hoakley December 15, 2021 Macs, Technology

How Recovery works on M1 series Macs

If you’re running an M1 series Mac and have updated to Big Sur 11.6.1 or later, or to Monterey, you may not have noticed that Recovery has changed. This article explains how Recovery now works on those systems; if you’re running an original M1 Mac on Big Sur 11.6 or earlier, then you won’t be affected by these changes until you update or upgrade your Mac. These should also apply to all M1 models whose firmware has been updated to iBoot version 7429.41.5, even when booting from an external disk with an earlier version of macOS installed.

Changes

These recent macOS updates break from two traditions: for M1 models, their ‘firmware’ update also brings a new Recovery system which is based on the latest macOS, in this case 12.0.1 even when the update is 11.6.1, and a single Recovery system is installed in each APFS container with one or more bootable systems. I’ll explain those first.

On Intel systems in the past, the Recovery system has been tied to the version of macOS, rather than the firmware installed. When you install a security update to Catalina, that may include a firmware update, but it doesn’t replace the installed Recovery system with that from Monterey. Apple Silicon iBoot and Recovery updates are more closely bound, though, and it was Mr. Macintosh who first documented that the 11.6.1 update installed a Monterey Recovery system. With future updates to Big Sur and Monterey, we should expect further updates to the Recovery systems which keep them in step with the current version of Monterey.

If you install two or more bootable systems within the same APFS container, regardless of whether any of them are for older versions of macOS, there will only be a single Recovery volume, shared by all those systems, and that too may be updated to the latest version of Monterey installed on that Mac.

Thus, when your M1 Mac has been updated to Monterey 12.1, it will have one Recovery system for each bootable container, some of which may be Recovery for macOS 12.1.

Entering Recovery

1 True Recovery (1TR) is engaged as usual by pressing and holding the Power button until the display shows that Options are loading or have loaded. This can only be engaged by the user pressing the Power button, and only 1TR supports the full features, including Startup Security Utility, which you can use to change its Secure Boot settings.

The only caution with the new system is that, if you want to use Startup Security Utility, you have to be careful as to which system was running and due to boot that Mac when you enter Recovery, as explained below.

Which Recovery?

M1 series Macs always start their boot process from their internal SSD. When the 1TR Power-press is detected, that pre-boot then looks for the right Recovery system to load. For basic setups with only one system installed and no bootable external disks available, this will be the Recovery system installed in the Recovery volume inside the Apple_APFS container on the internal SSD, rather than the Apple_APFS_Recovery container which was used by Big Sur.

When the Mac is expecting to proceed from pre-boot to a bootable system on an external disk, the first choice of Recovery system will then be that in the Recovery volume in the container on the external disk from which it was expecting to start up. If that isn’t available for any reason, then it should default to a Recovery system on the internal SSD, which includes the copy installed in Apple_APFS_Recovery container there.

Ordinarily, this doesn’t make a big difference, now all versions of Recovery seem to be synchronised to that supplied with the most recent version of macOS installed on that M1. It is important, though, when you want to change the Secure Boot settings using Startup Security Utility. That’s because that process now only applies to the boot system associated with that copy of the Recovery system.

Let’s say that you have an M1 Mac with two Monterey boot systems: one on the internal SSD, the other on an external SSD. To change the Secure Boot settings for the internal SSD, your Mac must boot into the Recovery system installed on the internal SSD, which is in the same container and paired with that macOS system. To change the Secure Boot settings for the external SSD, you must first boot from that external SSD, shut down, then start up in Recovery, which will be the Recovery volume on the external SSD.

Unlike in Big Sur, the Recovery system in the boot container on the internal SSD doesn’t have the ability to change Secure Boot settings for the bootable system on the external SSD.

Loading Recovery

As far as I can tell, what happens when the pre-boot has identified which Recovery system to load, is that it then mounts that Recovery volume, mounts the sealed macOS Base System image there and completes booting from it, then unmounts the Recovery volume. When the internal Recovery system is used, this should be a 1.8 GB volume which then appears at the mountpoint of /System/Volumes/Data/private/tmp/Recovery.

Summary

Big Sur 11.6.1 and Monterey bring changes to Recovery. The version of Recovery installed is that paired with the latest iBoot ‘firmware’ installed, which is 12.0.1 for both 11.6.1 and 12.0.1 systems.

For those with a single copy of macOS installed on the internal SSD, users won’t see any difference, although the Recovery system will be mounted from the Recovery volume in the macOS container, rather than the separate Recovery container.

Changes in Recovery are most important for those with more than one bootable system who want to use Startup Security Utility to change the Secure Boot settings for one of those systems. To do that, start your M1 Mac up in the system you want to change, shut it down, then start it up into Recovery. It should boot into the Recovery system for the boot system you want to change, and Startup Security Utility will then be able to change its Secure Boot settings as you expect.

