EXTERNAL BOOT VOLUMES
I have been able to successfully create a second bootable volume on the internal HD in my M1 Mac mini, but as of this date I have been unable to create a bootable external boot volume. 🤬 I am not alone in that difficulty, there are dozens of threads in support forums all reporting similar results. The common error is
Quote
error 104 dsNeedToWriteBootBlocks need to write new boot blocks
Which I interpret to mean the installer is not creating the boot image.
From my experience and network searches I have learned….
  • You need to forget everything you knew about creating an external boot volume on an Intel Mac as it is not applicable, isn't available, or simply doesn't work on an M1 Mac 😡
  • If there is an equivalent to permitting booting from an external drive on an Intel Mac, no one has found how to access it on an M1 Mac ❓
  • I have found no reports of successfully creating an external boot drive via the Recovery Disk installation but it will create a bootable volume group on the internal drive 🤷‍♂️
  • 100% of the few successes reported have been on Thunderbolt connected drives 🤔 and a 100% failure rate on USB connected drives. (there is speculation USB simply isn't fast enough 🤷‍♂️ )
  • The only successful external installs I have read about resulted from using the macOS 11 or 11.0.1 installer from the App Store not the Recovery Drive 😳
  • From those successes there are reports indicating an option boot may not be successful either but changing the boot drive in System Preferences is reliable.

This remains a work-in-process.

SIP:
It is still possible to disable SIP (System Integrity Protection) on M1 Macs using crsutil but…
  • It has to be done in Terminal while booted from the Recovery Drive on a boot volume by boot volume basis
  • Disabling SIP also disables iOS apps on the M1 Mac 🤷‍♂️


SETTINGS SCOPE:
Settings which were for an entire system on Intel Macs, are set on a on a boot volume by boot volume basis on M1 Macs including:
  • Gatekeeper options
  • SIP (System Integrity Protection)
  • Beta test authorization

and these can only be set while booted from the Recovery Drive.

If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein