Startup disk surgery in recent macOS: fixing bigger problems

There comes a time when you want to wipe part of your startup disk, perhaps the Data or System volume, and start again. Maybe the disk is running short of space and you can’t free up enough any other way, or you’d just like a really good clean up. From Big Sur, and with Apple silicon Macs, this all got more confusing, so this article tries to explain what you can do without hacking in command tools or turning your Mac into a brick.

Intel and Apple silicon startup

Many of the differences between the traditional approach you’ve used on Intel Macs in the past, and those for Apple silicon models, result from the way that they start up.

Intel Macs can readily start up from either internal or external disks, which have a simple structure. If your Mac has a T2 chip, you’ll need to enter Recovery and use Startup Security Utility there to allow it to start from external disks. Once you’ve done that, all you need is a bootable disk and your Mac can ignore its internal disk altogether and start up straight from that external disk.

BootDiskStructureIntelMonty

An Apple silicon Mac always starts its boot process from its internal SSD, even when you’ve set it to start up from an external bootable disk. To do that it relies on two hidden containers on its internal SSD, which can’t be substituted by an external disk. So whatever you think, you won’t completely erase its internal SSD, and if you did, you’d have to start it up in DFU mode ready to restore it using Apple Configurator 2 on another Mac (see below). The most you’ll normally do with an Apple silicon Mac is to erase the boot volume group on its internal storage, and even that works slightly differently.

BootDiskStructureM1Monty

Boot volume group

For some years now, macOS has had more than one volume forming part of a boot volume group. First it was a paired Recovery volume, then in Catalina the main volume split into two, System and Data. It’s tempting to think of those as separate volumes, but they’re no more separated than conjoined twins: format one and you destroy the firmlinks that are essential to its partnership. The only available tool to join System and Data volumes together remains the macOS Installer, so unless you want to perform a full install of macOS you shouldn’t even consider formatting or deleting either.

montyintsimple

T2 and Apple silicon encryption

Along with those constraints, newer Macs, including Intel models with a T2 chip and Apple silicon, come with a huge advantage: deleting the key for their Data volume encryption has the effect of securely deleting all its non-system contents and settings. On supported Macs, this provides a near-instant way to return that Mac to factory-fresh condition without having to install macOS again.

Intel Macs without a T2 chip

Options open to these Macs are more limited:

  • restore the Data volume from a Time Machine (or other) backup, leaving the system untouched;
  • reinstall macOS in Recovery, or when booted from another disk;
  • erase the boot volume group using Disk Utility in Recovery.

You may, though, be able to get away with older methods involving cloning and other tricks.

Intel Macs with a T2 chip

Options include:

  • restore the Data volume from a Time Machine (or other) backup, leaving the system untouched;
  • reinstall macOS in Recovery, or when booted from another disk (when enabled);
  • erase all content and settings in System Preferences;
  • erase the boot volume group using Disk Utility in Recovery.

Apple silicon Macs

Options include:

  • restore the Data volume from a Time Machine (or other) backup, leaving the system untouched;
  • reinstall macOS in Recovery, or when booted from another disk;
  • erase all content and settings in System Preferences;
  • erase the boot volume group using Disk Utility in Recovery;
  • restore the Mac in DFU mode.

These newest models are least tolerant of tricks that have worked in the past, particularly those involving external disks.

Restore from a backup

It’s simple if rather time-consuming to replace all your files on the Data volume from a recent backup using Migration Assistant. Although Apple describes this process for Time Machine backups, it should work perfectly well from most other types of backup, clone or copy. Because this is performed using files rather than anything faster, ensure the disk containing the migration source is connected by the fastest means possible, such as Thunderbolt 3. Then open Migration Assistant and follow its instructions.

migrationasst01

You do get a choice as to what is transferred: typically this can include apps, your Home folder, system and network settings, and ‘other files and folders’. It can’t include snapshots and much of the dross that can accumulate on the Data volume, though. It will also lose any changes made between the time of that backup and the time of migration.

