hoakley June 9, 2023 Macs, Technology

Cold boot or restart?

If you’ve supported Macs, or many other computers, you’ll be aware that there are times when restarting doesn’t seem good enough, and performing a cold boot works best. By that I mean shutting the Mac down, counting to the number you first thought of, then starting it up. It’s what Apple refers to as a “manual restart”, as opposed to the automatic restart you’ll get from the Restart command. This article looks at what the difference might be.

Restarting clears everything not saved to disk or non-volatile memory (NVRAM). It runs the Mac’s Boot ROM from hardware, and that in turn starts the process of verifying the first stage firmware, and so on until the kernel is loaded and running. Whether the Mac has had a kernel panic, or WindowServer has run amok, a restart should fix it.

Just a few days ago, I was reminded of how different a cold boot and a restart can be: a dual-boot Apple silicon Mac wouldn’t restart into its primary system, but would do so with a cold boot. How could that be?

One way to see is to compare timings, here using a Mac Studio M1 Max booting from a single system on its internal SSD. Times from the startup chime to the first log entry recording the kernel running were around 3 seconds, with a further 5 seconds or so before the kernel started its logging in earnest with its distinctive kprintf entry. It’s then less than 4 seconds before the login window appears. Those don’t differ significantly between a cold boot and restart, confirming that the processes are essentially the same. Wading through the logs written by the kernel in the first few seconds shows almost identical entries there too.

Received wisdom is that the difference between cold boot and restart is the result of data being retained in memory through a restart, but being wiped clean after a cold boot. This was first documented by Alex Halderman and others, who used it to perform ‘cold boot’ attacks to recover encryption keys. They demonstrated that RAM contents were still recoverable many seconds after shutting down, and could be used to recover encryption keys and other critically secure data.

SecureBootM1v2fw

Sadly, although an attractive explanation, it doesn’t hold good unless pre-boot code accesses old data in memory. If that were the case, then the whole boot process would be fatally flawed. Just a cursory glance at a diagram of the boot process of any Apple silicon Mac (above), or a T2 Intel Mac (below), demonstrates that any data retained in memory for a restart can’t be re-used.

BootProcess

If we don’t understand what the differences are between cold boot and a restart, it’s difficult to know when to recommend each. One rule of thumb could be that when problems are related to factors in the early stages of the boot process, like LocalPolicy, then you might be more successful performing a cold boot. Although that has some logic to it, it relies on pre-boot software behaving differently depending on whether the Mac was merely being restarted. As there are no logs from that phase, that can only ever be guesswork.

Summary

A cold boot is sometimes more effective at fixing problems than a restart.
If you have tried restarting your Mac to address a problem and that didn’t help, try cold booting instead.
Cold booting may be more effective at addressing problems relating to the early stages of the boot process, such as those involving LocalPolicy and recognition of boot systems on Apple silicon Macs.
We don’t understand why cold boot should differ from a restart, but it can.

30Comments

Add yours

1

EcleX on June 9, 2023 at 6:54 am

Thanks for the interesting article. Twice for the summary.

LikeLiked by 1 person
- 2
  
  hoakley on June 9, 2023 at 4:43 pm
  
  Thank you.
  Howard.
  
  LikeLike
3

jhz on June 9, 2023 at 9:08 am

Interesting article on a rarely described subject, but I miss a definitive explanation.
My Mac in an old Mini (core i7) with internal HD and external SSD (connected on a USB port).
Of course, the boot disk is the external SSD.
For ages, I’ve been annoyed by the fact that restarting the machine *always* boots on the internal HD.
For example, the OS upgrade process never works as intended: on restart, the HD is automatically selected. So, in order to finish the upgrade process, I need to cold boot the Mac.
On cold boot, external SSD is selected without user action (as intended).
Very annoying, but I’ve never found anywhere an explanation for this (I’ve stopped searching long ago).

