T2 on MacBook Pro 2018 seems to prevents boot after install

[haralds]

Got a MacBook Pro and just wasted 1 1/2 days. I think the T2 is presuming theft and locking out boot after all restores or installs. After trying 1/2 day yesterday I wasted a major part of the day waiting for a Genius who was not trained on the new model and had no tools to diagnose T2 issues. He also seemed unaware that you could not network boot T2 system (press N on startup.) This would indicate complete lack of training or support materials.

I suspected it was a result of theft protection with the T2 and arrived with my sales receipt in case they asked for proof. Based on a response on the developer forum, there are NO T2 recovery tools in the field.

They wanted me to return the system for repair pending parts for China - this would be a 5 week process. We will return the system for credit and buy new.

Posting here to warn others.

1. Got the system (custom order i9, 32GB. 4TB ssd) and started Migration Assistant from a cloned drive.

2. This interrupted for some reason. I rebooted and the system disk was not bootable.

3. Having lived through this (I have used Macs for decades) I decided to restore and booted the recovery partition. I disabled T2 boot block for signed macOS on external drives just to be sure.

- I needed to log in as Admin, the utility seemed to get this from the partial migration on the main parition!

- T2 utility seemed to be fine

- Erased main partition in prep for a new install - this likely was the mistake!!!!

4. Could not boot from external boot. All boot attempts of fresh 10.13.6 or Mojave Beta 5 failed and resorted to the network recovery install screen. This was the same behavior as 5. There was a reboot sequence and then it just restarted itself.

5. The build in recovery partition disappeared.

6. Tried network recovery install 5x (also instructed for this by AppleCare, who had no other info on T2.)

- It succeeds, downloads the installer and starts installing.

- But at the end of the install after essentially completing it just reboots to the network recovery prompt.

- Option boot shows the Installer partition, but does not get you back in.

- Under some circumstances, with Option Boot an Install partition is visible, but it also boots to the Network Recovery prompt.

7. Recovery is only available from network (Apple Recovery servers) which fails after loading and installing. I have tried all combinations of initiating keystrokes on that one - previous install, currently installed version, later version.

8. I have run First Aid and erased the disk using the Network Recovery system recovery utilities.

9. I have tried a T2 Firmware recovery with the Configurator 2 as outlined by an Apple Support document, but the system does not go into DFU mode.

This was tried both with High Sierra 10.13.6 and 10.14 beta 5 for boot or installation.

My theory is: T2 prevents all boots from any media. It looks for the Admin info which was wiped during erase.

I do believe engineering did not foresee or cover this use case properly. I am also surprised about the lack of training and tools. I would have expected better from the Genius. Will not waste my time in the future. I seem to know more than they do.


Any ideas anybody? Hate to wait another week or more for another system. This is very silly, since it could be resolved with the correct utility.

 

[Newtons Apple]

What a nightmare. Not sure if self inflicted but my move the to Spain’s MBPro went very smooth.

 

[DeanL]

Things that may brick your 2018 MacBook Pro

TLDR? Just return your Mac and have it swapped for a new one.

 

[Funsize93]

All Macs are exactly the same when it comes to isolating a software or hardware issue. There is no need for special T2 specific training, you only need to know the "know how it works". Software troubleshooting is quite limited when it comes to the T2 due to the secure boot options. However they require the same troubleshooting as anything else.

Generally to isolate a hardware issue you go to internet recovery and perform an erase and reinstall. If issues persists then you try using Apple configurator 2 and DFU mode to perform the restore.

Your device failed to do all these things including DFU mode. This would isolate a hardware issue.

 

[BLUEDOG314]

If you read the thread that DeanLubaki posted, a user confirms they were successful in using internet recovery to nuke and pave the internal storage of their T2 machine. A lot of processes that have been the same for a number of years seem to have changed with T2 machines, but I doubt you have to return the system.

 

[haralds]

I was able to induce DFU mode, but an upgrade of the T2 bridge software did not resolve the issue. The key for getting it into DFU mode was to have both power supplied and the USB-C cable to another Mac. Power is needed to reduce the draw on the Mac. A recovery install after this failed to boot.
Same for target mode. I was able to clone a system (standard install was not permitted,) but the cloned system would not boot.
It's going back.
[doublepost=1533188987][/doublepost]

All Macs are exactly the same when it comes to isolating a software or hardware issue. There is no need for special T2 specific training, you only need to know the "know how it works". Software troubleshooting is quite limited when it comes to the T2 due to the secure boot options. However they require the same troubleshooting as anything else.

Generally to isolate a hardware issue you go to internet recovery and perform an erase and reinstall. If issues persists then you try using Apple configurator 2 and DFU mode to perform the restore.

Your device failed to do all these things including DFU mode. This would isolate a hardware issue.

The T2 is not the same as all other systems. It is new. In its default configuration it prevents all booting except from a signed internal system installed audited buy the T2.
In my case, a configuration issue prevents the booting of a system installed from Network Recovery or even via a clone to the target T disk. I have probably had 30 macs in my life, am deeply technical (as a CTO I run firmware, hardware, and app development.) From the behavior I believe the T2 is in a "theft mode" lock down not documented outside Apple.
Since I do not have any T2 debug tools, I have to admit this is conjecture. I do not have proof.

 

[Funsize93]

I was able to induce DFU mode, but an upgrade of the T2 bridge software did not resolve the issue. The key for getting it into DFU mode was to have both power supplied and the USB-C cable to another Mac. Power is needed to reduce the draw on the Mac. A recovery install after this failed to boot.
Same for target mode. I was able to clone a system (standard install was not permitted,) but the cloned system would not boot.
It's going back.
[doublepost=1533188987][/doublepost]
The T2 is not the same as all other systems. It is new. In its default configuration it prevents all booting except from a signed internal system installed audited buy the T2.
In my case, a configuration issue prevents the booting of a system installed from Network Recovery or even via a clone to the target T disk. I have probably had 30 macs in my life, am deeply technical (as a CTO I run firmware, hardware, and app development.) From the behavior I believe the T2 is in a "theft mode" lock down not documented outside Apple.
Since I do not have any T2 debug tools, I have to admit this is conjecture. I do not have proof.

I did not say that the T2 chip was the same as all other devices. I was explaining that systematic troubleshooting is the same. The T2 chip is also within the iMac Pro (has been around for a while now).

The T2 chip Secure Boot offers three settings to make sure that your Mac always starts up from a legitimate, trusted Mac operating system or Microsoft Windows operating system.

Full Security is the default Secure Boot setting, offering the highest level of security. This is a level of security previously available only on iOS devices.

During startup, your Mac verifies the integrity of the operating system (OS) on your startup disk to make sure that it's legitimate. If the OS is unknown or can't be verified as legitimate, your Mac connects to Apple to download the updated integrity information it needs to verify the OS. This information is unique to your Mac, and it ensures that your Mac starts up from an OS that is trusted by Apple.

This does not prevent the system being restored using the Apple Configurator 2 tool. It just stops external media from being used. Anything signed and is trusted by Apple will work as expected.

In conclusion if a T2 device cannot be erased and reinstalled using a a trusted Apple source (internet recovery or using the Apple configurator 2 tool, following the article to a T: Restore Apple T2 firmware on iMac Pro) Then your device more than likely requires service.

source:

 

[537635]

Can somebody please explain what is the purpose of T2 during macOS reinstall.

I usually do the following procedure once every few years (fresh install).

1. Logout of everything, disable iMessages, wipe the fingerprint data, etc.

2. Reboot and start machine with cmd+R.

3. Start Disk Utility and erase the primary partition.

4. Install macOS to the just erased partition.



If what I understand is correct, doing this on a T2 machine will brick it.
How is is the fresh OS install supposed to take place now?

 

[karn101]

If what I understand is correct, doing this on a T2 machine will brick it.
How is is the fresh OS install supposed to take place now?

No, it will not brick it. I did it. I’m fine and so are many others. OP has a unique issue.

 

[haralds]

I am on my second machine. The T2 Bridge firmware is buggy.
I tried BootCamp install on a pretty much virgin system and it failed setting the system startup info - e.g. writing the boot info to disk. I made the effort about 10x with different versions of Windows and conditions. I believe the T2 exception set by the BootCamp Assistant to write outside the partition boundary is not working.
The reason is that disabling the barrier for booting from external disks is also not working The Startup utility indicates the feature as disabled, but neither Option Boot nor startup panel show valid external boot disks.
I have decided to file a bug and wait for the update.

This is most likely in the firmware and not the OS. Reinstall would be risky based on my past experience and likely not solve it.

This issue has been reported by others.

It might be particular to my system with a 4TB disk.

 

[537635]

Can somebody please explain what is the purpose of T2 during macOS reinstall.

I usually do the following procedure once every few years (fresh install).

1. Logout of everything, disable iMessages, wipe the fingerprint data, etc.

2. Reboot and start machine with cmd+R.

3. Start Disk Utility and erase the primary partition.

4. Install macOS to the just erased partition.



If what I understand is correct, doing this on a T2 machine will brick it.
How is is the fresh OS install supposed to take place now?

Can confirm this doesn't brick the machine. Reinstall as usual.

 

[surfari]

I wonder if a lot of your recovery issues aren't due to the fact that the version of OS X 10.13.6 will not work on a 2018 MBPt. I like to keep a copy of all installs of OS X so I'll download a full copy and then offload it onto a USB thumb drive. I tried to do that with mine and got an error message that the version I had on my machine was newer but when in fact the version on the machine was the same as listed. I did the supplemental update for my T2 machine and tried again thinking Apple would update the OS X image online, but again the same error message came up. As of this post the same error message comes up. See attached photo.

 

[saquich07]

Got a MacBook Pro and just wasted 1 1/2 days. I think the T2 is presuming theft and locking out boot after all restores or installs. After trying 1/2 day yesterday I wasted a major part of the day waiting for a Genius who was not trained on the new model and had no tools to diagnose T2 issues. He also seemed unaware that you could not network boot T2 system (press N on startup.) This would indicate complete lack of training or support materials.

