Apple's moves point to a future with no bootable backups, says developer
The ability to boot from an external drive on an Apple Silicon Mac may not be an option for much longer, with the creation and use of the drives apparently being phased out by Apple, according to developers of backup tools.
For some users, the ability to create a bootable drive for their Mac gives them a safety net, in case the main drive on the Mac breaks or encounters a problem. It is a backup technique that can get users back up and running very quickly, but the option may not be available for much longer with Apple's transition to Apple Silicon.
Mike Bombich, the founder of Bombich Software behind Carbon Copy Cloner, wrote in a May 19 blog post that the company will continue to make bootable backups for both Intel and Apple Silicon Macs, and will "continue to support that functionality as long as macOS supports it."
However, with changes in the way a Mac functions with the introduction of Apple Silicon, the ability to use external booting could be limited, in part due to Apple's design decisions.
The first problem is with macOS Big Sur, as Apple made it so macOS resides on a "cryptographically sealed Signed System Volume," which could only be copied by Apple Software Restore. While CCC has experience with ASR, the tool was deemed to be imperfect, with it failing "with no explanation" and operating in a "very one-dimensional" way.
The second snag was Apple Fabric, a storage system that uses per-file encryption keys. However, ASR didn't work for months until the release of macOS 11.3 restored it, but even then kernel panics ensued when cloning back to the original internal storage.
In December, Bombich spoke to Apple about ASR's reliability and was informed that Apple was working to resolve the problem. During the call, Apple's engineers also said that copying macOS system files was "not something that would be supportable in the future."
"Many of us in the Mac community could see that this was the direction Apple was moving, and now we finally have confirmation," writes Bombich. "Especially since the introduction of APFS, Apple has been moving towards a lockdown of macOS system files, sacrificing some convenience for increased security."
Spotting a change in a Product Security document in February, Bombich points out that it mentions the boot process in Apple Silicon Macs is always facilitated by a volume on the internal storage. The lightweight operating system on that volume evaluates the integrity of the boot assets and authenticates the operating system on that external device before booting from it.
"In theory, it means that Apple Silicon Macs cannot boot at all if the internal storage fails," he states. Experts within Apple "unambiguously confirmed" to Bombich that you cannot boot an Apple Silicon Mac from external boot drives if the internal storage is dead.
Bombich advises there needs to be changes to end user recovery plans to no longer rely on external boot devices. In the case of CCC, it won't provide the option to "make it bootable" by default when users are using macOS Big Sur.
While CCC won't drop the ability to copy the System folder, the tool is "going to continue to offer it with a best effort' approach." Meanwhile, for non-bootable data restoration, CCC's backups do still work with the macOS Migration Assistant, available when booting up a new Mac for the first time.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
For some users, the ability to create a bootable drive for their Mac gives them a safety net, in case the main drive on the Mac breaks or encounters a problem. It is a backup technique that can get users back up and running very quickly, but the option may not be available for much longer with Apple's transition to Apple Silicon.
Mike Bombich, the founder of Bombich Software behind Carbon Copy Cloner, wrote in a May 19 blog post that the company will continue to make bootable backups for both Intel and Apple Silicon Macs, and will "continue to support that functionality as long as macOS supports it."
However, with changes in the way a Mac functions with the introduction of Apple Silicon, the ability to use external booting could be limited, in part due to Apple's design decisions.
The first problem is with macOS Big Sur, as Apple made it so macOS resides on a "cryptographically sealed Signed System Volume," which could only be copied by Apple Software Restore. While CCC has experience with ASR, the tool was deemed to be imperfect, with it failing "with no explanation" and operating in a "very one-dimensional" way.
The second snag was Apple Fabric, a storage system that uses per-file encryption keys. However, ASR didn't work for months until the release of macOS 11.3 restored it, but even then kernel panics ensued when cloning back to the original internal storage.
In December, Bombich spoke to Apple about ASR's reliability and was informed that Apple was working to resolve the problem. During the call, Apple's engineers also said that copying macOS system files was "not something that would be supportable in the future."
"Many of us in the Mac community could see that this was the direction Apple was moving, and now we finally have confirmation," writes Bombich. "Especially since the introduction of APFS, Apple has been moving towards a lockdown of macOS system files, sacrificing some convenience for increased security."
Spotting a change in a Product Security document in February, Bombich points out that it mentions the boot process in Apple Silicon Macs is always facilitated by a volume on the internal storage. The lightweight operating system on that volume evaluates the integrity of the boot assets and authenticates the operating system on that external device before booting from it.
"In theory, it means that Apple Silicon Macs cannot boot at all if the internal storage fails," he states. Experts within Apple "unambiguously confirmed" to Bombich that you cannot boot an Apple Silicon Mac from external boot drives if the internal storage is dead.
Bombich advises there needs to be changes to end user recovery plans to no longer rely on external boot devices. In the case of CCC, it won't provide the option to "make it bootable" by default when users are using macOS Big Sur.
While CCC won't drop the ability to copy the System folder, the tool is "going to continue to offer it with a best effort' approach." Meanwhile, for non-bootable data restoration, CCC's backups do still work with the macOS Migration Assistant, available when booting up a new Mac for the first time.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
Comments
So we are left with the question of what to do. Do we change with the times and adapt to new ways of protecting and saving our data or do we dig in our heels and announce we’re freezing our system in time and never upgrade again. I fully expect a mini deluge of rage over this with proclamations of quitting the platform. We already have rage over X86 IntelWindows not booting on an M1. That’s a given when Apple up and changes things. We get so stuck on how things have always worked and expect to continue to work the same way. Apple has decided to break with the past to move forward. We’ll see if the market votes with its pocketbook. I suspect more Macs will be sold than ever before.
The fact that you can buy a Mac and still use it years (like, a decade) later has always been one of the Mac's hallmarks.
Now, if 5 years down the road my internal storage dies AND Apple gives me a cost-effective and quick way to fix it, I'm actually OK with this decsion. But if the storage dies and I'm just out of luck because the Mac is now an appliance, well, this is a real problem for me.
There is no real and valid excuse for me not to have a local bootable backup available to me if I need it.
Currently I depend on bootable drives as my Macs are old.
I have daily drivers with software I need for daily things. Then there are the occasional times I need more up to date software that won't run ob those systems.
I can manage this by simply booting off an external drive with the system/software I need.
It might be old school but it works.
The same applies with bootable backups. If the installed drive fails I can be back up and running in no time.
Time for an Apple NAS for Dummies and experts alike with Netboot and and failsafe Time Machine incorporated.
Basically, you won't be able to clone the macOS system partition to a backup drive. But, does that matter when all of the meaningful data is on the user data partition now?
Can you create a bootable backup by installing macOS on an external disk and then using the user data partition to back up your data to?
The other main issue being that you can't boot from *any* drive if your internal storage fails, but my primary use for this was using my bootable backup in conjunction with another Mac entirely while my primary Mac was being serviced, so I could pick up work from where I left off more or less, without having to do a full Migration Assistant transfer. Seems like that will still be possible, assuming I can install the OS on an external drive and still backup to the user data partition. If that's not possible, I'm not sure it's spelled out here. Anyone know for sure?