MacInTouch Amazon link...

Apple compatibility issues

Channels
Apple

Ric Ford

MacInTouch
Some interesting notes from Howard Oakley about Mojave, Catalina, EFI, 32-bit support and more:
Eclectic Light Co. said:
Last of the Mojave
Some time in the next week or two, Apple should release macOS 10.14.6, almost certainly the last version of Mojave we’ll see, and the last macOS to run on the ‘cheesegrater’ Mac Pro. Unless something goes seriously wrong, the next macOS release after that will be Catalina, probably towards the end of September.

This update looks set to be accompanied by an EFI firmware update, perhaps for all supported models. Among other things, that should provide a firm base for the rejigging of volumes required for Catalina’s new read-only system volume, and for its other requirements. It’s easier on users if the first major release doesn’t have to include an EFI firmware update too.

... Losing all access to 32-bit apps is going to be more serious than many seem to think.
 



Please let us know how you like the keyboard.
The keyboard - the third-generation butterfly - on this MacBook Air 8,1 feels pretty much like that on the 2017 MacBook Pro 14,2, which I think was second-generation butterfly - maybe a little quieter, but I'm so deaf, I don't care. Too little key travel and a pretty hard stop at the end of that travel. Could be hard on the fingertips, if I were a heavy duty typist. At least the keys seem to work, which isn't something I can rely on with the MacBook Pro.

We'll see if the crumb-catcher membrane does anything as time goes by. I've used more of my stock of canned air on that MacBook Pro keyboard than I have cleaning negatives in the past year!

Lovely to have proper function keys again, plus the convenience of the TouchID power button - best of both worlds. I don't believe I ever used the Touch Bar for anything other than adjusting volume. The machine (a 1.6GHz Core i5) feels just as fast in ordinary usage as the MacBook Pro (3.5GHz Core i7); no doubt the difference will become very obvious the first time I start up X-Plane 11 or try to render a video. The plan is to upgrade only one of these machines to macOS 10.15, and leave the other at macOS 10.14 as another machine to use with my Flextight X1 scanner and its 32-bit software.
 


Ric Ford

MacInTouch
In fact, I think a 2017 iMac 5K Retina like the following is a slam dunk at $2,549 with 1TB SSD, two Thunderbolt 3 ports, Radeon Pro 580/8GB, P3 wide-gamut color, 8GB user-upgradable RAM (up to 64GB at 2400MHz), SDXC Card slot, four USB 3 ports, 4.2GHz quad-core i7, and macOS 10.12 compatibility....
Here are some more details about the computer:
 


Thank you for documenting your journey and all your labors with MacInTouch! Our similar 2017 iMac has arrived, and I have a copy of the macOS 10.12.6 installer. I was curious if you would recommend any special procedures for reverting to the earlier OS, or can we just run the installer and use Migration Assistant from a Late 2011 iMac?
Happy 4th to all!
 


Ric Ford

MacInTouch
Our similar 2017 iMac has arrived, and I have a copy of the macOS 10.12.6 installer. I was curious if you would recommend any special procedures for reverting to the earlier OS, or can we just run the installer and use Migration Assistant from a Late 2011 iMac?
People have different needs and priorities and preferences, but here's a rough outline:
  1. Do you want to preserve the state of the iMac as delivered? You could boot it in Target Disk Mode and clone it, if you think that's necessary, but it might be a waste of effort.
  2. If you have a macOS Sierra 10.12.6 system already, the easiest approach is to simply boot the iMac off a clone of that on an external drive (I use SSDs) for the next steps.
  3. I, personally, always test storage integrity before putting it into production — by running SoftRAID Certify. This destroys the contents of the drive (hence Step 1 above). Target Disk Mode gives you access to the internal drive.
  4. I typically erase (format) the internal drive using Disk Utility in standard format, Mac OS Extended Journaled. Then partition it:
  5. I like to allocate a small (e.g. 12-16GB) unencrypted partition as the first partition on the drive to serve as donor space for the Recovery HD partition and for utility work (e.g. benchmark testing space, holding logs of drive tests, etc.)
  6. Allocate partitions as you see fit. I suggest using FileVault (Mac OS Extended Journaled Encrypted) for the boot volume and any other volumes with anything other than public data.
  7. At this point, I usually add a Recovery HD partition using Carbon Copy Cloner, choosing the unencrypted donor partition, but you may be able to skip this step of you use the macOS Sierra installer (which may work better in some cases).
  8. Now you can either restore from backup to the main boot partition or do a clean install (using a bootable installer drive) and then an import via Migration Assistant. Restore seems easier and faster, but clean install may do better at setting up the recovery partition correctly.
That's just a quick write-up, not sure if I missed anything, so feel free to ask questions or make suggestions!
 


