Firmware and Recovery upgrades and downgrades on different Macs

Let me ask you a simple question: supposing you installed the Monterey beta on an external disk, what would happen to that Mac’s firmware and its Recovery features? Given that Monterey is likely to bring firmware updates to most if not all Macs, how might that affect yours? That’s what I try to answer in this article – and it’s of great importance to all those who install beta-releases, as well as everyone considering upgrading in the autumn/fall.

The answer to these questions depends on which architecture your Mac has, and how it stores and maintains the different parts of what we loosely refer to as firmware.

Intel Macs without a T2 chip

These models lack any support for Secure Boot, and rely on a combination of fixed ROM, upgradeable firmware, and software stored on the boot disk. These are based on a foundation of Intel’s UEFI, with Recovery tools written as UEFI apps and for a cut-down version of macOS known as recoveryOS. Although most of this is reliably updated by installing macOS updates, two components have in the past been vulnerable to failure, recoveryOS and AppleDiagnostics. They are both installed as disk images, named BaseSystem.dmg and AppleDiagnostics.dmg respectively, which are mounted and run from memory on demand. These can be inadvertently erased, forcing you to use Internet Recovery or Internet Diagnostics instead.

Firmware, covering the firmware proper and Recovery tools, is updated to the latest version whenever a newer version of macOS is installed on any mounted disk, whether internal or external. Thus, if the internal disk has Catalina installed and you then install Big Sur on an external disk mounted on that Mac, both the firmware and Recovery software is updated to that supplied with Big Sur. This only happens at the time of installation, though: mounting a bootable disk containing Monterey beta (which was installed on another Mac) doesn’t result in any firmware upgrade.

Firmware updates aren’t provided outside macOS installers and updaters, and there’s no provision for downgrading EFI firmware. The firmware is intended to be ‘self-healing’, in that if an update goes wrong, the Mac should be able to restore functional firmware itself, although this appears to occur extremely infrequently.

Intel Macs with a T2 chip

Macs with T2 chips have firmware for that as well as normal EFI firmware, although because of its role in Secure Boot, attention is mainly paid to that for the T2, which is termed iBridge or bridgeOS. All models with T2 chips run the same version of iBridge firmware (for a particular version of macOS), the same version of EFI firmware too, and they are normally updated at the same time.

Although the same basic rules for Intel Macs apply to those with T2 chips, models with T2 chips can have their firmware revived or restored if they’re put into DFU mode, connected by a USB-C to USB-C (charge only) cable to another Mac running Catalina or later, using Apple Configurator 2 (free from the App Store).

The revive process simply updates iBridge firmware (Apple doesn’t mention accompanying EFI firmware, though), and doesn’t affect the System or Data volumes at all. Restore is more extensive: in addition to updating iBridge firmware, this also erases internal storage, including the startup volume group, recoveryOS and supporting software on internal storage. Following that, Internet Recovery (Command-Shift-Option-R) must be used to install macOS afresh. Full instructions are given in Configurator’s Help book.

In theory, Configurator’s revive process could be used to downgrade iBridge firmware. However, Apple limits this ability by removing its signatures from old restore files seven days after they have been superceded by a more recent version. So when Apple released macOS 11.4, which brought a T2 firmware update, the firmware for 11.3 remained validly signed for just seven days. Since then its signature has been removed, and you can no longer install iBridge firmware to the version supplied with 11.3. Further details are provided by Mr Macintosh.

Because the Monterey beta isn’t release software, until seven days after its full release, you should still be able to download a signed IPSW for 11.4, which you can use to revert a T2 Mac to the current production firmware and Recovery system

M1 Macs

Apple Silicon Macs like the M1 series are both simpler than T2 Macs in that they don’t combine two different processors, and more sophisticated in the Secure Boot that they provide. Instead of their internal storage consisting of one functional container with multiple volumes, they’re divided into three containers (partitions) for iBoot firmware, recoveryOS, and macOS.

BootDiskStructureM1

When an M1 Mac is booted into Recovery, it hides the two ‘firmware’ containers from the user; thus, erasing its internal storage only erases the macOS container and leaves the other two containers untouched. The only way to erase those two is by putting the Mac into DFU mode and restoring it using a different version of firmware and macOS, in an IPSW image supplied by Apple.

The end result seems similar to an Intel Mac: macOS updates will update the two ‘firmware’ containers according to what is to be installed, but can’t downgrade them. If your Mac is already running macOS 11.4 and you were to replace that with 11.3.1, the ‘firmware’ containers won’t be downgraded to those supplied with that earlier version of macOS. Unlike an Intel Mac, if you want to roll back all three containers, you can perform that by restoring the 11.3.1 IPSW in DFU mode.

Thus, in ordinary use, M1 Macs update with macOS updates as normal. Install 11.4 on an external disk, and older firmware and Recovery systems on the internal SSD will then be updated to 11.4 without updating the older version of macOS. But macOS installers and updates can’t downgrade the two ‘firmware’ containers. The only way to do that is to replace the entire contents of the internal SSD with an older IPSW image. That’s a valuable new feature for some users, and invaluable in the event of a problem when updating macOS and its firmware.

Summary

All Macs should update their firmware and Recovery systems when a macOS installer or updater installs more recent firmware, whether that installation/update is applied to an internal or external disk.

Intel Macs without a T2 chip can’t downgrade their firmware.

