BigSur cant be reinstalled without internet

[Leon1das]

Since cloning on M1 doesnt work (yet) - good thing reinstallation can be relatively quick if you have created USB key with installation files.

But we still need internet for 2 points:

- Mac activation in Recovery (required after Erase Mac)

- Rosetta installation !??
Yep.. Rosetta pkg is only 450kb, but its not on the installation disk! Mac needs to pull it from internet the first time Rosetta app is launched.

So I would love to have this solved.
Imagining long flights or offline situations where if anything goes wrong... I am stuck and cant clone or reinstall...

Thats the only situation where I miss my Windows laptop. With free Macrium backup - I am up and running my cloned Win 10 partition of 20Gb in 6-7 minutes...

 

[08380728]

I agree no OS installer should ever require the internet and this activation thing like iOS is just BS IMO.

However, it isn’t Windows!!

You shouldn’t have any concerns or fear that macOS needs reinstalling, things just don’t go wrong as you expect like they do in the M$ world. I can’t think of a time in the last 15+ years I’ve needed to reinstall macOS due to something going wrong. Sure I’ve done a reinstall but it planned and the purpose was just because of wanting a clean system and manually rebuilding, not because of anything going wrong.

When travelling, sure I may take a clone on an external in case the Mac is is dropped, damaged or stolen and only if it is so critical that I must buy another Mac and clone over...

No, you won’t miss your Windows laptop because those situations of something going wrong are extremely unlikely to happen with macOS.

 

[Leon1das]

You shouldn’t have any concerns or fear that macOS needs reinstalling, things just don’t go wrong as you expect like they do in the M$ world. I can’t think of a time in the last 15+ years I’ve needed to reinstall macOS due to something going wrong. Sure I’ve done a reinstall but it planned and the purpose was just because of wanting a clean system and manually rebuilding, not because of anything going wrong.

When travelling, sure I may take a clone on an external in case the Mac is is dropped, damaged or stolen and only if it is so critical that I must buy another Mac and clone over...

I agree that Windows is more clunky - and can go wrong if you dont know what are you doing.
It can be backed-up/restored in less than 10min (with free Macrium)

M1 Mac
OS: working great, less options to go wrong vs Windows.
But Recovery is freely accessible - anyone can boot to Recovery and "Erase Mac" even if they dont know the admin/AppleID password. (via "resetpassword" command procedure in Terminal)
As said - no cloning on M1 - only cloning workarounds - which require reinstall - which require internet.

Leaving unattended M1 Mac gives possibility to attacker to screw it.
Your data cannot be stolen - but your M1 can be screwed, that you cant use it anymore without access to internet.

On Windows: simple Bios password + disabled external boot - makes it pretty much bulletproof

I really feel that these basics of safety and convenience should be on M1 Macs. Either offline cloning or offline reinstall.

 

[chscag]

On Windows: simple Bios password + disabled external boot - makes it pretty much bulletproof

Setting a firmware password on your M1 Mac does the same thing.

Set a firmware password on your Mac - Apple Support

When you set a firmware password, users who don't have the password can't start up from any disk other than the designated startup disk.

support.apple.com

The reason that cloning is not working on the M1 machines is that the APFS replicator does not work on M1 Macs. Apple is working on a fix. I suspect we will see progress on that with the next generation of silicon machines.

 

[Leon1das]

Setting a firmware password on your M1 Mac does the same thing.

Set a firmware password on your Mac - Apple Support

When you set a firmware password, users who don't have the password can't start up from any disk other than the designated startup disk.

support.apple.com

The reason that cloning is not working on the M1 machines is that the APFS replicator does not work on M1 Macs. Apple is working on a fix. I suspect we will see progress on that with the next generation of silicon machines.

Where do you set firmware password on M1?

Article you provided:

"This feature requires a Mac with an Intel processor. For the equivalent level of security on a Mac with Apple silicon, simply turn on FileVault."

FileVault is not preventing one to do the EraseMac procedure..

Lets start writing after we check things by ourselves...

 

[chscag]

You're right. Can't set a firmware password on an M1, at least not yet. I personally do not like FileVault but it does offer protection. When FileVault is implemented you must also set a log on password.

On an Intel Mac, a firmware password offers the same protection as a BIOS password does for a Win machine.

Lets start writing after we check things by ourselves...

No need to get bent out of shape. Keep in mind that you're no longer running Windows. Many of us were once Windows users.

Enjoy your new M1.

 

[Leon1das]

No need to get bent out of shape. Keep in mind that you're no longer running Windows. Many of us were once Windows users.

Applaud for the effort - but like said - really no need to post apart from verified facts.
This is not a rant - but call for a quality.