I suspected it was a result of theft protection with the T2 and arrived with my sales receipt in case they asked for proof. Based on a response on the developer forum, there are NO T2 recovery tools in the field.

They wanted me to return the system for repair pending parts for China - this would be a 5 week process. We will return the system for credit and buy new.

Posting here to warn others.

1. Got the system (custom order i9, 32GB. 4TB ssd) and started Migration Assistant from a cloned drive.

2. This interrupted for some reason. I rebooted and the system disk was not bootable.

3. Having lived through this (I have used Macs for decades) I decided to restore and booted the recovery partition. I disabled T2 boot block for signed macOS on external drives just to be sure.

- I needed to log in as Admin, the utility seemed to get this from the partial migration on the main parition!

- T2 utility seemed to be fine

- Erased main partition in prep for a new install - this likely was the mistake!!!!

4. Could not boot from external boot. All boot attempts of fresh 10.13.6 or Mojave Beta 5 failed and resorted to the network recovery install screen. This was the same behavior as 5. There was a reboot sequence and then it just restarted itself.

5. The build in recovery partition disappeared.

6. Tried network recovery install 5x (also instructed for this by AppleCare, who had no other info on T2.)

- It succeeds, downloads the installer and starts installing.

- But at the end of the install after essentially completing it just reboots to the network recovery prompt.

- Option boot shows the Installer partition, but does not get you back in.

- Under some circumstances, with Option Boot an Install partition is visible, but it also boots to the Network Recovery prompt.

7. Recovery is only available from network (Apple Recovery servers) which fails after loading and installing. I have tried all combinations of initiating keystrokes on that one - previous install, currently installed version, later version.

8. I have run First Aid and erased the disk using the Network Recovery system recovery utilities.

9. I have tried a T2 Firmware recovery with the Configurator 2 as outlined by an Apple Support document, but the system does not go into DFU mode.

This was tried both with High Sierra 10.13.6 and 10.14 beta 5 for boot or installation.

My theory is: T2 prevents all boots from any media. It looks for the Admin info which was wiped during erase.

I do believe engineering did not foresee or cover this use case properly. I am also surprised about the lack of training and tools. I would have expected better from the Genius. Will not waste my time in the future. I seem to know more than they do.


Any ideas anybody? Hate to wait another week or more for another system. This is very silly, since it could be resolved with the correct utility.

Hi, Im having the same problem!!!!!!!!!!!!! did you fix it by any way,,, your response its appreciated

 

[haralds]

Hi, Im having the same problem!!!!!!!!!!!!! did you fix it by any way,,, your response its appreciated

My fix was to get another unit from Apple. They could not fix it.

 

[dimi p]

I had pretty much the same. I wiped the drive and it was only goign to Internet recovery when I was trying to boot from an external bootable drive (with 13.4) and same thing when was trying to go to recovery mode.
When I was booting the laptop normally i was getting the folder with the questionmark flashing in the screen (no OS)

What I did and worked quite fast is:

Plugged a network cable straight on the laptop (using a USBc adapter of course), no external drives on.
And booted pressing the Option key. It went to the external disk boot screen but no drive came up. Only Internet recovery but not the one with the globe turning. Clicked on that and went to Recovery mode in a few mins ( 5-8). I had to re-wipe the drive to APFS and remount it and was able to re-isntall OS after that from recovery mode in less that 20 mins.This depends on your connection of course.

Laptop back in the initial setup!

 

[upandown]

So I had the same issue as most of you, once when bought the 2018 13, and (then forgot) and did it again with Mojave.

The T2 is actually operating as designed. There's a setting in macOS Utilities (Command R on start up) that allows you to use an external source to install the OS. It's off by default.

For me with Mojave, my HD was wiped and it wouldn't install via the internet or let me use my USB.

The trick in this case, is not go to Apple, but during the attempted install via the internet, hold CMD R during the reboot process. It will let you get back into macOS Utilities and install as normal.

WHY it won't let you boot into macOS Utilities the first time is beyond me. You must go through the internet recovery option first.

 

[coorsleftfield]

Bricked mine. . Even going into MacOS utilities using CMD-R after the globe trick doesn't seem to fix it. I get to the utilities page, but the reinstall MacOS function doesn't work. Seems like it doesn't have permission to access the disk from the logs .

 

[upandown]

Bricked mine. . Even going into MacOS utilities using CMD-R after the globe trick doesn't seem to fix it. I get to the utilities page, but the reinstall MacOS function doesn't work. Seems like it doesn't have permission to access the disk from the logs .

Hm... Is there any way to change the permissions in the security settings?

 

[coorsleftfield]

Not once the OS is blown away. Returned it to Apple today.. Even in store they don't really seem to know a fix.

 

[upandown]

Not once the OS is blown away. Returned it to Apple today.. Even in store they don't really seem to know a fix.

Apple should have more warnings and literature on their new computers if they make a change like that.

 

[coorsleftfield]

I'll be buying another 2018, and the first thing I plan on doing is disabling the secure boot stuff and enabling boot from USB. The extra security doesn't seem worth the hassle if you need to reinstall the OS.