You'll need the Sierra installer app (which Apple no longer provides), and I generally use DiskMakerX to get the job done (though you can jump through weird Apple hoops in an alternative procedure, if you want).
Take a look at this website to download Sierra. Check the second paragraph of section 4. There is a link that opens the App Store to the Sierra download.
Apple said:
How to upgrade to macOS Sierra
... If you still need macOS Sierra, use this App Store link: Get macOS Sierra. To download it, your Mac must be using macOS High Sierra or earlier.
 


As for repurposing to Linux... [choose] 3) Boot anything, whether signed or not. So you should just be able to set it to the least secure setting and should be good to go.
Back in November when the Mini and its T2 arrived there were lots of reports that the T2 blocked booting Linux. I followed up on those after your post and I found no reports of users actually installing Linux on T2 Macs. What I have found is this:
Stackexchange said:
How can you get any version of Linux to see the 2018 MacBook Pro SSD?
Update: changing the Secure Boot option makes no difference.
Update 2 (July 2019): custom patching of linux kernel seems to do the thing, unfortunately it's a pretty nerdy solution.
For further discussion see this July 3 post on Phoronix:
 


Ric Ford

MacInTouch
I continue to encounter problems with a T2-based 2018 MacBook Pro and Thunderbolt Target Disk Mode:

On a 2017 iMac 5K, running macOS 10.12.6 Sierra, a Samsung X5 SSD shows up as a valid boot volume, but a 2018 MacBook Pro in Target Disk Mode does not, even though both are visible in System Information and one is an old clone of the other (both are bootable macOS 10.14 systems).

The 2018 MacBook Pro in Target Disk Mode does not show up with Option-boot, either.

The Samsung X5 also shows up in Disk Utility, but the 2018 MacBook Pro in Target Disk Mode does not.

If I boot the Samsung X5 (macOS 10.14.2), the 2018 MacBook Pro in Target Disk Mode still does not show up as a bootable volume in System Preferences > Startup Disk, but it does show up in SoftRAID. (Disk Utility hangs "Loading disks".) SoftRAID can mount the 2018 MacBook Pro internal drive in Target Disk Mode, but Startup Disk still doesn't see it.


#T2 #TargetDiskMode #2018MacBookPro
 


On a 2017 iMac 5K, running macOS 10.12.6 Sierra, a Samsung X5 SSD shows up as a valid boot volume
While this post isn't an answer to your question (and for that I apologize), your post did make me wonder: how does a modern Mac determine what it presents to the user as "bootable"?

The last time I contemplated that question, the answer boiled down to the presence of folder containing a Finder file, a System Suitcase, and (depending on the model) a System Enabler file, and that was pretty much the entire answer. ;-)

I have an external disk with OS X 10.10.5 on it, which I know this iMac (same generation as yours) will not boot, yet it still appears as an option. I have not tried it (for fear of causing damage due to unsupported hardware), but I presume it would just fail, and I would just have to select a valid OS, presumably via Option-boot.
 


Ric Ford

MacInTouch
If I boot the Samsung X5 (macOS 10.14.2), the 2018 MacBook Pro in Target Disk Mode still does not show up as a bootable volume in System Preferences > Startup Disk, but it does show up in SoftRAID. (Disk Utility hangs "Loading disks".) SoftRAID can mount the 2018 MacBook Pro internal drive in Target Disk Mode, but Startup Disk still doesn't see it.
Talk about confusing... I subsequently updated the Samsung X5 (Thunderbolt 3 SSD) boot drive to macOS 10.14.5, and I was finally able to get the 2018 MacBook Pro internal drive in Target Disk Mode to show up as an option in Startup Disk. Except... it didn't work. It kept giving password errors at boot when entering the correct password, a real, um, "unhelpful" behavior.

And the Target Disk Mode drive still didn't show up with Option boot.

So, we have a bootable 2018 MacBook Pro with FileVault enabled on its internal drive, but that drive will not boot in Target Disk Mode, even though SoftRAID can mount it and it shows up as an option in Startup Disk preferences — it just doesn't work, throwing out confusing password error messages for correct passwords.

(I'm not sure Windows or Linux is worse than this kind of Apple experience... but, of course, I'm obviously "holding it wrong.")
 


