This ingenious new boot process does have consequences, though. On the other hand, it’s reliant on the iSC and 1TR remaining backward-compatible with older versions of macOS, a problem which might become apparent with macOS 12 later this year. This is much cleaner than on Intel Macs, where each version has its own Recovery volume, which can lead to confusion and error. The iSC and 1TR containers on internal storage provide boot support and recovery for older versions of macOS which are installed. This makes it possible to engage a different policy when booting from an external disk from that for the internal SSD, and for alternative systems installed on the internal storage too.įor those wanting to dual boot an M1 Mac, it changes the process markedly.
However, a separate policy is saved for each system install.
#Big sur m1 mac
When you start up an M1 Mac from an external disk, the first part of the boot process still runs from internal storage and the iBoot System Container, so that it establishes saved security policy.
#Big sur m1 full
When that’s done, as far as your Mac and Apple are concerned, it’s effectively a new Mac and has to undergo full setup from scratch.
#Big sur m1 software
If you’re unfortunate enough to completely wipe your M1 Mac’s internal storage, the only way to recover it is to restore the whole firmware and software image in DFU mode with Configurator 2. Although this container still has a Recovery volume, this is more limited and can’t access security policy, for example.
#Big sur m1 code
If you use code which relies on finding the Data volume by name, you’ll need to check whether that still works.
The normal boot container Apple_APFS isn’t quite the same as that on an Intel Mac either: one subtle but significant difference is that the Data volume isn’t named Macintosh HD – Data, but simply Data. That Recovery volume is designated for recovery, but this container doesn’t have a separate booter volume. This includes a second part of iBoot and all that’s necessary for the M1’s full Recovery Mode. The Apple_APFS_Recovery container is dedicated to providing 1TR, which is stored on its Recovery volume. The xART (volume name) or xarts (volume mountpoint) volume provides trusted storage, while the Hardware volume contains hardware-related files such as logs and activation data. Here, the iSCPreboot volume is the designated booter, and the empty Recovery volume is for recovery. Like the two other containers, it can have designated ‘booter’ and ‘recovery’ volumes, indicated in the above diagram by an asterisk The first, Apple_APFS_ISC, is the iBoot System Container (iSC), and supports the iBoot firmware in the early boot process, as well as providing trusted storage for the Secure Enclave within the M1 SoC. The three containers on an M1 Mac’s internal storage have distinct functions. As that can’t exist on an external bootable disk, and its command line equivalent bputil is largely limited to 1TR, it’s the internal storage which really controls that Mac, even when it’s booted from an external disk. Many of its features, notably its Startup Security Utility which you can use to change the security policy, are only available in 1TR.
When you boot an M1 Mac into its new Recovery Mode, it isn’t using the Recovery volume from the standard boot container at all, but what Apple calls 1 True Recovery (1TR) from the Apple_APFS_Recovery container, something which doesn’t exist on an external bootable disk. Thanks to some deeper exploration by Hector Martin of the Asahi Linux project, and some spade work with diskutil, we can now make a bit more sense of what’s on that internal storage, and why it’s so different from what we’ve come to expect. But that’s very different from the structure and contents of that M1 Mac’s internal storage. The same is true for an external bootable disk for an M1 Mac, which comes complete with its EFI partition and the single container with its boot Volume Group and a volume named Recovery too. It has two partitions, one the traditional EFI in FAT32 format, the other an APFS container within which are the boot Volume Group and the Recovery volume, as shown in the lightly revised diagram below. Make yourself an external bootable disk for an Intel Mac and what you get is essentially the same as on its internal storage.
0 kommentar(er)