T2 Macs can have their current firmware restored or (for a limited period only) rolled back to the last release, using Configurator.

M1 Macs can have their whole firmware, Recovery system and macOS restored to any version for which Apple supplies a signed IPSW image. That completely erases internal storage, and is quite different from erasing and installing macOS in Recovery.

If you install a beta-release of Monterey on any disk inside or connected to your Mac, that Mac’s firmware and Recovery system will be updated to that supplied in the beta. Only T2 and M1 Macs can reverse that, by restoring in DFU mode.

12Comments

Add yours

1

Michele Galvagno on June 10, 2021 at 6:57 am

Thank you for this detailed reading!
Is this valid also for VMs?
What negative aspects could a different firmware bring?

LikeLike
- 2
  
  hoakley on June 10, 2021 at 9:39 am
  
  Thank you.
  No – this is one of the strengths of VM. Any ‘firmware’ is installed into the VM, not the Mac’s system. So you can have as many VMs as you want, and not one of them affects the firmware or system software of the host Mac.
  The big fear with firmware, particularly when in beta, is that it may have bugs which, because they’re in the firmware, cause kernel panics and other serious problems. At their worst, they can render a Mac completely unusable, or brick certain models. That’s unusual, and Apple’s firmware quality is generally very good, even in beta-releases.
  Howard.
  
  LikeLiked by 3 people
  - 3
    
    Michele Galvagno on June 10, 2021 at 9:47 am
    
    Happiness rising 🙂
    Thank you!
    
    LikeLiked by 1 person
  - 4
    
    Norm on June 10, 2021 at 4:47 pm
    
    This may explain why the Mac OS X updater from Sierra to High Sierra bricked my 2012 MacBook Pro.
    
    Apple bought my bricked machine by replacing it with a brand new 2016 MacBook Pro for free and were nice enough to let my buy more soldered in RAM and HD storage.
    
    Apple does not give away new computers to non-influencers like me, so they must have discovered there was a bug in the updater. Very shortly after this calamity, I noticed the Sierra to High Sierra updater went from something like V1.0 to V1.1.
    
    LikeLiked by 1 person
    - 5
      
      hoakley on June 11, 2021 at 6:06 pm
      
      Thank you.
      Howard.
      
      LikeLike
- 6
  
  kapitainsky on June 10, 2021 at 2:30 pm
  
  in terms of VMs – Monterey already works with VMware Fusion! It requires some terminal kung-fu but depending on what one wants to test might be the safest option – especially when somebody can’t dedicate another mac just for new OS testing.
  
  For interested people here is good summary how to run it:
  
  https://blog.eucse.com/how-to-run-macos-monterey-12-beta-in-vmware-fusion/
  
  LikeLiked by 2 people
  - 7
    
    hoakley on June 11, 2021 at 6:05 pm
    
    Thank you.
    Howard.
    
    LikeLike
8

EcleX on June 10, 2021 at 9:01 am

Many thanks for the great and useful article. Twice for the Summary section!

LikeLike
- 9
  
  hoakley on June 10, 2021 at 9:36 am
  
  Thank you.
  Howard.
  
  LikeLike
10

Michael Tsai - Blog - Downgrading BridgeOS on June 13, 2021 at 10:33 pm

[…] Update (2021-06-13): Howard Oakley: […]

LikeLike
11

Andrew Main on June 16, 2021 at 2:56 pm

“…two components have in the past been vulnerable to failure, recoveryOS and AppleDiagnostics. … Firmware, covering the firmware proper and Recovery tools, is updated to the latest version whenever a newer version of macOS is installed….”

Though I understand you’re mostly talking about newer Macs and Big Sur – Monterey, thought you might be interested to know about a firmware update issue (as best we can figure out) that affects pre-T2 Macs. About two years ago, I discovered that my 2013 MacBook Pro would not load Apple Hardware Test (either from a USB stick or from the Internet), giving instead an error message:

Error: 8000000000000003, Cannot load ‘EFI/Drivers/TestSupport.efi’
Status: 0x00000003

Just tried again: same result. Neither would it load the EFI version of Apple System Diagnostics, though the OS version worked fine.

I posted about this at Apple Discussions, and was soon led to another thread, and into a year-long odyssey of many hours of experimentation, lengthy calls with Apple, frustration, and so far no solution.

As noted in my last post in the now-archived discussion, chronic illness has prevented me from taking my computer to the nearest Apple Store, 60 miles away. And apparently nobody else has done so either, despite nearly 1000 users checking “I have this question too” in the two threads. (There may be more threads about this; I haven’t looked into it in over a year.)

Anyway, as best anybody was able to determine, the problem must be caused by a firmware update. I think it was working before the MBP was upgraded to Mojave/Catalina. And as you say, there’s no way to revert to earlier firmware; though I’ve gone back to Sierra, the firmware remains at 262.0.0.0.0. Maybe this summer – if they ever let us out of “lockdown” – I’ll be able to get to the Apple Store and see if they can provide a solution. Pretty weird that the software Apple provides its users to test its equipment doesn’t work.

LikeLiked by 1 person
- 12
  
  hoakley on June 16, 2021 at 5:16 pm
  
  I’m sorry to hear that. The classic cause of failed firmware updates and this type of consequence is replacing the internal storage, or sometimes upgrading the memory. I hope you can get your MBP to an Apple store soon and that they can fix it for you.
  Howard.
  
  LikeLike