Recovery, to provide a safeguard in the event that anything goes wrong installing the new recoveryOS. This is detailed in these two articles:
This is identical to 1TR except that Startup Security Utility isn’t available, so it can’t be used to change security level of available boot volume groups.
I actually described plain recoveryOS over three months ago in this article without realising it. The major difference here is that this mode isn’t one that you engage: you can’t enter it using the Power button or any keystroke command. It’s only entered when macOS requires it.
My commonest experience with recoveryOS is when using the Startup Disk pane to switch between bootable disks. If there’s anything not quite right with the disk you’re trying to boot from, or when switching back to the internal SSD, you’re likely to be thrown into what is visibly recoveryOS, but without having touched the Power button. These visits are therefore invoked from macOS, and from 11.4 onwards almost certainly rely on the private framework RecoveryOS.framework which was introduced in the 11.4 update.
This can be much more limited than either 1TR or Fallback Recovery, and invariably denies any access to Startup Security Utility, while some of the other tools available in 1TR may also be inaccessible. Typically, this might just offer Boot Recovery Assistant, allowing you to confirm the disk you want to boot from or make a second choice. If that’s good for you, it will then normally reboot macOS as selected and return you to that.
If you can’t choose what you want from its options, then the best course is to shut your Mac down (using a menu command to do so) and then start up in 1TR, where you have a fuller range of tools available.
These three different modes of Recovery may appear confusing until you understand what they’re intended for.
- 1TR is the full recovery system, including Startup Security Utility, Disk Utility, and more, and can only be entered by pressing and holding the Power button.
- Fallback Recovery is there in case 1TR doesn’t work, but doesn’t include Startup Security Utility.
- recoveryOS is invoked not by you but by macOS to tackle a specific issue from Recovery, but doesn’t include Startup Security Utility and may omit others too.
I hope that’s less confusing.
I am very grateful to Pico for pointing out the all-important text in Apple’s Platform Security Guide, and for his suggestions leading to the changes I have made above.