aperantos

macrumors regular
Original poster
Feb 18, 2008
110
43
London, U.K.
I have tried searching for advice but been unable to find anything, but I am unable to setup Apple Pay on my MacBook Pro (2018, 13", 4 ports).

Clicking "Add Card…" gives a dialogue "Could Not Set Up Apple Pay. Apple Pay has been disabled because the security settings of this Mac were modified."

The "Learn More" button brings up an Apple Support page which says to check the lid is open (it is), check Secure Boot Settings (I did, it is on Full Security), and to check for software updates. I am on Mojave (10.14.6) with all the latest updates.

I did turn off SIP to install iTunes 12.6 (for App Store / management access), but re-enabled it afterward, and left the stock iTunes alone by naming the older version as "iTunes 12.6.app."

Is that likely to stop Apple Pay working, even with SIP enabled and Full Security for Secure Boot? Or is there anything else that causes the behaviour or I should check?

It is a feature I can live without, which is why I have not worried about setting it up yet, but it would be good to have it working. And reassuring to know what the security problem is on my Mac if there is one.

Thanks.
 

mikethebigo

macrumors 68020
May 25, 2009
2,161
646
Did you ever find a solution to this? I have the exact same problem on my 2019 16" MBP.
 

aperantos

macrumors regular
Original poster
Feb 18, 2008
110
43
London, U.K.
Unfortunately I still cannot solve it.

Having looked at the log, I get this error from sandboxd whenever the preference pane is opened…

Sandbox: mdwrite(540) System Policy: deny(1) file-write-xattr /System/Library/PreferencePanes/Wallet.prefPane
Violation: System Policy: deny(1) file-write-xattr /System/Library/PreferencePanes/Wallet.prefPane
Process: mdwrite [540]
Path: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Support/mdwrite
Load Address: 0x102b03000
Identifier: mdwrite
Version: ??? (???)
Code Type: x86_64 (Native)
Parent Process: launchd [1]
Responsible: /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdwrite [540]
User ID: 501

Date/Time: 2020-08-05 23:21:23.601 GMT+1
OS Version: Mac OS X 10.14.6 (18G6020)
Report Version: 8


MetaData: {"process":"mdwrite","storage-class":"system","xattr":"com.apple.lastuseddate#PS","signing-id":"com.apple.mdwrite","primary-filter":"path","pid":540,"summary":"deny(1) file-write-xattr \/System\/Library\/PreferencePanes\/Wallet.prefPane","vnode-type":"DIRECTORY","responsible-process-path":"\/System\/Library\/Frameworks\/CoreServices.framework\/Frameworks\/Metadata.framework\/Versions\/A\/Support\/mdwrite","rdev":0,"operation":"file-write-xattr","errno":1,"file-flags":524288,"target":"\/System\/Library\/PreferencePanes\/Wallet.prefPane","profile":"platform","normalized_target":["System","Library","PreferencePanes","Wallet.prefPane"],"platform_binary":"yes","uid":501,"action":"deny","responsible-process-pid":540,"flags":21,"build":"Mac OS X 10.14.6 (18G6020)","path":"\/System\/Library\/PreferencePanes\/Wallet.prefPane","hardware":"Mac","process-path":"\/System\/Library\/Frameworks\/CoreServices.framework\/Versions\/A\/Frameworks\/Metadata.framework\/Versions\/A\/Support\/mdwrite","platform-binary":true,"primary-filter-value":"\/System\/Library\/PreferencePanes\/Wallet.prefPane","profile-flags":0,"platform-policy":true}

Thread 0 (id: 6441):
0 libsystem_kernel.dylib 0x00007fff6778b122 __sigsuspend_nocancel + 10
1 libdispatch.dylib 0x00007fff67614ede _dispatch_sigsuspend + 0

Thread 1 (id: 6936):
0 libsystem_kernel.dylib 0x00007fff6778affa setxattr + 10
1 libxpc.dylib 0x00007fff67886eec _xpc_connection_call_event_handler + 56
2 libxpc.dylib 0x00007fff67884e82 _xpc_connection_mach_event + 933
3 libdispatch.dylib 0x00007fff676056dd _dispatch_client_callout4 + 9
4 libdispatch.dylib 0x00007fff6761a0d6 _dispatch_mach_msg_invoke + 436
5 libdispatch.dylib 0x00007fff6760b792 _dispatch_lane_serial_drain + 268
6 libdispatch.dylib 0x00007fff6761ac19 _dispatch_mach_invoke + 481
7 libdispatch.dylib 0x00007fff6760b792 _dispatch_lane_serial_drain + 268
8 libdispatch.dylib 0x00007fff6760c396 _dispatch_lane_invoke + 385
9 libdispatch.dylib 0x00007fff676146ed _dispatch_workloop_worker_thread + 598
10 libsystem_pthread.dylib 0x00007fff67845611 _pthread_wqthread + 421
11 libsystem_pthread.dylib 0x00007fff678453fd start_wqthread + 13