So, we have a bootable 2018 MacBook Pro with FileVault enabled on its internal drive, but that drive will not boot in Target Disk Mode....
That was news to me, as I'd commented one of the real advantages of macOS is what I thought was the unique ability to ability to build bootable clones. I'd also found Target Disk Mode useful for diagnosing issues and transferring files or even choosing a connected Mac's drive as the boot drive for another.

Over the years I've read of any number of security issues arising from those beneficial features, and Apple with its mantra of security seems to be moving to, at least, reduce those abilities.
Another comment via email:
I just wanted to point out that you can in fact make bootable clones in Windows. I do this daily in Windows using an app called Casper which even updates the clones in a smart way like Carbon Copy Cloner and SuperDuper do.
I note it will clone drives encrypted by Microsoft's Bitlocker or Symantec's proprietary version of PGP.

Here's an overview of two Linux encryption modes with which I've had some experience. It is now very easy to implement whole disk encryption when setting up a Linux system:
Phoronix said:
The Cost Of Home Directory Encryption & LUKS Full Disk Encryption On Ubuntu 18.04
With many of you likely upgrading to Ubuntu 18.04 LTS upon release and the recommendation to use disk encryption as important as ever on any important system especially laptops/ultrabooks, here are some fresh benchmarks using a development snapshot of Ubuntu 18.04 "Bionic Beaver" and looking at the current performance overhead of using the current "home directory encryption" and "full disk encryption" options available to Ubuntu Linux users.
As to booting a Linux or Windows system and accessing its drives, as with Mac [Target Disk Mode], it seems possible using "Wake on Lan" and SSH or similar. I've turned "Wake on Lan" off on my systems, because I don't want them somehow being remotely booted and accessed over the Internet or network, and I really don't have the networking expertise to evaluate what is and isn't a real risk.
 


Talk about confusing... I subsequently updated the Samsung X5 (Thunderbolt 3 SSD) boot drive to macOS 10.14.5, and I was finally able to get the 2018 MacBook Pro internal drive in Target Disk Mode to show up as an option in Startup Disk. Except... it didn't work. It kept giving password errors at boot when entering the correct password, a real, um, "unhelpful" behavior. And the Target Disk Mode drive still didn't show up with Option boot.
I wouldn't expect a T2 drive encrypted with that favor of FIleVault to boot off of an non-T2 Mac. Mounting a Target Disk Mode drive that was being managed by the external T2 in a non-boot context would work. However, once you mix in the boot protocol of a T2 system, you are substantively at variance with the protocols. The external T2 is not managing the boot process. That is a major variance right there. The external T2 has short-circuited the boot process to run as "drive only" for the Target Disk Mode. It is 'decrypting' the data off the drive, so it can be accessed as a non-boot drive. If there was a need to clone the drive to another system, that could be done.

The older iMac has no T2 at all. So there is zero T2 in the loop for the actual macOS boot process. So how is that protocol suppose to get followed? It is older EFI firmware trying to talk to the "future timeframe" T2 directly. That interaction may not be supported (shouldn't be surprising if it is not). Mounting the T2 as a disk later after macOS has fully booted is another context.

This process of booting a newer system's image on something older is a corner case. If Apple moves to a mode where each system gets a more customized OS/app image(s), e.g. to different platform implementations, this will work even less.
 



Ric Ford

MacInTouch
Thank you for documenting your journey and all your labors with MacInTouch! Our similar 2017 iMac has arrived, and I have a copy of the macOS 10.12.6 installer.
Here's some more information about compatibility issues with the 2017 iMac 5K:

I just tried re-installing macOS Sierra from Recovery mode (instead of cloning it from another Mac). I couldn't do it.

I got into Recovery mode and got to the Sierra installer and tried to get it to install, but it wouldn't go past a step of "checking with Apple". My guess is that Apple will not let me install Sierra from Recovery mode on a Mac that runs Sierra just fine but shipped with Mojave on it.

I even tried Internet Recovery (Command-Option-Shift-R), but that wanted to install Mojave.
 


