User data security has always been a top priority for Apple developers. Produced gadgets are equipped with both physical and software tools for encryption, user identification and file protection in the event of a device in the hands of intruders.
The system was regularly improved in this direction, but it seems that last year, the Cupertino seriously overworked.
This is a new chip T2 , which is installed in almost all modern models of Mac.
Why do you need a T2 chip and what’s wrong with it
It all started in 2016 with the advent of the first MacBook Pro models with a Touch Bar touch panel . Then the chip Apple T1 answered for the work of this chip .
The module was very similar to the S2 board , which equipped the Apple Watch Series 2 . Both modules are responsible for data encryption and security. The chip in the MacBook at the same time controlled the touch panel, stored a bunch of keys and performed a number of other less significant actions.
At the end of 2018, the Cupertinians presented a radically updated MacBook Air and a minor update of the MacBook Pro lineup. One of the innovations of these laptops was the new Apple T2 chip .
In addition to the already known tasks of its predecessor, the new module is responsible for encrypting the SSD, controls the system load and allows you to activate Siri on a Mac using voice.
T2 has a hard peg to the Touch Bar and in case of a breakdown, the latter also needs to be replaced. Everything, like the Touch ID \ Face ID bundle with the motherboard on the iPhone.
The most unpleasant feature of this chip began to be noticed by users who decided to reinstall the operating system on new computers. The Apple T2 chip blocks Mac boot from any external drive . Only boot from the onboard SSD or network system recovery.
It will not be possible to install macOS from a bootable USB flash drive, boot from any other external disk with a deployed OS. Even third-party backup tools will not work with this restriction.
What are computers at risk?
At the moment, a similar chip is installed on such devices:
▪️ iMac Pro
▪️ Mac mini (2018)
▪️ MacBook Air (2018 and later models)
▪️ MacBook Pro (2018 and later models)
You can check the availability of the module on the path – About this Mac – System report , in the Controller section, you will see the security chip installed on the device.
In the current model range of computers Apple T2 is not only in the iMac and Mac Pro. Most likely, the line will be updated in the fall and the problem will affect all models.
How to fix the situation
Fortunately, the problem has a solution. The restriction on booting from an external drive is software and it can be disabled.
Here is what you need to do:
1. Restart your Mac and hold down the Command + R key combination during startup . For desktop computers you need to connect a wired keyboard.
2. After booting from the system recovery section, select the Utilities – Safe Boot Utility menu item .
3. Click Enter password for macOS and authenticate with an administrator account.
4. In the menu that opens, we recommend changing two settings:
For secure boot, set the security level to Medium . So if macOS fails on a Mac, you can run any version of the Apple operating system without connecting to the network. Otherwise, the laptop will have to download the installation image of the latest actual system for the computer from the Apple site.
Below you should allow booting from external drives .
Only when these parameters are enabled will it be possible to reinstall macOS from a bootable USB flash drive, start from another disk, or boot from a partition that has been cloned on the disk.
In the event of the inoperability of macOS, damage to the boot area, or failure of a Mac drive without changed settings, reinstalling the system will be extremely problematic.