These are complicated systems and changes; if I have made any errors please tell me so that I can correct them.

15Comments

Add yours

1

James on December 15, 2021 at 8:01 am

The fact that I need a second Mac to recover the firmware is a ridiculous flaw. I work overseas in places that no one want to go and I cannot just pop down to an AppleStore to have my problem solved. Why can’t I use an iPad or iPhone which are computers to perform the recovers. It’s not like the chip isn’t based on the iPhone.

LikeLiked by 1 person
- 2
  
  hoakley on December 15, 2021 at 8:27 am
  
  Thank you. This article is about Recovery, not Restore. However, since you raised the matter, I’ll explain.
  The M1 series chips aren’t “based on the iPhone”, but have been developed specifically for Macs. A great deal of them, particularly in the Fabric, is quite different to anything you’ll find on iPhone chips. Yes, they have common components such as the cores, but that’s widespread practice across all hardware architectures.
  Needing to restore the firmware on an M1 Mac is an exceptionally unusual situation, and not something that you should need to do when you’re working overseas, any more than replacing its logic board. The firmware, and its associated Recovery system, are stored in separate containers/partitions which are unmounted during normal use. I’d be interested to know what you might do when working overseas that puts those containers at risk.
  To perform a restore, you not only need to connect the second Mac with Configurator running on it, but also need to download a 13 GB IPSW image. How easy would that be in those locations?
  Finally, restoring the whole internal SSD in this way is a new and additional feature for M1 series Macs. While you can now restore the firmware of T2 Macs using Configurator, that is recent and has the same hardware requirements. Intel Macs without a T2 chip have no such feature at all. Doesn’t that worry you more?
  Howard.
  
  LikeLike
  - 3
    
    James on December 16, 2021 at 6:00 am
    
    …based on the technology developed in the iPhone. Clearly the ARM development for the iPhone was the foundation.
    
    I bought the the M1 just after it came out last year and it had a firmware crisis that same month which required me to restore it, something that could only be done from another Mac.
    
    “To perform a restore, you not only need to connect the second Mac with Configurator running on it, but also need to download a 13 GB IPSW image. How easy would that be in those locations?”
    
    Easy, the problem is not always bandwidth it can simply be access to another Mac.
    
    “While you can now restore the firmware of T2 Macs using Configurator, that is recent and has the same hardware requirements. Intel Macs without a T2 chip have no such feature at all. Doesn’t that worry you more?”
    
    Never had a firmware crisis on any Mac or Apple computer in 3-years, other than the M1.
    
    LikeLiked by 1 person
    - 4
      
      hoakley on December 16, 2021 at 12:51 pm
      
      Thank you.
      “I bought the the M1 just after it came out last year and it had a firmware crisis that same month which required me to restore it, something that could only be done from another Mac.”
      If you base your risk assessment on a single event, then it’s thoroughly flawed, isn’t it? Funnily enough, although you appear not to have heard of it, there are plenty of T2 Macs which have been bricked because of firmware problems. And the solution for them? Exactly the same app, Configurator 2, running on another Mac. So presumably you wouldn’t take a T2 Mac travelling either.
      Let’s also remember that when this happened to your M1 Mac, you’re referring to the very first computer that Apple has ever made entirely using its own hardware and software, within a month of its first release, running the first version of a brand new major version of macOS.
      Yes, at that time, and well into the Big Sur release cycle, there were quite a few M1 Macs which needed to be restored. That’s now over a year ago, since when the firmware in M1 Macs has improved hugely. At the time, you couldn’t even boot an M1 Mac reliably from an external disk.
      Perhaps you might like to review your risk assessment in the light of the last year’s experience with M1 Macs, and where they are with their firmware etc. now.
      And while we’re considering bricked Macs, yes Intel Macs before the T2 chip also can become bricked. The fact that it hasn’t happened to you doesn’t mean that it isn’t a risk. So how do you mitigate that risk then, given that you couldn’t restore them at all?
      Howard.
      
      LikeLike
  - 5
    
    James on December 16, 2021 at 6:04 am
    
    ‘Never had a firmware crisis on any Mac or Apple computer in 3-years, other than the M1.’
    
    CORRECTION: I meant 30-years. Among many things I was a Mac lab manager at three universities and assisted with the Campus AppleStore at one. I owned Windows PC once in 1991 for about 2 days.
    
    LikeLiked by 1 person
  - 6
    
    James on December 16, 2021 at 7:01 am
    
    “The M1 series chips aren’t “based on the iPhone”, but have been developed specifically for Macs. A great deal of them, particularly in the Fabric, is quite different to anything you’ll find on iPhone chips.”
    
