Last Week on My Mac: A boot mystery solved?
When Apple silicon Macs were first released, they brought a new secure boot process with a huge advantage over that of T2 Intel Macs: it was possible to boot them from an external disk without affecting their security. This is because all the crucial steps to secure boot processes are run from the Boot ROM and internal SSD.
The first snag with this was that hardly anyone was able to create a usable external boot disk for some months after those M1 Macs shipped. On 18 December 2020 I wrote here how I wished I could explain how to do that successfully, “but like many other M1 owners, all that I’ve tried so far has failed.” The only reader who reported that he had found the secret was Mike Bombich of Carbon Copy Cloner fame. Four days later, I had my first success, and wrote up the instructions, requiring a Thunderbolt 3 SSD connected to “one of your M1 Mac’s Thunderbolt ports”. However, trying to repeat that with a USB-C NVMe drive resulted in failure without apparent cause.
That article attracted a total of 109 comments, many of them from others who had tried, tried all sorts of workarounds, tried one last time, and still failed. By February 2021, the procedure remained as unreliable as ever, when I lamented that external boot disks still don’t work properly with M1 Macs. Among the comments are statements such as “It was no small task, took two months of messing around”. It wasn’t until the end of May, with Big Sur 11.4, that creating an external bootable disk came close to being reliable. I summarised the whole saga here.
The problems had certainly lessened, sufficient to consider what type of disk to boot from, but there were still inexplicable failures. Of note in that last link is the fact that all my successful tests had used the same Thunderbolt port on my Mac Studio. But why should we have noted which ports worked, and which were unreliable?
Since then, focus has shifted to matters of ownership and LocalPolicy, which have taken much of the blame for failures. Last week, when I was updating my instructions for creating bootable external disks, I happened to find Apple’s recent article on the subject.
This was the first time I had seen any warning of failures when the external disk is connected to the DFU port: “If you’re using a Mac with Apple silicon, plug your storage device into any compatible port except the DFU port. Find out how to identify the DFU port. Once the installation is completed, you can connect your storage device to any compatible port, including the DFU port.” That article was published on 1 October 2024, with a screenshot dating from macOS Sonoma.
Apple repeats that warning in its linked article on identifying the DFU port: “For certain tasks, such as reviving or restoring firmware or installing macOS on an external storage device, you need to know the location of your computer’s DFU (device firmware update) port.” That wasn’t published until 9 December 2024.
To understand why one of the USB-C ports on every Apple silicon Mac might be different, we need to go back to the start of its boot process, when it’s running from the Boot ROM and before that Mac has even got as far as its Low-Level Bootloader (LLB). One of the functions of its Boot ROM is to detect and if necessary engage DFU mode. To do that it has to initialise one of the USB-C ports, although it doesn’t do so with Thunderbolt support, which is why DFU connections are run using plain USB and not Thunderbolt. That’s done for simplicity, to keep the code in the Boot ROM to a minimum, and for more robust security.
That first port is designated as Bus 0 using Receptacle 1, which thus becomes the Mac’s DFU port. From the information so recently released by Apple, that port remains different, and when it comes to be used to create LocalPolicy for a bootable external disk, it fails. Thus if you try to install a bootable external disk through the DFU port, it’s doomed to fail.
Given that this limitation applies to all Apple silicon Macs, including those M1 models with Boot ROMs dating from 2020, and isn’t apparently limited to recent versions of macOS and their firmware, this appears to have been a problem all the way along, and at least a contributor to all those failed attempts to install bootable external disks, if not a primary cause. Since late 2020, and not disclosed until four years later.
Looking back at the comments made here at the time, these problems were sufficient deterrent to many who had been considering upgrading to Apple silicon at that time. When such an important feature of all previous Macs is at best tricky and unreliable, potential purchasers were understandably reluctant to pay for what was in so many other respects a triumph for Apple’s engineering teams.
I now look back on all those wasted days, weeks even, trying to get something to work that Apple must have known had a good chance of failing. Is it surprising that my sense of relief in finally learning one of the causes of all that wasted time and effort is overwhelmed with the anger that we’ve had to wait four years to be told one of the causes? And even now it’s hidden away in support notes that we only discover by accident.
