An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
booting up
#58624 05/06/21 01:40 PM
Joined: Aug 2009
Likes: 2
jaybass Offline OP
OP Offline

Joined: Aug 2009
Likes: 2
OS 10.13.6

I recently had a problem with my Mac and the technician erased my HD (Sierra) and installed High Sierra. Can I start up from an external drive that is Sierra. The external drive is virus free.

I need the documents to salvage some apps.

jaybass

Last edited by cyn; 05/06/21 04:42 PM. Reason: Topic moved from the Mac Applications forum to the Mac Operating Systems forum.

OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: booting up
jaybass #58625 05/06/21 02:35 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted by jaybass
Can I start up from an external drive that is Sierra. The external drive is virus free.

I need the documents to salvage some apps.
If you are attempting to recover old applications the preferred method would be to Launch Migration Assistant in High Sierra and then use it recover your Applications, Data, Settings, whatever from the Sierra drive. It will save a lot of time and be a lot easier.

However the direct response to your question is, Yes you should be able to boot from an external drive that is Sierra without difficulty. You can do that by either of the following methods…
  1. Changing the Startup drive in System Preferences > Startup Disk (NOTE: When going back to High Sierra that should also be done through System Preferences > Startup Disk
  2. Powering down your Mac then after 10 seconds or so reboot while holding down the Option (⌥) key. (This will not change the default Startup Disk and is good for the one boot only.)


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: booting up
joemikeb #58627 05/07/21 12:33 AM
Joined: Aug 2009
Likes: 2
jaybass Offline OP
OP Offline

Joined: Aug 2009
Likes: 2
I now have everything up and running. Took quite awhile but now I can relax.

The technician told me that the firmware situation will never happen again...nice to know.

Thanks for your help joe.

Jaybass


OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: booting up
jaybass #58628 05/07/21 01:00 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted by jaybass
The technician told me that the firmware situation will never happen again...nice to know.
I wonder what se based hir assurance on?

Particularly without knowing how it happened in the first place.

To the best of my knowledge, anyone with access to your machine can set a firmware password in the time it takes you to make a trip to the men's room.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: booting up
artie505 #58629 05/07/21 11:54 AM
Joined: Aug 2009
Likes: 2
jaybass Offline OP
OP Offline

Joined: Aug 2009
Likes: 2
Now that I know I do not have a firmware password because of a new OS, Just when does one create one?

BTW, he did know what happened because I told him.

Also, no one has access to my machine. I live alone and as far as I know, there are no ghosts around.

jaybass


OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: booting up
jaybass #58630 05/07/21 12:32 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
You create a firmware password when you want to lock down your machine, like so:
When you set a firmware password, users who don't have the password can't start up from any disk other than the designated startup disk.
He knew what happened, but only in the sense that he knew the password had been set. He didn't know how it happened to begin with, which makes his saying "the firmware situation will never happen again" a bit ludicrous.

(I've got a ghost, but it's never messed with my MBP.)


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: booting up
joemikeb #58631 05/07/21 02:52 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
I neglected to mention this previously and fortunately you did not need it, but for your future reference and the benefit of others reading this thread it should also be noted that for Intel Macs with the T2 security chip it is necessary to specifically authorize booting from an external drive using the same Startup Security Utility used to set the firmware password. On M1 Macs authorization falls under the Volume Security Policy.

COMMENT: The ability to boot from an external drive is a HUGE security vulnerability permitting anyone with a bootable external drive the opportunity to grab anything and everything from an un-encrypted boot drive. My advice would be to NOT PERMIT booting from an external drive, and should you choose to allow it, all of your drives should all be encrypted.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: booting up
joemikeb #58633 05/07/21 09:52 PM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
Originally Posted by joemikeb
COMMENT: The ability to boot from an external drive is a HUGE security vulnerability permitting anyone with a bootable external drive the opportunity to grab anything and everything from an un-encrypted boot drive. My advice would be to NOT PERMIT booting from an external drive[/u][/b].
If I made my iMac not bootable from an external drive, would that same protection then extend to the Time Machine and CCC drive copies? (Mojave 10.14.6)

Last edited by ryck; 05/07/21 09:53 PM.

ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: booting up
ryck #58634 05/07/21 10:28 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted by ryck
If I made my iMac not bootable from an external drive, would that same protection then extend to the Time Machine and CCC drive copies? (Mojave 10.14.6)
It makes no difference where the external drive image comes from or how it was created the system will not boot from an external drive unless and until the security settings are appropriately reduced. There is also a setting that prevents booting from an external drive unless it is the same version of MacOS as installed on the internal drive (which may or may not be true of Time Machine restores or Clones). I unintentionally verified that a few years ago and darn near wore a bald spot scratching my head until I figured out what was going on. 🤯🤬😵‍💫☝️←(emotional gambit)

AFTER THOUGHT: I have not personally verified every permutation of this but it is possible to boot from a Recovery Drive image on the internal drive or on any external media from a bootable thumb drive to the internet. But in that case the only options available are…
  • Re-install MacOS,
  • Recover from a Time Machine backup
  • Run Disk Utility, or
  • Run Safari

…which still leaves the data on the internal drive relatively inaccessible. If the internal drive is encrypted read relatively as virtually completely inaccessible.

