How Recovery works on M1 series Macs

If you’re running an M1 series Mac and have updated to Big Sur 11.6.1 or later, or to Monterey, you may not have noticed that Recovery has changed. This article explains how Recovery now works on those systems; if you’re running an original M1 Mac on Big Sur 11.6 or earlier, then you won’t be affected by these changes until you update or upgrade your Mac. These should also apply to all M1 models whose firmware has been updated to iBoot version 7429.41.5, even when booting from an external disk with an earlier version of macOS installed.


These recent macOS updates break from two traditions: for M1 models, their ‘firmware’ update also brings a new Recovery system which is based on the latest macOS, in this case 12.0.1 even when the update is 11.6.1, and a single Recovery system is installed in each APFS container with one or more bootable systems. I’ll explain those first.

On Intel systems in the past, the Recovery system has been tied to the version of macOS, rather than the firmware installed. When you install a security update to Catalina, that may include a firmware update, but it doesn’t replace the installed Recovery system with that from Monterey. Apple Silicon iBoot and Recovery updates are more closely bound, though, and it was Mr. Macintosh who first documented that the 11.6.1 update installed a Monterey Recovery system. With future updates to Big Sur and Monterey, we should expect further updates to the Recovery systems which keep them in step with the current version of Monterey.

If you install two or more bootable systems within the same APFS container, regardless of whether any of them are for older versions of macOS, there will only be a single Recovery volume, shared by all those systems, and that too may be updated to the latest version of Monterey installed on that Mac.

Thus, when your M1 Mac has been updated to Monterey 12.1, it will have one Recovery system for each bootable container, some of which may be Recovery for macOS 12.1.

Entering Recovery

1 True Recovery (1TR) is engaged as usual by pressing and holding the Power button until the display shows that Options are loading or have loaded. This can only be engaged by the user pressing the Power button, and only 1TR supports the full features, including Startup Security Utility, which you can use to change its Secure Boot settings.

The only caution with the new system is that, if you want to use Startup Security Utility, you have to be careful as to which system was running and due to boot that Mac when you enter Recovery, as explained below.

Which Recovery?

M1 series Macs always start their boot process from their internal SSD. When the 1TR Power-press is detected, that pre-boot then looks for the right Recovery system to load. For basic setups with only one system installed and no bootable external disks available, this will be the Recovery system installed in the Recovery volume inside the Apple_APFS container on the internal SSD, rather than the Apple_APFS_Recovery container which was used by Big Sur.

When the Mac is expecting to proceed from pre-boot to a bootable system on an external disk, the first choice of Recovery system will then be that in the Recovery volume in the container on the external disk from which it was expecting to start up. If that isn’t available for any reason, then it should default to a Recovery system on the internal SSD, which includes the copy installed in Apple_APFS_Recovery container there.

Ordinarily, this doesn’t make a big difference, now all versions of Recovery seem to be synchronised to that supplied with the most recent version of macOS installed on that M1. It is important, though, when you want to change the Secure Boot settings using Startup Security Utility. That’s because that process now only applies to the boot system associated with that copy of the Recovery system.

Let’s say that you have an M1 Mac with two Monterey boot systems: one on the internal SSD, the other on an external SSD. To change the Secure Boot settings for the internal SSD, your Mac must boot into the Recovery system installed on the internal SSD, which is in the same container and paired with that macOS system. To change the Secure Boot settings for the external SSD, you must first boot from that external SSD, shut down, then start up in Recovery, which will be the Recovery volume on the external SSD.

Unlike in Big Sur, the Recovery system in the boot container on the internal SSD doesn’t have the ability to change Secure Boot settings for the bootable system on the external SSD.

Loading Recovery

As far as I can tell, what happens when the pre-boot has identified which Recovery system to load, is that it then mounts that Recovery volume, mounts the sealed macOS Base System image there and completes booting from it, then unmounts the Recovery volume. When the internal Recovery system is used, this should be a 1.8 GB volume which then appears at the mountpoint of /System/Volumes/Data/private/tmp/Recovery.


Big Sur 11.6.1 and Monterey bring changes to Recovery. The version of Recovery installed is that paired with the latest iBoot ‘firmware’ installed, which is 12.0.1 for both 11.6.1 and 12.0.1 systems.

For those with a single copy of macOS installed on the internal SSD, users won’t see any difference, although the Recovery system will be mounted from the Recovery volume in the macOS container, rather than the separate Recovery container.

Changes in Recovery are most important for those with more than one bootable system who want to use Startup Security Utility to change the Secure Boot settings for one of those systems. To do that, start your M1 Mac up in the system you want to change, shut it down, then start it up into Recovery. It should boot into the Recovery system for the boot system you want to change, and Startup Security Utility will then be able to change its Secure Boot settings as you expect.

These are complicated systems and changes; if I have made any errors please tell me so that I can correct them.