FYI - On M1 - FileVault does not require additional password on M1.
Its you login password.

 

[08380728]

What real life situations do you expect to leave your M1 Mac ‘unattended’ for enough time for anyone to perform this malicious behaviour?

If it’s a portable, a MacBook for example, your only threat is that it’d be stolen because the agenda of any malicious persons would be to install keyloggers and remote tools, not erase thing as a practical joke.

If at work and it’s an M1 Mac Mini, very unlikely to be work colleagues firstly because that action would be considered serious gross misconduct and have serious consequences, and secondly work colleagues probably wouldn’t have the time the knowledge or intent.

I expect your going to reply with some ‘creative imagined scenarios‘ even though you may not ever likely to be in such a hostile environment, so I won’t bother trying to counter those.

In reality your only credible concern is that of M1’s current inability to ‘clone’ to externals. Let’s hope there’s a solution for that soon. If I were you I’d be contacting Apple support about this and ask them to explain the situation and hopefully they can also tell you if there will be a solution.

 

[Fishrrman]

I'd like to be proven wrong, but I don't think that "cloning" is ever going to work on the m-series Macs.

And I believe that the reason it won't work is because Apple DOESN'T WANT it "to work", possibly for security reasons...

 

[Apple_Robert]

I'd like to be proven wrong, but I don't think that "cloning" is ever going to work on the m-series Macs.

And I believe that the reason it won't work is because Apple DOESN'T WANT it "to work", possibly for security reasons...

I agree. From a use a home perceptive in time of need, it would be great if it came to fruition. From a security standpoint, it's not really a good idea and one that many would regret if a bad actor came into possession of a bottle external clone.

 

[jdb8167]

Since cloning on M1 doesnt work (yet) - good thing reinstallation can be relatively quick if you have created USB key with installation files.

But we still need internet for 2 points:

- Mac activation in Recovery (required after Erase Mac)

- Rosetta installation !??
Yep.. Rosetta pkg is only 450kb, but its not on the installation disk! Mac needs to pull it from internet the first time Rosetta app is launched.

So I would love to have this solved.
Imagining long flights or offline situations where if anything goes wrong... I am stuck and cant clone or reinstall...

Thats the only situation where I miss my Windows laptop. With free Macrium backup - I am up and running my cloned Win 10 partition of 20Gb in 6-7 minutes...

I don’t know about Rosetta 2 but you can create what is known as a Bootable Installer on a thumb drive so that you don’t need the internet to install Big Sur. Apple has instructions here: How to create a bootable installer

 

[xraydoc]

I agree that Windows is more clunky - and can go wrong if you dont know what are you doing.
It can be backed-up/restored in less than 10min (with free Macrium)

M1 Mac
OS: working great, less options to go wrong vs Windows.
But Recovery is freely accessible - anyone can boot to Recovery and "Erase Mac" even if they dont know the admin/AppleID password. (via "resetpassword" command procedure in Terminal)
As said - no cloning on M1 - only cloning workarounds - which require reinstall - which require internet.

Leaving unattended M1 Mac gives possibility to attacker to screw it.
Your data cannot be stolen - but your M1 can be screwed, that you cant use it anymore without access to internet.

On Windows: simple Bios password + disabled external boot - makes it pretty much bulletproof

I really feel that these basics of safety and convenience should be on M1 Macs. Either offline cloning or offline reinstall.

I wouldn't say that a BIOS password on a Windows machine is exactly bulletproof. If you have physical access to the machine, you can potentially reset the BIOS on many motherboards (not all) with the BIOS reset/clear button on the motherboard itself. And it's pretty easy to physically destroy a PC (or a Mac) with a specially crafted USB stick like USBKill.

Safety of the data is most important. Safety of the machine itself cannot be guaranteed if the bad guy has physical access to the machine.

 

[Leon1das]

I wouldn't say that a BIOS password on a Windows machine is exactly bulletproof. If you have physical access to the machine, you can potentially reset the BIOS on many motherboards (not all) with the BIOS reset/clear button on the motherboard itself. And it's pretty easy to physically destroy a PC (or a Mac) with a specially crafted USB stick like USBKill.

Safety of the data is most important. Safety of the machine itself cannot be guaranteed if the bad guy has physical access to the machine.

M1 data are safe... from theft, thats clear

Point here:
leave your M1 unattended for 1 min.

Anyone can do the following sequence:
8 seconds - Holding touch-power button to power off Mac
10 seconds - Holding touch-power button to boot into Recovery screen.
10 seconds - Recovery assistant - Forgot Allpasswords - Erase Mac.

All above with no password requested - despite FileVault ON or Find My Mac for these steps.