Binary Images:
0x7fff67602000 - 0x7fff6763bff7 libdispatch.dylib (1008.270.1) <97273678-e94c-3c8c-89f6-2e2020f4b43b> /usr/lib/system/libdispatch.dylib
0x7fff67786000 - 0x7fff677aeff7 libsystem_kernel.dylib (4903.278.43) <40d55d88-d331-37a2-b7c0-3cd99de39403> /usr/lib/system/libsystem_kernel.dylib
0x7fff67843000 - 0x7fff6784dff7 libsystem_pthread.dylib (330.250.2) <2d5c08ff-484f-3d59-9132-ce1dcb3f76d7> /usr/lib/system/libsystem_pthread.dylib
0x7fff6787a000 - 0x7fff678a9fff libxpc.dylib (1336.261.5) <a1eabc2b-a88e-365c-aea5-1543fd75bac7> /usr/lib/system/libxpc.dylib

I do not know if that is normal, but it sounds like it is saying there is a permissions error. Although using xattr and ls -ld@ shows not extended attributes.

Also in the log, com.apple.passkit is showing these messages in the preference pane when I click the "Add Card…" button…

Failed downloading hero manifest Error Domain=NSURLErrorDomain Code=-1002

"The connection to ACDAccountStore was invalidated."

Failed to validate payment security with status: <private> error: Error Domain=PKDisplayableError Code=0 UserInfo={NSLocalizedFailureReason=<private>, NSLocalizedRecoveryOptions=<private>, NSLocalizedRecoverySuggestion=<private>, PKErrorRecoveryURL=<private>, NSLocalizedDescription=<private>}

Preconditions validated result was NO error Error Domain=PKDisplayableError Code=0 UserInfo={NSLocalizedFailureReason=<private>, NSLocalizedRecoveryOptions=<private>, NSLocalizedRecoverySuggestion=<private>, PKErrorRecoveryURL=<private>, NSLocalizedDescription=<private>}

The other notable log entries after clicking the "Add Card…" button from com.apple.passkit are in passd…

Needs Registration: YES (Has Previously Registered: NO, Has Certificates: NO, User Owns Secure Element: YES)

passd cannot start device check in as we are not registered yet

Error: Unable to fetch max payment cards

canAddPass: YES with maxCards: 0, passCount: 0 - seAvailable: YES, isInFailForward: NO

Client has entitlement for com.apple.cards.all-access
Client has entitlement for com.apple.passes.add-silently
Client has entitlement for com.apple.payment.all-access
Client has entitlement for com.apple.application-identifier

I am not sure what the maxCards error means, but it otherwise sounds like that is saying it is working, so the problem is with the preference pane?

Maybe the above will mean something to someone who can help solve the problem. Or at least confirm whether those errors are normal or not.
 

mikethebigo

macrumors 68020
May 25, 2009
2,161
646
So I know this seems random, but after trying EVERYTHING (reinstalled the OS multiple times, etc) - the thing that fixed this problem for me was to reset the SMC. I have no idea why, the SMC is mostly related to power management, but research has shown it lives on the T2 chip which is also where the Secure Enclave lives that stores the card information. Maybe try that and see if it works? It was such a relief for me to fix it.

Also, regarding security settings, make sure you have auto update enabled for all security patches. I read somewhere that was needed as well.
 
  • Like
Reactions: aperantos

aperantos

macrumors regular
Original poster
Feb 18, 2008
110
43
London, U.K.
Also, regarding security settings, make sure you have auto update enabled for all security patches. I read somewhere that was needed as well.

Thank you so much. All it needed was the "Install system data files and security updates" option (in Software update > Advanced…) to be selected.

I turn off automatic updates for various reasons, though I install them as soon as they become available. So I only had "Check for updates" selected. But checking the above alone is all that was needed, it does not even need to "Automatically keep my Mac up to date."

So just a little rant now on how this problem could have been avoided.

I would have definitely have left that option selected all along had I known "security updates" meant things like malware checklists rather than the macOS software updates which Apple calls "Security Updates". I do not feel like it was my mistake to misunderstand the meaning of that option.

Admittedly the help page for the Apple Pay error dialog does say to select the option: "To make sure that you always get important security updates promptly, keep the “Install system data files and security updates” setting enabled in Software Update preferences". But "to make sure" to me implies it is optional as a way to get things "promptly." Nothing on the page says "you must" enable the option. Had Apple said this was a requirement it would have saved a lot of time and bother.

Similarly, the vague "security settings on your Mac were modified" could have been more specific. It even had me worried about potential malware when I could not explain it. Instead all it meant was an option that Apple allows users to uncheck was unchecked. I guess it technically did modify security settings, though.

Finally, when unchecking this option surely there should be an "are you sure?" dialogue to note that it will disable Apply Pay. Because it seems a significant impact for an innocuous check box which is already poorly phrased.