I wouldn't expect a T2 drive encrypted with that favor of FIleVault to boot off of an non-T2 Mac. Mounting a Target Disk Mode drive that was being managed by the external T2 in a non-boot context would work. However, once you mix in the boot protocol of a T2 system, you are substantively at variance with the protocols. The external T2 is not managing the boot process. That is a major variance right there. The external T2 has short-circuited the boot process to run as "drive only" for the Target Disk Mode. It is 'decrypting' the data off the drive, so it can be accessed as a non-boot drive. If there was a need to clone the drive to another system, that could be done. The older iMac has no T2 at all. So there is zero T2 in the loop for the actual macOS boot process. So how is that protocol suppose to get followed? It is older EFI firmware trying to talk to the "future timeframe" T2 directly. That interaction may not be supported (shouldn't be surprising if it is not). Mounting the T2 as a disk later after macOS has fully booted is another context. This process of booting a newer system's image on something older is a corner case. If Apple moves to a mode where each system gets a more customized OS/app image(s), e.g. to different platform implementations, this will work even less.
I was thinking this, too, but Apple's PDF about T2 security does mention Target Disk Mode and FileVault, and the mention doesn't say "can't do this."

We know that a drive that is FileVault-encrypted by a T2 Mac can only be used with that Mac; you can't pull the drive and put it in another Mac, even one with a T2 chip. Right?

And on a T2 Mac, the T2 system is handling the decryption; the OS doesn't see the encrypted data at all. I'd presume that would be even during the boot process.

So the way I'd expected it to work is:
  1. Mac with T2 is started in Target Disk Mode.
  2. That Mac asks for the password to unlock the drive.
  3. The T2 system decrypts the data: Thunderbolt > T2 > drive.
  4. The other Mac boots from the decrypted drive over Target Disk Mode. That is, it doesn't see the drive as an external encrypted drive, it sees it as a Thunderbolt attached drive with no FileVault.
 


Ric Ford

MacInTouch
I was thinking this, too, but Apple's PDF about T2 security does mention Target Disk Mode and FileVault, and the mention doesn't say "can't do this."

We know that a drive that is FileVault-encrypted by a T2 Mac can only be used with that Mac; you can't pull the drive and put it in another Mac, even one with a T2 chip. Right?

And on a T2 Mac, the T2 system is handling the decryption; the OS doesn't see the encrypted data at all. I'd presume that would be even during the boot process.

So the way I'd expected it to work is:
  1. Mac with T2 is started in Target Disk Mode.
  2. That Mac asks for the password to unlock the drive.
  3. The T2 system decrypts the data: Thunderbolt > T2 > drive.
  4. The other Mac boots from the decrypted drive over Target Disk Mode. That is, it doesn't see the drive as an external encrypted drive, it sees it as a Thunderbolt attached drive with no FileVault.
When you start the T2 Mac in Target Disk Mode, it simply puts an icon on the screen and sits there. No password is requested or provided.

As I described, the T2 Mac drive in Target Disk Mode fails to appear via Option-boot; it's invisible for boot purposes.

Only after booting the Mac from a different drive can you then mount the FileVault-encrypted Target Disk Mode T2 Mac drive, and, even then, it's tricky (e.g. Disk Utility might not work, but SoftRAID can).

Weirdly, the Target Disk Mode T2 Mac drive then may appear as a valid option in System Preferences > Startup DIsk, but when you try to boot it, boot fails with invalid password errors when the password is actually correct.

So, the authentication process is failing at boot time (but not later). What's happening in this pre-boot phase? Well, I guess we're running skeleton boot code, not the full macOS, and this skeleton/firmware//boot image can't handle the authentication/mount job for the T2 Target Disk Mode drive.

The problem is that the boot manager is in the firmware of the Mac we're trying to boot (not from the Mac that's in Target Disk Mode), and the macOS Sierra boot firmware can't handle the T2-encrypted drive.

In other words, we can't load firmware/boot code from the Target Disk Mode Mac. This is just what Lyman said earlier (but it took a little while to sink in...).
The older iMac has no T2 at all. So there is zero T2 in the loop for the actual macOS boot process. So how is that protocol suppose to get followed? It is older EFI firmware trying to talk to the "future timeframe" T2 directly. That interaction may not be supported (shouldn't be surprising if it is not). Mounting the T2 as a disk later after macOS has fully booted is another context.
 


While I am not fully conversant in T2-speak, it appears obvious to me that Apple has done everything they can to prevent any 3rd-party drive from working inside the T2-equipped Mac. While Apple will say this is to enhance security, it's really to enhance revenue for Apple. Make it impossible to use any third-party SSD (as the T2 seems to be inexorably linked to the system and its SSD). Not at all surprising.

If/when Apple adds a T2 to an iMac, it means I won't buy it; and I guess that means I will have already purchased my last Mac.

