About How Boot and Storage Work on Apple Silicon Macs - Electric Light Article

[Yebubbleman]

I saw the following article elsewhere in a thread on the "Apple Silicon (Arm) Macs" forum section. Seems like a substantial change to how the boot process was on Intel Macs (let alone on T2 Intel Macs)

M1 Macs radically change boot and recovery

Thoughts on this?

Personally, I'm naturally wary of reliance on internal storage for recovery purposes. But, with Apple effectively having shot Internet Recovery in the foot in many ways (and then removing it from Apple Silicon Macs altogether) and with Apple Configurator 2 being effective for restoration and recovery of the 1TR Recovery environment on Apple Silicon Macs, maybe it's better this way?

 

[Gnattu]

You can use DFU mode to restore OS installation via Apple Configurator 2 even if the internal SSD is completely erased and recovery environment is not accessible. If you don't have another Mac and this is the case you may have to go to an Apple Store for the recovery, but this would be an extremely rare case. People tried to erase internal SSD on early days was put into such situation, but it should no longer be the case now.

 

[jdb8167]

It might not be that bad except that it seems like it is buggy as hell. I just installed the 11.3 Beta 8 and I might try to install on an external drive again just to see if they improved the process.

The other thing is that the internal SSD has to be working to boot. If it dies for any reason, you have a brick. I'm not that worried about this scenario but it is a new risk.

 

[Krevnik]

The other thing is that the internal SSD has to be working to boot. If it dies for any reason, you have a brick. I'm not that worried about this scenario but it is a new risk.

That stood out to me as well, and I agree it is a new risk. That said, a good chunk of this sort of pre-boot environment would live in a separate NAND on Intel systems (or NAND embedded in the T2 on systems that include it) anyhow. This feels like a trade off where the trade is the “eggs in one basket” risk in exchange for putting this stuff on the SSD where you’re at least able to take advantage of more advanced wear leveling. Considering how frequently Apple updates iBridge for T2 systems, I’m not that surprised Apple chose to go this route, since it should have a longer lifespan than the T2 approach.

 

[jdb8167]

That stood out to me as well, and I agree it is a new risk. That said, a good chunk of this sort of pre-boot environment would live in a separate NAND on Intel systems (or NAND embedded in the T2 on systems that include it) anyhow. This feels like a trade off where the trade is the “eggs in one basket” risk in exchange for putting this stuff on the SSD where you’re at least able to take advantage of more advanced wear leveling. Considering how frequently Apple updates iBridge for T2 systems, I’m not that surprised Apple chose to go this route, since it should have a longer lifespan than the T2 approach.

I'm really not all that up on how SSDs die. Would a controller attempt to move a recovery partition during a failed write? There are two recovery partitions on Apple Silicon Macs so the failure would have to happen twice. Also, would MacOS give an appropriate warning of pending failure so you can make sure everything is backed up? This is all too new.

Edit: Obviously it wouldn't move a whole partition but would an otherwise unchanged block that is part of the recovery partition get moved because of wear leveling or some other condition?

 

[Krevnik]

I'm really not all that up on how SSDs die. Would a controller attempt to move a recovery partition during a failed write? There are two recovery partitions on Apple Silicon Macs so the failure would have to happen twice. Also, would MacOS give an appropriate warning of pending failure so you can make sure everything is backed up? This is all too new.

Edit: Obviously it wouldn't move a whole partition but would an otherwise unchanged block that is part of the recovery partition get moved because of wear leveling or some other condition?

The reality is that SSD failure modes are actually very similar to HDDs at a high level. Both types of drives have spare blocks it can use to replace bad blocks as the drive ages, and when those spare blocks run out, the drive will no longer be able to tolerate a failed write. SMART status will help detect things like this, as long as you have a tool paying attention to the SMART status. But it’s still possible to have a catastrophic failure. In my experience, the controller itself tends to be the culprit in these scenarios (for HDDs as well). Although I have had HDDs accumulate bad blocks early in their life to the point that they had to be replaced before I lost data.

As for your last question, it depends on the wear leveling algorithm Apple uses. Static and global wear leveling algorithms will take notice of blocks that aren’t getting as much wear, and move data off them so that those blocks can move to the front of the queue for new writes, to keep the wear on the drive as even as possible. But a lot of these blocks will also cycle through naturally due to OS updates as well, including the ones on the recovery/boot partitions, since writes are usually faster with free blocks, rather than writing back to the block that the data was originally recorded on.

Pretty much all the stuff that applies to NVMe SSDs applies here. There’s nothing really groundbreaking about the SSD controller in the M1. I suspect this restriction of requiring the internal SSD participate in booting of external drives has more to do with secure boot than anything else.

 

[jdb8167]

Pretty much all the stuff that applies to NVMe SSDs applies here. There’s nothing really groundbreaking about the SSD controller in the M1. I suspect this restriction of requiring the internal SSD participate in booting of external drives has more to do with secure boot than anything else.

I'm pretty sure the only groundbreaking thing is that Apple has a 5nm SSD controller. Most of the popular M.2 NVMe controllers are 28 nm or 22 nm. The performance and power savings for Apple to have their integrated SSD controller are obvious when you think about the power and performance advantage of having 5nm feature size.

 

[Yebubbleman]

The other thing is that the internal SSD has to be working to boot. If it dies for any reason, you have a brick. I'm not that worried about this scenario but it is a new risk.

Yeah, that doesn't sit particularly well with me. Not that T1 and T2 Macs didn't also have soldered on internal drives, but at least you could boot the machine if the drive failed if need absolutely be. This seems like a lot of putting all the eggs onto a wobbly basket. Then again, I'd imagine that this is no different to how iPads, iPhones, iPod touches, and Apple TVs (newer than the first generation model) have been since the beginning.

That stood out to me as well, and I agree it is a new risk. That said, a good chunk of this sort of pre-boot environment would live in a separate NAND on Intel systems (or NAND embedded in the T2 on systems that include it) anyhow. This feels like a trade off where the trade is the “eggs in one basket” risk in exchange for putting this stuff on the SSD where you’re at least able to take advantage of more advanced wear leveling. Considering how frequently Apple updates iBridge for T2 systems, I’m not that surprised Apple chose to go this route, since it should have a longer lifespan than the T2 approach.

I'm not sure I follow the part I boldfaced there. Not saying I don't believe you or think you're wrong. I just don't follow you there. How do you mean?

I suspect this restriction of requiring the internal SSD participate in booting of external drives has more to do with secure boot than anything else.

It wouldn't be "secure boot". I think this is just how Apple Silicon devices have always been. This is the first time the Mac has adopted the same operational design that the iPad, iPhone, and iPod touch have all had since day one. Otherwise, I don't know what benefit there'd be. Unless the idea is that the internal drive has a much greater capacity to manage security settings across every bootable copy of macOS installed on the Apple Silicon Mac whereas a T2 Mac would be limited to what the UEFI firmware could govern (which is to say, all or nothing).

 

[Krevnik]

I'm not sure I follow the part I boldfaced there. Not saying I don't believe you or think you're wrong. I just don't follow you there. How do you mean?

Apple has been updating iBridge (the firmware for the T2 chip) pretty much every single OS release (including the incremental ones). That’s a surprising number of updates. And the sort of raw NAND flash used for firmware doesn’t have anything like wear leveling, mostly because there’s not enough of it. In that sort of situation, an SSD could be a better choice for reliability.

That said, it’s still a fairly small number of writes (Apple’s not pushing out monthly updates, although it sometimes feels that way), so we are still talking fairly long lifespans. It makes me think there’s other reasons Apple could have moved this out of the UEFI space and into the recovery partitions.

It wouldn't be "secure boot". I think this is just how Apple Silicon devices have always been. This is the first time the Mac has adopted the same operational design that the iPad, iPhone, and iPod touch have all had since day one. Otherwise, I don't know what benefit there'd be. Unless the idea is that the internal drive has a much greater capacity to manage security settings across every bootable copy of macOS installed on the Apple Silicon Mac whereas a T2 Mac would be limited to what the UEFI firmware could govern (which is to say, all or nothing).

I’m thinking more in terms of the chain of trust involved with secure boot. Moving chunks of what used to be managed by UEFI out into the SSD, and using signing to ensure that it hasn’t been meddled with reduces vectors for attack on the SoC firmware itself and allows you to make ROM rather than NAND flash, like iOS devices. But this thing is still needed for boot, so it must be always accessible like firmware. It’s also important enough to protect, since taking over this pre-boot environment would be very similar to exploits like Thunderstrike.

The fact that what used to be Target Disk Mode prevents access to these extra partitions is interesting, and does have security implications. It essentially ensures that this pre-boot environment is up and running before an attacker can attempt to get at the SSD itself. They could de-solder the NAND, but the NAND being encrypted (and the keys being on the M1 itself) makes that sort of attack more difficult. By preventing an external device from providing a copy of this pre-boot environment, it further limits an attacker’s ability to inject custom pre-boot code.

It’s possible this is part of a defense in depth approach of limiting the attack surface as much as possible. It’s not perfect, since it would still be possible to modify this partition from Linux booted directly on the machine, and it’s possible there are holes in macOS’s read-only partition modes, but it still makes things harder for the attacker. I’d be surprised if Apple didn’t threat model this. They’ve put a surprising amount of work into their boot security on iOS, and Mac has been following suit with the T2.

That said, it’s possible the SoC firmware can only load the pre-boot environment from the SSD controller. USB/Thunderbolt mass storage drivers are more complex than an NVMe-over-MMIO driver would be. Hard to say.