Last edited by joemikeb; 05/07/21 10:51 PM.

If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: booting up
joemikeb #58635 05/08/21 12:14 AM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
Originally Posted by joemikeb
It makes no difference where the external drive image comes from or how it was created the system will not boot from an external drive unless and until the security settings are appropriately reduced.
I need to clarify my query. I understand that, if my iMac has a firmware password, it cannot be booted by an external drive.

Does that still leave my Time Machine and CCC drives exposed? That is, if I have a break-in, can the thief just pocket one of my backup drives and have access to all my information?

Last edited by ryck; 05/08/21 12:15 AM.

ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: booting up
joemikeb #58636 05/08/21 11:24 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
What's to stop someone from booting into Recovery and changing the "no booting from an external" setting?

Should booting into Recovery require a password?


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: booting up
ryck #58637 05/08/21 01:13 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted by ryck
I need to clarify my query. I understand that, if my iMac has a firmware password, it cannot be booted by an external drive.

Does that still leave my Time Machine and CCC drives exposed? That is, if I have a break-in, can the thief just pocket one of my backup drives and have access to all my information?
Your external drives are exposed unless they are encrypted. Time Machine offers encryption as an option and will warn you if you backup an encrypted drive to an unencrypted Time Machine volume. Encryption is at the volume level, not the file level so clones, even clones of an encrypted volume, are not encrypted unless the target drive is encyrypted. FWIW Although there may be some speed penalty using encrypted drives I have never found it to be detectable in normal day to day use.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: booting up
artie505 #58638 05/08/21 01:23 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted by artie505
What's to stop someone from booting into Recovery and changing the "no booting from an external" setting?
You must know an administrative password for an account on the internal drive to change the security settings on M1 Macs running MacOS 11. I no longer have an Intel Mac to check that out.

Originally Posted by artie505
Should booting into Recovery require a password?
Not in my opinion. There are too many situations where that could prevent recovery from a disaster. I think requiring an account password to change security settings is sufficient and safer. Remember there are only a limited number of things you can do in the Recovery Drive so the data is pretty well protected. But again, IMO the drive should be encrypted. Think of it as putting your data in a safe that is locked in a vault.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: booting up
joemikeb #58643 05/09/21 08:56 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted by joemikeb
Originally Posted by artie505
What's to stop someone from booting into Recovery and changing the "no booting from an external" setting?
You must know an administrative password for an account on the internal drive to change the security settings on M1 Macs running MacOS 11. I no longer have an Intel Mac to check that out.

Originally Posted by artie505
Should booting into Recovery require a password?
Not in my opinion. There are too many situations where that could prevent recovery from a disaster. I think requiring an account password to change security settings is sufficient and safer. Remember there are only a limited number of things you can do in the Recovery Drive so the data is pretty well protected. But again, IMO the drive should be encrypted. Think of it as putting your data in a safe that is locked in a vault.
I just checked and found that a password is required to boot my Intel 16" MBP running macOS 11.3.1 into Recovery.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: booting up
artie505 #58644 05/09/21 06:04 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted by artie505
I just checked and found that a password is required to boot my Intel 16" MBP running macOS 11.3.1 into Recovery.
Thanks for verifying my suspicions.

BY-THE-WAY: I just downloaded and tested yesterday's release of Carbon Copy Cloner 5.1.27-b1 (6187) and there is no change in the results when creating a bootable external clone. Not that I really expected a change, but I thought that since I am running the MacOS 11.4 beta there might be a difference, but no joy.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: booting up
joemikeb #58647 05/10/21 05:54 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Any thoughts about why the same version of macOS that requires a password to boot into Recovery on my Intel Mac is more permissive on your M1?


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: booting up
artie505 #58648 05/10/21 10:02 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted by artie505
Any thoughts about why the same version of macOS that requires a password to boot into Recovery on my Intel Mac is more permissive on your M1?
There are significant differences between Intel and M1 Macs in where security is applied. On Intel Macs with Apple's T2 security chip protection is applied at the system level while on M1 Macs it is applied at the Volume Group level. So for example if you reduce the security level on an Intel Mac that reduction applies to any bootable drive attached to that system but on the M1 it is possible to have multiple bootable volume groups on the same drive, each with its own security setting.

That brings up another interesting question to explore. Filevault encryption has always been at the drive level, but individual APFS volumes may be individually formatted APFS (Encrypted), does that mean a single drive may have encrypted and un-encrypted volumes?


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: booting up
joemikeb #58649 05/11/21 10:51 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted by joemikeb
Originally Posted by artie505
Any thoughts about why the same version of macOS that requires a password to boot into Recovery on my Intel Mac is more permissive on your M1?
There are significant differences between Intel and M1 Macs in where security is applied. ....
Thanks for the explanation.

Complicateder and complicateder!


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Moderated by  alternaut, dkmarsh, joemikeb 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.038s Queries: 50 (0.028s) Memory: 0.6694 MB (Peak: 0.8044 MB) Data Comp: Zlib Server Time: 2024-03-29 15:05:04 UTC
Valid HTML 5 and Valid CSS