    There is no question the M1 series chips are based on the A-Series chips which laid the foundation. Sure they added and changed things. But it was the iPhone and iPad that paved the way for the M1 Macs in almost every way. I never had any doubts from the first iPhone that Apple was architecting its exit from INTEL based on ARM designs, which I think Apple will depend on less and less as they hone their skills with Apple Silicon. Tim Cook is always looking to remove dependencies in the supply chain, not just materially but intellectually, that’s part of his brilliance.
    
    LikeLiked by 1 person
    - 7
      
      hoakley on December 16, 2021 at 12:41 pm
      
      Thank you.
      Actually, Apple laid the foundation when it co-founded ARM, which was back in the ancien regime, and long before anyone even had a glimmer in their eye of an iPhone.
      It’s also a complete red-herring: firmware restore has nothing to do with chip architecture, as you argue. I use Configurator 2 from my Intel-based iMac Pro.
      Howard.
      
      LikeLike
    - 8
      
      James on December 16, 2021 at 7:14 pm
      
      “It’s also a complete red-herring: firmware restore has nothing to do with chip architecture, as you argue.”
      
      I never said it did. You’re simply making that assumption.. My point is that it would be great if I could use an iOS device to aid with the firmware should it be necessary. As for the architecture I more than familiar with it’s entire history. The iPhone’s A-Series chips simply made it clear the Mac would be next and it was that development which laid the foundation for the M-1. You don’t need to over analyze everything I’m saying.
      
      LikeLiked by 1 person
    - 9
      
      hoakley on December 16, 2021 at 7:17 pm
      
      So what did you mean when you wrote:
      “It’s not like the chip isn’t based on the iPhone”?
      Howard.
      
      LikeLike
10

Javier Gallardo on December 15, 2021 at 9:36 pm

I must thank you for your articles.
I don’t remember exactly where or how you did explain, but I think I understood that Recovery was a nice and normal way to upgrade OS if it fails from the proper system.
My new 16” M1pro didn’t show up 12.1 update and tried a few tricks without success. It seems to be a well spread problem, and different solutions are being suggested in forums.
As you explain, Recovery has changed, and I imagined it was a safe way to go. It is one of the solutions posted in the web, but scarcely. Making a bootable external installer seems popular, and closing specific processes in Activity Monitor.
Update worked flawlessly from Recovery, and I believe it’s the straightest fix and an expected use of it with these new machines (impressive device here, by the way).
Am I wrong?
In the while… Apple should recommend a fix. This it not just because of saturated servers, I think.

LikeLiked by 1 person
- 11
  
  hoakley on December 15, 2021 at 11:11 pm
  
  Thank you.
  Recovery is good, although it downloads and installs the whole of macOS, rather than a much smaller updater.
  What I do when there’s a macOS update due or available is run SilentKnight. That usually reports the update as being available. I then quite that app, and open Software Update, which almost invariably can find the same update. These days, I tend to start my updates with an M1 Mac rather than Intel, because the Intel updates seem to appear slightly later.
  Howard.
  
  LikeLike
12

Javier Gallardo on December 16, 2021 at 7:17 am

Oh, forgot to mention (I was relieved and impressed with Recovery after successful reinstall!) :
Of course, I run SilentKnight, but while detecting needed update, it said no software found for downloading (!). I supposed SK couldn’t trigger the source…(?). Downloading from AppStore DID trigger updating in Preferences, but stuck searching for update endlessly (so, similar to SK). Tried also downloading complete installer from Terminal, stopped for hours at 90%. Tried Mr.Macintosh link from Safari, download stopped at some point and never could resume.
Well, perhaps a complete reinstall was healthy and needed… (My machine arrived home just a week ago, and I updated to 12.0.1 without problem).

LikeLiked by 1 person
13

Michael Tsai - Blog - How Recovery Works on M1 Series Macs on December 16, 2021 at 9:43 pm

[…] Howard Oakley: […]

LikeLike
14

done84pt on March 27, 2022 at 9:59 pm

I downgraded from an M1 that came with Monterey to Big Sur, now I can’t use the “Startup Security Utility”. From reason the article it seems the mac is booting to the Monterey Recovery partition instead of the Big Sur one, any ideas on how to fix this?

LikeLiked by 1 person
- 15
  
  hoakley on March 27, 2022 at 10:22 pm
  
  Do you now have both versions of macOS in bootable systems? If so, to use Startup Security Utility for the Big Sur system, you have to boot into that Big Sur system, shut down, then start up in Recovery. However, chances are that your internal SSD’s Recovery container contains the Monterey version of Recovery, not Big Sur’s. In which case, you can’t: your only option is to restore the system from a Big Sur IPSW image in DFU mode, using Apple Configurator 2, but that will probably stop it from running Monterey.
  Howard.
  
  LikeLike

·Comments are closed.

Share this:

Like this:

Related