I find the inclusion of the T2 chip on a par with the butterfly keyboards. I simply will not give Apple my money. I'm already boycotting all Apple products with the exception of the iMac. If I have to extend my boycott, so be it. I've been wanting to build a nice AMD Zen 3900x powerhouse, and having an extra $2500 I've not spent on my next iMac will make it easy....
 


Ric Ford

MacInTouch
While I am not fully conversant in T2-speak, it appears obvious to me that Apple has done everything they can to prevent any 3rd-party drive from working inside the T2-equipped Mac. While Apple will say this is to enhance security, it's really to enhance revenue for Apple. Make it impossible to use any third-party SSD (as the T2 seems to be inexorably linked to the system and its SSD). Not at all surprising.
There are actually multiple issues here:

A) Apple refuses to use industry-standard M.2 SSD slots, so it can charge exhorbitant prices and prevent customers from upgrading or repairing the drives themselves.

B) The T2 is a separate system that:
  • still allows booting off an external drive (so far)
  • still allows Target Disk Mode to function (so far)
  • offers extra performance for disk encryption
  • offers extra performance for some graphics operations
  • may offer extra performance for AI tasks
  • offers extra security
  • appears to prevent Linux boot/installation
  • can create problems (as documented above) for older Macs trying to boot a newer Mac in Target Disk Mode
There's a tiny bit of overlap between A and B but not that much, I don't think.
 


Ric Ford

MacInTouch
I got into Recovery mode and got to the Sierra installer and tried to get it to install, but it wouldn't go past a step of "checking with Apple". My guess is that Apple will not let me install Sierra from Recovery mode on a Mac that runs Sierra just fine but shipped with Mojave on it.
I guess the obvious next step is mounting the 2017 iMac in Target Disk Mode and then booting a Sierra Mac (e.g. 2015 MacBook Pro) in Recovery mode and using that to install onto the iMac in Target Disk Mode. (Not sure I have enough spare hours that I can sit around with no usable production system trying the experiment, though.)

Then I remembered the 2011 MacBook Pro.
  1. I booted the 2011 MacBook Pro in Recovery Mode (Command-R)
  2. booted the 2017 iMac in Thunderbolt Target Disk Mode
  3. connected the two with Apple's Thunderbolt 3-Thunderbolt 2 adapter plus a Thunderbolt 2 cable
  4. successfully passed the previously insurmountable roadblock:
    Apple said:
    To download and restore macOS, your computer's eligibility will be verified with Apple.
  5. supplied the FileVault password
  6. and am now doing the Recovery Mode install of macOS 10.12 Sierra on the 2017 iMac 5K...
  7. ... which leads (when I returned to check) to a MacBook Pro with a blank screen. Huh?
  8. I used the power button to get things going again, and it's now "Installing"...
  9. ... After the long installation, the screen was blank again (apparently powered off).
  10. Power button to restart.
  11. Fans go into maximal overdrive. Huh?
  12. When I was about to give up, it started booting finally and completed quickly.
  13. I'm now running the newly fresh-installed-from-Recovery macOS Sierra on the 2017 iMac in Target Disk Mode (booting the 2011 MacBook Pro). Fans are still in overdrive and Little Snitch is complaining about license keys, etc.
  14. Shut down. Disconnect Thunderbolt. Boot the 2017 iMac and its fresh macOS Sierra system.
  15. The iMac fan was mercifully quiet. macOS is at 10.12.6. Security Update 2019-003 and some other things have not been installed, so I need to do that via the Mac App Store.
  16. After installing those Apple updates, Howard Oakley's LockRattler showed that silent security updates were back-level (e.g. MRT).
  17. I used LockRattler and Howard's newer, slicker SilentKnight to get those updates installed.
  18. Let's try Recovery Mode again after the clean-reinstall with the help of the 2011 MacBook Pro... Oh, well, same problem: It offers to install Sierra but it stupidly fails to proceed at the "eligibility" step, doing... nothing. No errors, no help, just... nothing. Try again. Nothing.
So, I guess the lesson is that Apple will not permit Recovery Mode install on a Mac that's totally capable of running Sierra and accepting a Recovery Mode Sierra install. But Apple will force you to install Mojave, instead, via its phone-home "eligibility" check of your Mac identifiers... (Anyone else remember the 1984 commercial?)
 