Unless you were on the internet (and synced work) - your data is lost.
Unless you are on the internet after the incident - you cannot continue with reinstallation and work

Sorry, but you cant do that to any Windows laptop with Bios password ON and disabled USB/SD card boot.

And if you really want to throw Windows desktops into play - someone would need to know motherboard model at least to do the same damage. Not to mention screw driver to open it and physically access it..

Again, this is not a rant - but rational approach to Mac safety from the user who is happy with his M1 Mac - but would love to have improved safety features.

Simple, unavoidable boot password before Recovery screen would suffice.

I cant speak for previous Macs, as M1 Mac is my first one.

 

[xraydoc]

Unless you were on the internet (and synced work) - your data is lost.
Unless you are on the internet after the incident - you cannot continue with reinstallation and work

1) Same with PCs. No backup = lost data
2) Same with PCs. You can reinstall Windows from a CD but where are you going to get the drivers for the rest of the hardware? Maybe even your NIC? Oh, that's right... the internet.

I suppose it might be a problem in a nuclear reactor or military installation, but if you're not safe leaving your machine for 10 seconds, I'm not sure that a firmware password is going to help when it takes less time to rip the power cords out of a mini and walk away with it.

Back up your data and the hardware is irrelevant.

 

[Apple_Robert]

M1 data are safe... from theft, thats clear

Point here:
leave your M1 unattended for 1 min.

Anyone can do the following sequence:
8 seconds - Holding touch-power button to power off Mac
10 seconds - Holding touch-power button to boot into Recovery screen.
10 seconds - Recovery assistant - Forgot Allpasswords - Erase Mac.

All above with no password requested - despite FileVault ON or Find My Mac for these steps.

Unless you were on the internet (and synced work) - your data is lost.
Unless you are on the internet after the incident - you cannot continue with reinstallation and work

Sorry, but you cant do that to any Windows laptop with Bios password ON and disabled USB/SD card boot.

And if you really want to throw Windows desktops into play - someone would need to know motherboard model at least to do the same damage. Not to mention screw driver to open it and physically access it..

Again, this is not a rant - but rational approach to Mac safety from the user who is happy with his M1 Mac - but would love to have improved safety features.

Simple, unavoidable boot password before Recovery screen would suffice.

I cant speak for previous Macs, as M1 Mac is my first one.

You and doc both raise good points.

I believe Apple's mindset is that FV should be kept turned on, seeing how it is turned on by default when one is signed in to iCloud and setting up the Mac.

I agree with doc. If I can't leave my M1 for 1 - 10 seconds in the environment I am in, I either take my M1 with me or find a better environment to be in.

 

[Leon1das]

1) Same with PCs. No backup = lost data
2) Same with PCs. You can reinstall Windows from a CD but where are you going to get the drivers for the rest of the hardware? Maybe even your NIC? Oh, that's right... the internet.

I suppose it might be a problem in a nuclear reactor or military installation, but if you're not safe leaving your machine for 10 seconds, I'm not sure that a firmware password is going to help when it takes less time to rip the power cords out of a mini and walk away with it.

Back up your data and the hardware is irrelevant.

This discussion is being driven into irrelevance...

You dont know or mis-interpret the facts about positives of BIOS safety or offline cloning methods on Windows..
I am happy to give you back your time...

I can see even from your avatar that you are into nuclear things - so once I have the question about those - I will PM you...
Meanwhile stay away from the buttons that say "Dont press"

 

[Leon1das]

You and doc both raise good points.

I believe Apple's mindset is that FV should be kept turned on, seeing how it is turned on by default when one is signed in to iCloud and setting up the Mac.

I agree with doc. If I can't leave my M1 for 1 - 10 seconds in the environment I am in, I either take my M1 with me or find a better environment to be in.

Thanks - I tend to agree with your "mediation" though we went into safety only per other party's "request"

Thread is about - irrespective of who compromised installation partition - fully offline reinstallation or cloning on M1 would be an asset.

PS. I solved today missing Rosetta on installation disk - by locating the pkg on my internal disk the moment it was pulled from Apple servers. So I have a backup of it now.

Yet for reinstallation of Big Sur - its beyond me why there is no option to Erase-but-not-Deactivate esp if I remain to be the machine owner. Whatever the reason - its not convenient...

 

[satcomer]

All I know in my college years in apartment someone stole my cool indoor sneakers in my closet during a party! It was near the end of school year, my last year, and in College I give this advice, put a lock on you door to room especially in College townhomes!

 

[xraydoc]

All I know in my college years in apartment someone stole my cool indoor sneakers in my closet during a party! It was near the end of school year, my last year, and in College I give this advice, put a lock on you door to room especially in College townhomes!

Yeah, but they didn't get in to your BIOS settings, so no harm done.
/s