Do You Have A Backup – #4: A Small Interlude

Originally, this topic was going to be the final one in the series, but after some contemplation, I think it needs to be addressed sooner. There are some major changes in macOS and in the hardware that seem to be making big changes in the backup/restore processes and options.

Basically, two major shifts have occurred:  1) Apple introduced the T2 Security chip and 2) Apple released the M1 System-on-a-Chip (SoC) machines using Apple Silicon instead of the Intel CPU family it had been using.  Those two changes have brought some major and minor changes in how the system operates. I suspect that the soon-to-come M1/Mx machines and macOS Monterey may well make even more, but until those products are actually out for consumer use, we can only speculate.

Let me start by giving credit to the website, The Eclectic Light Company for summarizing the issues well. The depth of analysis done by the owner of that site is nothing short of amazing! (And, his articles on art are astounding as well!) If you want detailed technical discussions of the impact of T2 and M1 SoC on booting a Mac, you can spend days reading at Eclectic Light.

The T2 Chip

According to Apple, these Mac computers have the Apple T2 Security Chip:

  • iMac (Retina 5K, 27-inch, 2020)
  • iMac Pro
  • Mac Pro (2019)
  • Mac Pro (Rack, 2019)
  • Mac mini (2018)
  • MacBook Air (Retina, 13-inch, 2020)
  • MacBook Air (Retina, 13-inch, 2019)
  • MacBook Air (Retina, 13-inch, 2018)
  • MacBook Pro (13-inch, 2020, Two Thunderbolt 3 ports)
  • MacBook Pro (13-inch, 2020, Four Thunderbolt 3 ports)
  • MacBook Pro (16-inch, 2019)
  • MacBook Pro (13-inch, 2019, Two Thunderbolt 3 ports)
  • MacBook Pro (15-inch, 2019)
  • MacBook Pro (13-inch, 2019, Four Thunderbolt 3 ports)
  • MacBook Pro (15-inch, 2018)
  • MacBook Pro (13-inch, 2018, Four Thunderbolt 3 ports)

In those systems, to be able to boot from an external disk, you have to change the startup security settings explicitly to allow that to happen. So, if you haven’t enabled it in advance, to boot from any external recovery disk you have to boot into the recoveryOS on the internal storage and use Startup Security Utility located there to change the boot security policy. But the challenge is that the recoveryOS is, in fact, stored in a separate volume within the startup Container, and thus is on the same internal drive as the System and Data Volumes. As a result, if the internal drive fails with a hardware failure and cannot be used at all, then you cannot boot into recoveryOS to make the changes to be able to boot from the external backup drive. You could reduce the default security on your T2 machine to make the external recovery drive bootable, but that’s not recommended as the T2 security chip is integral to the basic security setup of the machine and you would open your data up to much greater vulnerability than you may wish to do. So, a clone backup on a T2 system is only useful if the failure is not hardware related but only some corruption of the System and/or Data Volumes.  The idea that one could have a hardware failure of the internal drive and boot from the external while waiting for a replacement drive to arrive to be installed is no longer practical in the T2 systems, even those where the drive is, in fact, replaceable.

The M1 Systems

The M1 systems get even more complex. The SoC approach means that there is not really any dedicated hardware to be called a “drive” as such. All of the storage is dynamically allocated as needed to whatever process needs it. There is a structure of Containers and Volumes, as in any APFS drive, but unlike on the T2 systems, the recoveryOS is not a Volume in the same Container as System and Data, but in a completely separate Container, not sharing any disk space with the macOS volumes. The impact is that a recovery on an M1 system is more robust, as it comes with a full toolset when booted from the internal drive. Apple calls that “1 True Recovery.” But it also gets more tricky if it’s a hardware issue.

What about our external clone backup? Well, the clones cannot currently copy that separate recovery Container because of the security of the system. And that fact means that any backup disk that could boot won’t have the key tools, including Startup Security Utility that is needed to allow an M1 system to boot from an external drive. The value of a “bootable” clone is much, much less than in a pre-T2 Intel system, or even than a T2 Intel machine. Bottom line? Getting an M1 system to boot from an external drive is difficult to nearly impossible if the internal drive storage holding the recovery Container is damaged at all.


Why this interlude? Because the changes thus far created by the T2 chip and by the M1 SoC are likely just the tip of the iceberg as Apple moves further and further away from the old Intel architecture. And that move means that it is unlikely that a full clone, even if it were possible to make, isn’t bootable now and most likely won’t be bootable on that new Mx system in a year (or maybe even less).

And that then means that the overall strategy of backups will change. Clones will be of lower value than they are in the pre-T2 Intel systems. Couple that with the fact that with an M1 SoC chipset any hardware failure means the entire SoC has failed, so a hardware failure of the storage being used for internal drives is not repairable and will require replacement of the motherboard. AppleCare+ is going to be much more attractive!

If the storage being used by APFS for the System and Data Volumes is corrupted, not by a hardware failure but by some data corruption, then the recovery process will be to boot into the recoveryOS (1 True Recovery) and reinitialize the storage being used for the Container that holds the System and Data Volumes, then the user can restore the user data to the Data Volume from a backup. Basically, all the backup needs to hold is your data, not the system files at all. And that is a factor in deciding what to backup!

Now, back to your regular programming…