I apologize in advance if this question is dumb or has otherwise been beaten to death in another discussion before.
Regarding the "Full Security" boot mode setting in the Secure Boot settings located in the Startup Security Utility on Intel Macs that have the T2 Chip (which I'm pretty sure is the default on all T2 based Intel Macs): I know that it will only allow for OSes currently signed by Apple (a la how it's done on iPadOS and iOS) or the OS that is currently installed. Does that mean that, once macOS Monterey is out and whatever the last release of macOS Big Sur ends up being is no longer being signed by Apple, I won't be able to wipe a Mac that currently has macOS Big Sur and reinstall it and/or run an "Install macOS Big Sur" .app to do an erase and install? I get the feeling that it does. But I'm also not 100% sure on where the line gets drawn. Obviously, if I want to use a bootable drive; I'm already having to modify settings in Startup Security from their default.
The practical application for this which prompts my question: I work at an all Mac business and the goal is to bring all Big Sur capable Macs to Big Sur. However we are not wanting to deploy macOS Monterey until it matures a bit. But we have a sizable T2 Mac population and, for the sake of security (also the desire to not have to go to each and every T2 Mac in the company [at least 100 systems scattered throughout the globe] and get into the Startup Security Utility to weaken its settings), I don't want to have to weaken its settings in order to get macOS Big Sur installed. Given that, I'm guessing that, if I want to up those T2 Macs to Big Sur without changing the default startup security settings on each T2 Mac, I'll need to make sure I upgrade all of them before the fall. Am I correct about this? If so, it's gonna be a fun rest of the summer...
Regarding the "Full Security" boot mode setting in the Secure Boot settings located in the Startup Security Utility on Intel Macs that have the T2 Chip (which I'm pretty sure is the default on all T2 based Intel Macs): I know that it will only allow for OSes currently signed by Apple (a la how it's done on iPadOS and iOS) or the OS that is currently installed. Does that mean that, once macOS Monterey is out and whatever the last release of macOS Big Sur ends up being is no longer being signed by Apple, I won't be able to wipe a Mac that currently has macOS Big Sur and reinstall it and/or run an "Install macOS Big Sur" .app to do an erase and install? I get the feeling that it does. But I'm also not 100% sure on where the line gets drawn. Obviously, if I want to use a bootable drive; I'm already having to modify settings in Startup Security from their default.
The practical application for this which prompts my question: I work at an all Mac business and the goal is to bring all Big Sur capable Macs to Big Sur. However we are not wanting to deploy macOS Monterey until it matures a bit. But we have a sizable T2 Mac population and, for the sake of security (also the desire to not have to go to each and every T2 Mac in the company [at least 100 systems scattered throughout the globe] and get into the Startup Security Utility to weaken its settings), I don't want to have to weaken its settings in order to get macOS Big Sur installed. Given that, I'm guessing that, if I want to up those T2 Macs to Big Sur without changing the default startup security settings on each T2 Mac, I'll need to make sure I upgrade all of them before the fall. Am I correct about this? If so, it's gonna be a fun rest of the summer...