LikeLiked by 1 person
- 4
  
  hoakley on June 9, 2023 at 9:11 am
  
  I think that’s just a bug. Or maybe it has aspirations to be an Apple silicon Mac?
  Howard
  
  LikeLike
5

kapitainsky on June 9, 2023 at 10:37 am

Cold boot does cut power from at least some hardware devices resulting in their full reset. Good example are self encrypted SSD drives – when unlocked after powering on computer they stay unlocked until system is shut down. System restarts do not change state of encryption. Nowadays our computers contain many other specialized mini computers – T2 in some Intel macs for example. So I am guessing that similar like for SED SSD only cold boot fully reboots these specialized systems.

LikeLiked by 1 person
- 6
  
  Markus Ruggiero on June 9, 2023 at 1:33 pm
  
  I second this. Going from power-less to powered-on will electrically initialize chips and devices. This will make sure that POST (power on self test) and other init stuff is performed by the chips and devices. This *can* make a difference between restart (warm boot) and cold boot. The very early stages during power on might be crucial. These are usually not gone through during a warm boot.
  
  LikeLiked by 1 person
  - 7
    
    hoakley on June 9, 2023 at 4:52 pm
    
    Thank you.
    In an Apple silicon Mac, there don’t appear to be any (co-ordinated) POST routines. Pretty well everything in the chip is run from ARM cores, which are initialised, firmware loaded, and run exactly the same whether a cold or warm boot. Exactly what are you suggesting happens that’s different?
    Howard.
    
    LikeLike
- 8
  
  hoakley on June 9, 2023 at 4:49 pm
  
  Thank you.
  In an Apple silicon Mac, these are all ARM processors in its fabric. As far as I can tell, they undergo exactly the same initialisation and booting process after cold and warm booting. The only difference is that in the former, they start from a power-off state. But why should make any difference? As I have written, the old story was of RAM persistence, but that doesn’t make any sense unless you’re trying a cold boot exploit.
  Howard.
  
  LikeLiked by 1 person
9

Harald Striepe on June 9, 2023 at 2:19 pm

I am testing Sonoma on an external drive on my Mac Studio. I found that booting from Sonoma back into Ventura on the system drive often results in “missing” Thunderbolt disks and other issues requiring a complete shutdown and cold boot.
To save time, I now use that approach categorically,

LikeLiked by 1 person
- 10
  
  hoakley on June 9, 2023 at 4:53 pm
  
  I’m sorry to hear that. Cold boot to the rescue again!
  Howard.
  
  LikeLike
11

zenbum on June 9, 2023 at 5:05 pm

Thanks for the article and this excellent discussion. I just want to emphasize something alluded to by several other posts.

An increasing number of hardware devices are microcontroller-based, running their own separate firmware, sometimes even with fairly sophisticated real-time operating systems. A “warm” restart of the main computer may or may not restart those secondary devices. A cold reboot almost certainly will. Wifi peripheral chips can be particularly buggy in this regard.

LikeLiked by 2 people
- 12
  
  hoakley on June 9, 2023 at 10:16 pm
  
  We know a fair bit about the Fabric and the ARM cores responsible for implementing those devices within Apple silicon Mac chips. Many of them also report their initialisation to the kernel during the boot process. There are essentially no differences at all between that following a cold or warm boot.
  Howard.
  
  LikeLike
  - 13
    
    zenbum on June 9, 2023 at 11:01 pm
    
    My understanding is that on Apple Silicon Macs, wifi and bluetooth are handled by a separate chip, the USI 339S00758, which is based on the Broadcom BCM4375. So I’m not sure what you mean by “implementing those devices within Apple silicon Mac chips”. Maybe I’m just being dense. Of course, within the kernel running on the main processor’s SoC there’s a device driver which communicates with the wifi/bluetooth chip. Is that what you meant? Please clarify.
    
    LikeLiked by 1 person
    - 14
      
      hoakley on June 10, 2023 at 9:28 am
      
      Thank you.
      You’re referring to just about the only system that isn’t handled within the chip. There’s around 40 or more other specialist ARM cores in the fabric handling systems like Thunderbolt. In the example I quoted for Apple silicon, there’s no network involvement at all. Indeed, of all the systems in Macs that I’ve had to restart or cold boot, networking is the one in which I can’t ever recall having to do a cold boot, as it has always reset with a restart.
      Howard.
      
      LikeLike
  - 15
    
    kapitainsky on June 10, 2023 at 9:30 pm
    
    “You’re referring to just about the only system that isn’t handled within the chip. There’s around 40 or more other specialist ARM cores in the fabric handling systems like Thunderbolt. ”
    
    Do you have any link listing what these functionalities or fabric are? For sure Apple tries to control more and more aspects but it is hard to believe that wifi/BT is only one they rely on others still.
    
    LikeLiked by 1 person
    - 16
      
      hoakley on June 11, 2023 at 8:43 am
      
      I don’t know of a single source, although the Asahi Linux documentation contains quite a few identifications. Some of the information is also not yet in the public domain.
      The big one was Thunderbolt: in the DTK, there was no TB support, as Apple’s implementation was first included in the M1. It was quite an achievement.
      Howard.
      
      LikeLiked by 1 person
17

David C. on June 9, 2023 at 10:43 pm

I don’t know what the specific differences are for a modern Mac, but based on what I’ve experienced with other systems in the past, there are actually three different kinds of restarts. A warm-boot (e.g. giving a reboot command), a cold-boot (power cycle) and also a hard-reset (a reset button, which Apple hasn’t put on Macs since the G4 days, unfortunately).

The hard reset button typically pulls the reset line (pull it high or low, depending on the chip) on several chips (the CPU, maybe some peripherals, maybe some other controllers), causing them to go through their own reset sequence. This is different from a warm boot, where many chips won’t be reset unless a software driver can pull the reset line as a part of its startup sequence.

And this may explain some of the differences between a warm and cold start. Leftover values in system RAM shouldn’t matter, as you described. But because all the chips remain powered and may not have their reset lines pulled, if one of these chips has corrupt internal state, that restart may not be able to clear it. But a power cycle will.

In the past, I’ve seen this with GPUs and with intelligent network interfaces. It wouldn’t surprise me if this occasionally happens with Apple’s intelligent coprocessors (T1, T2, SMC, and probably various internal components of the Apple Silicon SoCs).

LikeLiked by 1 person
- 18
  
  hoakley on June 10, 2023 at 9:25 am
  
  Thank you. So this is because of chips being left in a “corrupt internal state”? Wouldn’t they either reboot normally, or fail to reboot, in which case the system would surely recognise their failure? I’m also unsure how that works with a modern I/O system run by an ARM core. Isn’t it possible to reboot such a system? If not, that seems a massive error in design.
  Howard.
  
  LikeLike
19

Simon Simpson on June 10, 2023 at 6:42 am

There may be a more prosaic reason for the differences between a restart and cold boot. This is that the power supply smoothing capacitors retain for a short time some of their charge after being disconnected from the mains power.

Using restart does not give them time to drain the remaining charge and may therefore keep some components alive, thus not flushing their contents.

Doing a hard shutdown, and pausing a while before starting-up, gives the voltage reserve in the capacitors time to drain ensuring that all the contents of any components are truly flushed.

LikeLiked by 1 person
- 20
  
  hoakley on June 10, 2023 at 9:31 am
  
  Thank you, Simon.
  Yes, I understand the argument that somehow starting up from cold fixes problems that restarting sometimes can’t. But I don’t understand how “flushing their contents” should be any different from rebooting those systems, which is what happens in a restart. Exactly what contents need to be flushed by powering them off completely?
  Howard.
  
  LikeLike
21

Simon Simpson on June 10, 2023 at 2:09 pm

Well, perhaps the technology has changed somewhat but when I worked at the BBC this was standard practice when some computer controlled piece of kit was acting-up.

We assumed that some volts remain on the bus powering the RAM, buffers, or whatever so it was best to make sure that no code remained.

If a restart somehow earths the power supply, to drain any remaining charge before booting, then you could be sure that there was no data lurking anywhere.

I confess that I am not up-to-date with the construction of modern computers and things may well be rather different now.

Personally, when ever my Mac starts acting-up, I always go for a shutdown-pause-restart. This is also de facto advice for many computer controlled equipment.

LikeLiked by 1 person
- 22
  
  hoakley on June 10, 2023 at 9:15 pm
  
  Thank you.
  There are two ways to explain why cold boots sometimes work when a restart doesn’t: magic, and because.
  If there’s a because, that means we understand how a cold boot is changing the process, and we can thus determine which types of problem should be treated in the first instance by a cold boot.
  If it’s simply magic, then cold booting is just a panacea, and can’t be chosen over restarting for particular types of problem.
  It’s not that I don’t believe in magic, but if it’s just magic, the it comes down to luck, not reason.
  Howard.
  
  LikeLike
  - 23
    
    Simon Simpson on June 11, 2023 at 6:56 pm
    
    You mean waving burning sage of my MacBook Pro won’t work ?
    
    LikeLiked by 1 person
    - 24
      
      hoakley on June 11, 2023 at 7:21 pm
      
      As I always said to patients when I was in medical practice, if it works for you, then I’m delighted.
      I have yet to hear of anyone recommending that panacea, though!
      Howard.
      
      LikeLike
25

artiste212 on June 11, 2023 at 12:24 am

Howard,

My M1 Mini will restart and allow using theMagic Keyboard (latest version) to sign in connected via Bluetooth. The keyboard doesn’t connect after a cold boot, unless plugged into USB or the Magic Trackpad is used first.

I upgraded from an older, original Magic Keyboard which had the same issue. My hunch is that it has to do with Bluetooth. This Mini also has other Bluetooth issues. Why Bluetooth seems not to connect the keyboard from a cold boot is beyond my ability to understand, but I suspect it’s a hardware thing.

LikeLiked by 1 person
- 26
  
  hoakley on June 11, 2023 at 8:46 am
  
  That’s definitely not normal. You might like to try starting up in Recovery and configuring BT in the opening screen there. If that doesn’t work, then you might be able to fix it using a restore in DFU mode, but I’d be inclined to get Apple to tackle it, through a booking at your nearest store.
  Howard.
  
  LikeLike
  - 27
    
    artiste212 on June 12, 2023 at 12:44 am
    
    Thank you, but I don’t believe it’s that simple. Many others have had similar issues. This issue existed in my previous, Intel Mini. Some users who have returned their M1s to Apple for repair received new Mini’s with the same issue. This problem involving the bluetooth Magic Keyboard at cold startup is paired with another, whereby using the Magic Trackpad interferes with bluetooth speakers. From what I can tell, it has persisted across three versions of the Mini, from Intel to Apple Silicon. A partial solution has been to place my Mini with the rear facing forward — but it’s not perfect. I’ve seen no reports of any genuine fixes. And yes, my Keyboard and Trackpad work fine with other people’s MacBooks, iMacs, etc. All in all, it’s not as troubling as Safari’s tendency to stall out when there is still plenty of system memory available (per Activity Monitor). That’s something I hope will have been improved when Sonoma reaches release version.
    
    LikeLiked by 1 person
    - 28
      
      hoakley on June 12, 2023 at 2:00 pm
      
      One thing that I think you need to investigate and explain is why your M1 mini has problems, but many others don’t. I had one from their first release until Apple released the Studio that I replaced it with. Not once did I ever experience the problems you’re reporting. I’m not saying that you’re not doing it right, but discovering why you’re having problems starts by looking at the differences, and isolating them.
      Howard.
      
      LikeLike
29

Bruce Klutchko on June 12, 2023 at 2:39 pm

Thanks again. I recall when I first used my new M1 Mini, being disappointed that it wouldn’t recognize my Magic Keyboard without a USB tether, like the Mini before it. Perhaps there is something in the environment that creates this difficulty. As a first step, it may be useful to all WiFi and Bluetooth devices (including router, iPhone, printer, TV, etc.) other than the keyboard and trackpad and restart. This means disabling my router, as well. Both monitors are new (different brand, connection cables, etc.). Apartment life, however, means there will always be other signals within 30 feet that are still of significant signal strength.

LikeLiked by 1 person
- 30
  
  hoakley on June 12, 2023 at 4:50 pm
  
  You don’t have to go that far: the mini’s Wi-Fi and you router should be fine, as should other Apple devices. Printers, TVs, etc, are important to eliminate for the time being, as are non-essential USB-C connections, which are a well-known cause of flakey wireless connections. I’d try to remove any Bluetooth audio as well, as that can be troublesome.
  I wish you success.
  Howard.
  
  LikeLike