Reinstall macOS

This is simple if you want to reinstall the version of macOS offered in Recovery: start your Mac up in Recovery, on an Apple silicon Mac go through to Options, select the Reinstall macOS [version name] item in the window, click Continue, and follow the instructions. Your Mac will then download the installer for that version of macOS and install it in place of the existing version. Where possible it will make firmlinks to the existing Data volume, so preserving all your files, although that’s not guaranteed, so you should only use this when you have a recent backup available. Worst case is that this turns into the same as erasing the boot volume group, and reliant on migrating your data from a backup or copy.

recovery07

With Big Sur and later running on T2 Intel or Apple silicon Macs, this is probably a waste of time, and is questionable on other Macs too. This is because the system you’re replacing is the signed and sealed System volume (SSV), now mounted as a snapshot, and its integrity is checked when that Mac starts up. Thus, successful startup is a guarantee that your Mac’s system in undamaged and unchanged, although that guarantee isn’t as strong on Intel Macs which lack a T2 chip. However you look at it, reinstalling the same version of macOS isn’t going to address your problems, although it might give you a bit more confidence that its system really is perfect. For what it’s worth, Apple details this here.

Erase all contents and settings

T2 Intel and Apple silicon Macs running Monterey and later have this new and valuable command, available in the menu in System Preferences. It’s not available on older Intel Macs because of the way that it works: it discards the encryption key for your data stored on the Data volume, something only feasible in Macs with a secure enclave.

In addition to effectively erasing all your data on the Data volume, it also:

  • signs that Mac out of iCloud and all other Apple ID services,
  • removes all Touch ID access,
  • unpairs all Bluetooth peripherals,
  • removes all Apple Wallet items,
  • turns off location sharing, so disabling Find My Mac.

eacas

The net effect is to revert your Mac to ‘factory fresh’ condition, and you’ll then have to personalise it afresh, and migrate your data to it from your latest backup.

This is now a secure and quick way of putting your Mac back to square one without having to install macOS. If you’ve tried everything else, and this feature is supported on your Mac, it should prove an excellent choice, if you can put up with the full migration at the end. Apple details it here.

Erase the boot volume group

The standard way to wipe your Mac’s System and Data volumes is to start up in Recovery, open Disk Utility, select the top-level Macintosh HD (or whatever name you have changed it to), and click the Erase button. This usually offers to erase the volume group, which you should agree to. Apple details this here for Intel Macs, and here for Apple silicon models.

What happens next depends on whether your Mac is an Intel model or Apple silicon. On Intel models, return to the main Recovery menu and reinstall macOS from there. Apple silicon Macs don’t just erase but restart straight afterwards, then go through the process of activation, requiring an Internet connection, before you can return to Recovery utilities and reinstall macOS there.

For Intel Macs without a T2 chip, this is the closest they can come to the convenience of erasing all contents and settings. If your Mac has a T2 or Apple silicon chip, this has now been replaced by Erase all contents and settings, which doesn’t waste time having to install macOS all over again. However, it’s not recommended as a way to downgrade macOS on Apple silicon Macs, as it doesn’t downgrade firmware; to accomplish that, you’ll need to perform a full restore in DFU mode.

Restore in DFU mode

Although mostly used to restore Apple silicon Macs to factory condition, this does have a role in resuscitating apparently dead Intel Macs with a T2 chip. For those, it can update the T2 firmware, or, if that fails, it can both do that and erase Recovery and macOS on the internal storage, as explained here. Note that’s only for Intel Macs with T2 chips: older models without T2 chips have to go back to an authorised service provider if they have similar problems.

One of the great benefits in owning Apple silicon Macs is that the whole Mac can be returned to factory-fresh condition with matching firmware and macOS, for all current and supported previous versions of macOS. Although not for the faint of heart, the procedure is actually straightforward, and requires:

  • A second Mac with the current version of Apple Configurator 2 (App Store, free) installed.
  • Internet access
  • A USB-C to USB-C charge cable, or USB-A to USB-C, supporting both power and data. Thunderbolt cables don’t work, though.

Essentially, you connect the two Macs back-to-back with the cable, put the Apple silicon Mac to be restored into DFU mode, then restore its firmware and software using an IPSW image for that specific release of macOS. This is explained in detail in the Help book for Apple Configurator 2, and again here. IPSW images can be obtained in Configurator (current version only), or through Mr. Macintosh.

As this wipes everything on the internal SSD, you’ll need a backup from which to migrate data. This is relatively quick, and complete. If you want to downgrade an Apple silicon Mac, this is by far the best approach.

Other methods

There are many other methods that have been used in the past, such as ‘cloning’. While some of these still work, the newer the Mac and macOS, the greater the chances of them failing. While I have cloned a complete system on an M1 Mac, it was never quite right, and isn’t a good way forward. The methods listed above are those fully supported by today’s macOS, and should remain so in the future.

I wish you success.