There are several stages at which Apple could have made that a lot easier.
 

mikethebigo

macrumors 68020
May 25, 2009
2,161
646
Glad to hear that fixed it for you. I agree that the error message is vague and unhelpful. Whatever check it fails, it should specify how to correct it.
 

Theophil1971

macrumors 6502
Mar 20, 2015
410
176
USA
Having this issue on a brand new M1 Air machine. I've tried all that Apple suggests, and checked everything on this thread. Still no go for Apple Pay. IF anyone thinks of any other advice, let me know!! Thanks everyone
 

odysseus

macrumors member
Mar 18, 2008
49
0
@Theophil1971: I am in the same situation with the same hardware, and I can't find a way to enable ApplePay. Did you ever get Apple Pay enabled?

On a hunch, if you open the System Information app and look at "Hardware Overview", what is the Activation Lock Status? It's disabled on mine, even though I have "Find My Mac" checked in iCloud, and even though I was actually able to lock my Mac remotely, after which I had to reactivate it.

But my guess is this problem has something to do with Activation Lock Status being "disabled" on my Mac. Everything else seems as it should be:

Boot Policy:
Secure Boot: Full Security
System Integrity Protection: Enabled
Signed System Volume: Enabled
Kernel CTRR: Enabled
Boot Arguments Filtering: Enabled
Allow All Kernel Extensions: No
User Approved Privileged MDM Operations: No
DEP Approved Privileged MDM Operations: No
 

dpassent

macrumors newbie
May 16, 2014
10
4
I have same issue although Activation Lock Status is "enabled". I have 2 new mac minis - same config, bought 3 weeks apart. On my wife's mini Apple Pay prefpane is visible. On mine - it's not shown in System Settings. When I try to run it directly it spits deny(1) file-write-xattr error in logs. I also decided that I will not migrate to this mini from my old system but I will prepare on clean install (previous machine was upgraded from Sierra times). Nothing works and I am pulling my hair here... nothing works, writing defaults, logging out from iCloud and logging back, I am fighting with this for a week already and this is only thing that is not working on M1 mini (other than that - I love it)... Any new ideas would be highly appreciated... Funny enough on my M1 Air logged to the same iCloud account - everything is flawless regarding Apple Pay...
 

odysseus

macrumors member
Mar 18, 2008
49
0
I have same issue although Activation Lock Status is "enabled". I have 2 new mac minis - same config, bought 3 weeks apart. On my wife's mini Apple Pay prefpane is visible. On mine - it's not shown in System Settings. When I try to run it directly it spits deny(1) file-write-xattr error in logs. I also decided that I will not migrate to this mini from my old system but I will prepare on clean install (previous machine was upgraded from Sierra times). Nothing works and I am pulling my hair here... nothing works, writing defaults, logging out from iCloud and logging back, I am fighting with this for a week already and this is only thing that is not working on M1 mini (other than that - I love it)... Any new ideas would be highly appreciated... Funny enough on my M1 Air logged to the same iCloud account - everything is flawless regarding Apple Pay...
I would contact Apple Support about this. By the way, the workaround for my situation has been to create a second admin account, add one or more credit cards to the Wallet there, then switch back to my original admin account and try to add a card there. I'll get the message that Wallet has already been set up on another account (only one is allowed) and asked whether I want to reset the Wallet. When I click "okay", I can then set up the Wallet on my main admin account.
 

odysseus

macrumors member
Mar 18, 2008
49
0
@Theophil1971: I am in the same situation with the same hardware, and I can't find a way to enable ApplePay. Did you ever get Apple Pay enabled?

On a hunch, if you open the System Information app and look at "Hardware Overview", what is the Activation Lock Status? It's disabled on mine, even though I have "Find My Mac" checked in iCloud, and even though I was actually able to lock my Mac remotely, after which I had to reactivate it.

But my guess is this problem has something to do with Activation Lock Status being "disabled" on my Mac. Everything else seems as it should be:

Boot Policy:
Secure Boot: Full Security
System Integrity Protection: Enabled
Signed System Volume: Enabled
Kernel CTRR: Enabled
Boot Arguments Filtering: Enabled
Allow All Kernel Extensions: No
User Approved Privileged MDM Operations: No
DEP Approved Privileged MDM Operations: No
The reason why Activation Lock Status appears disabled on my machine is because is a managed device.
 

dpassent

macrumors newbie
May 16, 2014
10
4
By the way, the workaround for my situation has been to create a second admin account
Tried that... Wallet prefpane never showed up on 2nd account neither... Dling 11.2.2 hoping maybe it will fix it... But don't have my hopes high...

EDIT: Doing some more investigation - it seems that on mini (so computer that has no TouchID) there will never be Wallet prefpane available. Only place that mentions and enables Apple Pay on Macos is Privacy settings in Safari. No idea what I did (maybe adding this second admin account?) but suddenly this setting appeared after reboot. I then went paranoid and checked my wife's mini, the one that always had apple pay working - no Wallet prefpane there... So obviously there is no prefpane on machines without TouchID. It's my 1st ever mini so I was confused...
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.