Ric Ford

MacInTouch
So, the authentication process is failing at boot time (but not later). What's happening in this pre-boot phase? Well, I guess we're running skeleton boot code, not the full macOS, and this skeleton/firmware//boot image can't handle the authentication/mount job for the T2 Target Disk Mode drive. The problem is that the boot manager is in the firmware of the Mac we're trying to boot (not from the Mac that's in Target Disk Mode), and the macOS Sierra boot firmware can't handle the T2-encrypted drive.
But, wait! How can we load newer firmware that understands things like T2? How about if we set Startup Disk to a macOS 10.4.5 Mojave drive?!
  1. Attach macOS 10.4.5 Mojave system on Samsung X5 to 2018 MacBook Pro (via Thunderbolt 3).
  2. Attach 2018 MacBook Pro in Target Disk Mode (via Thunderbolt 3).
  3. Option-boot.
  4. Control-select Samsung X5/Mojave and boot.
  5. Verify Startup Disk set to Samsung X5/Mojave.
  6. Reboot with Option key.
  7. T2-encrypted MacBook Pro Target Disk Mode shows up. Select it for boot.
  8. Enter correct password.
  9. Password claimed to be invalid.
  10. Try again.
  11. And try again and again with many variations.
  12. No go.
 


I guess the obvious next step is mounting the 2017 iMac in Target Disk Mode and then booting a Sierra Mac (e.g. 2015 MacBook Pro) in Recovery mode and using that to install onto the iMac in Target Disk Mode....
In all this sequence, I did not see an attempt to install Sierra using a USB drive installer built from the downloaded Sierra installer. Did I just miss it?
 


Ric Ford

MacInTouch
In all this sequence, I did not see an attempt to install Sierra using a USB drive installer built from the downloaded Sierra installer. Did I just miss it?
Yes, you missed it (and I missed the failure, until I finally tried stepping all the way through the Recovery Mode install procedure and hit the silent failure).
 


While I am not fully conversant in T2-speak, it appears obvious to me that Apple has done everything they can to prevent any 3rd-party drive from working inside the T2-equipped Mac. While Apple will say this is to enhance security, it's really to enhance revenue for Apple. Make it impossible to use any third-party SSD (as the T2 seems to be inexorably linked to the system and its SSD). Not at all surprising.

If/when Apple adds a T2 to an iMac, it means I won't buy it; and I guess that means I will have already purchased my last Mac…
Everything I have read about the T2 chip makes me uneasy. Absent the T2 headaches, I would consider getting a 2018 Mini at some point. I’m not a technophobe, but I don’t think I can stand to deal with the aggravation and complications that the T2 chip seems to almost guarantee.

Until a couple of years ago, I felt hopeful that Apple would get itself back on track and make a computer that I wanted to own, running an OS that I wanted to use. The current direction has pretty much extinguished that hope.

If I am unduly concerned about this, I’d love to be talked out of my present Apple funk.
 


Until a couple of years ago, I felt hopeful that Apple would get itself back on track and make a computer that I wanted to own, running an OS that I wanted to use. The current direction has pretty much extinguished that hope.
I agree, Kathryn, there's virtually nothing Apple is doing these days that fills me with any confidence, let alone enthusiasm. It seems they're going out of their way to make life hard for users - almost like a sick game to see how much they can poke users until they leave.
 


Everything I have read about the T2 chip makes me uneasy.
Trust me, Kathryn, you're not alone. I only needed to read one sentence:
In very rare circumstances, such as a power failure during a macOS upgrade, an Apple desktop computer that has the Apple T2 Security Chip may become unresponsive and so the firmware on that chip must be restored.
"Very rare" or not, that's a pretty big Achilles heel. Yes, a UPS is always a good thing to have, but that would make it an absolute necessity. And the last time I used one, its intended purpose was to provide enough time for the user to save documents and shut down.

Not everyone is fortunate to have the luxury of a second Mac to get out of that situation. It is cavalier at best for Apple to even get the user into a situation where a second Mac is required in order to resolve it.

And that's before we even begin to address the headaches that Ric and others have reported.

<sarcasm>Well done, Apple.</sarcasm>
 


Ric Ford

MacInTouch
In fact, I think a 2017 iMac 5K Retina like the following is a slam dunk at $2,549 with 1TB SSD, two Thunderbolt 3 ports, Radeon Pro 580/8GB, P3 wide-gamut color, 8GB user-upgradable RAM (up to 64GB at 2400MHz), SDXC Card slot, four USB 3 ports, 4.2GHz quad-core i7, and macOS 10.12 compatibility....
I just tested macOS 10.12 Sierra vs. macOS 10.14 Mojave with the latest Geekbench release. Geekbench seems to think Mojave is a bit faster:

Let's compare to a high-end 2018 MacBook Pro 13-inch with its 8th-gen (vs. 7th-gen) CPU:

But... graphics:

2018 Mac Mini looks good (ignoring graphics and eGPU option:)

 


Everything I have read about the T2 chip makes me uneasy. Absent the T2 headaches, I would consider getting a 2018 Mini at some point. I’m not a technophobe, but I don’t think I can stand to deal with the aggravation and complications that the T2 chip seems to almost guarantee.
</SNIP>
I continue to be delighted with my 2018 Mini (512GB/16GB). My media folders are on large hard drives in Thunderbolt 2-connected enclosures. My two screens connect using Thunderbolt 3-DisplayPort cables. I can lay no problems on the T2 chip, only on Apple's insistence in removing or hiding useful functions and capabilities.
 


I continue to be delighted with my 2018 Mini (512GB/16GB). My media folders are on large hard drives in Thunderbolt 2-connected enclosures. My two screens connect using Thunderbolt 3-DisplayPort cables. I can lay no problems on the T2 chip, only on Apple's insistence in removing or hiding useful functions and capabilities.
The T2 chip is not an inherent problem for single-use Macs in general usage while everything works. Some of the potential, future issues though, are:
  • when something goes wrong and the Mac needs to be diagnosed/tested or the storage/file structure repaired
  • when something goes wrong and the Mac needs to be restored
  • multiple Mac environments (large families / small business / corporates) where repurposing equipment is important
  • selling the Mac on
Combined with persistent Apple ID associations and the forthcoming macOS Activation Lock feature in Catalina, there's a lot to be worried about. But, then, all this fits in with Apple's current focus on forced obsolescence/upgrade. It also reminds me of the bad old days where we Mac support tech-heads used to laugh at Windows users with the term "nuke and pave". Now, not so much… :-(
 


Trust me, Kathryn, you're not alone. I only needed to read one sentence:
In very rare circumstances, such as a power failure during a macOS upgrade, an Apple desktop computer that has the Apple T2 Security Chip may become unresponsive and so the firmware on that chip must be restored.
"Very rare" or not, that's a pretty big Achilles heel. Yes, a UPS is always a good thing to have, but that would make it an absolute necessity. And the last time I used one, its intended purpose was to provide enough time for the user to save documents and shut down.
A UPS is [overkill] in this specific context, but it would probably work. The overall OS upgrade might get toasted, but if it dies before or after the firmware upgrade, the state of the T2 shouldn't get corrupted. Unless the UPS capacity is underprovisioned, you should have enough power to complete the firmware upgrade step even without active "shutdown" control. The overall OS upgrade would be in danger with or without a T2 present.

... All Apple needs to do is put in some power-loss protection (e.g., some capacitors or small chemical battery) to power the T2 SSD controller until it can shut down — probably only needs a couple of seconds to do a sane shutdown.

A Mac laptop with a dead battery is just as susceptible. The baseline of the T2 is pulled from iOS devices, which all have a battery [vs. desktop] Macs [and] AppleTV [whose] OS is even closer to iOS.

When firmware (Mac and T2) upgrades are embedded in the macOS upgrade, a complete power loss in the middle of firmware upgrade is still a major problem without a T2 present....
Not everyone is fortunate to have the luxury of a second Mac to get out of that situation. It is cavalier at best for Apple to even get the user into a situation where a second Mac is required in order to resolve it.
You don't have to own a second Mac, just to borrow one.
 


I continue to be delighted with my 2018 Mini (512GB/16GB). My media folders are on large hard drives in Thunderbolt 2-connected enclosures. I can lay no problems on the T2 chip, only on Apple's insistence in removing or hiding useful functions and capabilities.
I like my 2018 Mini, too, but it isn't a lot better than the 2011 Mini it replaced. The Mojave OS has caused me a lot more trouble than the hardware. I don't use the internal SSD for anything at all — it never mounts. This thread makes me ask: can I swap my external drive to another 2018 Mini and boot from it? I don't know how the T2 chip interacts with FileVault.
 


Ric Ford

MacInTouch
This thread makes me ask: can I swap my external drive to another 2018 Mini and boot from it? I don't know how the T2 chip interacts with FileVault.
I cloned a 2018 MacBook Pro (T2) internal, FileVault-encrypted boot drive to a Samsung X5 external Thunderbolt 3 drive, and I can boot that system from the Samsung X5 connected to a 2017 iMac 5K.

What I can't do is boot the internal drive of the 2018 MacBook Pro (in Target Disk Mode) on the iMac.

(Note: I enabled External Boot and disabled Secure Boot in the security options of the 2018 MacBook Pro, but that didn't help.)
 


DFG

Very interesting discussion about the T2 chip.... The suspicion is that the T2 will be the enabler to completely lock down macOS [like iOS]. The operations that are still allowed, for now, could be prohibited once every shipping Mac will have a T2 chip. That could mean no more hackintosh....

It is possible to boot Linux on Macs with T2, but only by disabling Secure Boot. This means that we can't have dual-boot systems (macOS and Linux).
iDownloadBlog said:
By default, T2-equipped Macs won’t boot Linux or anything except macOS and Windows 10

... The T2 chip ensures your Mac is in a known trustworthy state when it’s booted by verifying the integrity of every step of the startup process to ensure no code has been tampered with. Due to the way this system security has been implemented in hardware, macOS Mojave currently won’t let you boot Linux. And to boot Windows, you must first enable Boot Camp.

... Apple itself notes that it might be possible to disable the Secure Boot security in full when booting to the Startup Security Utility in the macOS Recovery mode. As a result, this may allow Linux to load on your T2 Mac but without any boot security.

On the other hand, don’t treat this as a foregone conclusion, because disabling the Secure Boot startup features may not make any difference for the case in question, as per other reports.

... Apple’s T2 Chip Security Overview states that other operating systems cannot be used with Macs using Secure Boot, as there’s currently no trust provided for the the Microsoft Corporation UEFI CA 2011 which would allow verification of code signed by Microsoft partners.

... Enabling the No Security option in Startup Security Utility on your Mac equipped with the Apple T2 chip completely disables secure boot evaluation on the main Intel processor and allows any operating system to boot your machine.
 



Ric Ford

MacInTouch
This seems kind of sick...
  1. Open Disk Utility in macOS 10.14.5
  2. Create a new, unencrypted volume* on an APFS drive (2018 MacBook Pro in Target Disk Mode)**
  3. Restart
  4. Unencrypted volume does not show on the desktop.
  5. Open Disk Utility
  6. Select unencrypted volume.
  7. Click Mount button.
  8. This dialog box appears: "Enter a password to unlock the disk UnencryptedVolume"
    But you can't type into the Password box (even if you knew what password Apple wants for the unencrypted volume).
* using the same APFS “container” that holds an encrypted volume — this may be the trigger for the problem, but I couldn’t create a volume outside that container

** The 2018 MacBook Pro gets disturbingly hot in Target Disk Mode, but the fans never come on
 


... All Apple needs to do is put in some power-loss protection (e.g., some capacitors or small chemical battery) to power the T2 SSD controller until it can shut down — probably only needs a couple of seconds to do a sane shutdown.
I agree, and this would definitely be a step in the right direction.
A Mac laptop with a dead battery is just as susceptible.
I wouldn't call it just as susceptible, for the simple reason that the user is in a position to decide not to do an upgrade until that battery is fully charged as a safeguard.
When firmware ... upgrades are embedded in the macOS upgrade, a complete power loss in the middle of firmware upgrade is still a major problem without a T2 present
Also true. But Apple went out of its way to publicize this scenario (it was one of the first things I read about the T2 when the iMac Pro was brand new), which makes me think it might not be quite so "rare" with the T2.
You don't have to own a second Mac, just to borrow one.
With absolutely no disrespect intended, I didn't say anything about owning a second Mac. Borrowing can be every bit as much a luxury as owning. My nearest Mac-owning friend is just under 4 hours (and approximately 200 miles) away.

I continue to hold the view that it is cavalier of Apple to introduce such a "feature" that requires a second Mac to fix, without a safeguard of the type you mention.
 



Ric Ford

MacInTouch
Is that the least restrictive setting? If not, would the least restrictive setting change anything?
It's actually a two-part setting (after you slog through the whole Recovery boot hassle to get to Startup Security Utility):
  • Secure Boot: No Security
  • External Boot: Allow booting from external media
So, that's the least restrictive setup possible... and it didn't work.
 


It's actually a two-part setting (after you slog through the whole Recovery boot hassle to get to Startup Security Utility)
Thanks for the clarification. I definitely don't think I like the idea of a T2 Mac for my own use.

And on a separate note, I am disappointed that Apple would make it so difficult (even though it has nothing to do with T2) to install/reinstall Sierra on our perfectly compatible iMacs that shipped with Mojave. I can only utter a rhetorical "Why, Apple? Why?"
 



Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts