Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Resolved Is BridgeOS upgraded when installing on external drive?
- Thread starter Dieulot
- Start date
-
- Tags
- bridgeos
- Sort by reaction score
Yes, any applicable firmware updates will be applied, even if installing to an external disk.
Quite true, and this can have unforeseen consequences. My 2019 T2-equipped MBA shipped with Mojave, which was still installed on the internal drive a few years ago when I decided to install Big Sur to an external drive for testing. I subsequently discovered that attempting to boot into recovery without that particular external drive connected would reliably fail. Even reinstalling Mojave on the internal drive did not fix the problem.
This is why I don't install betas on production hardware, and I REALLY wish Apple provided a mechanism to downgrade firmware. The error you are referring to (and I know I'm really late to the party) is because the firmware won't let you boot a version of macOS that doesn't respect Activation Lock
At least on Apple Silicon Macs, doing a DFU restore to an older OS will also downgrade the firmware.
Yes but as far as I can tell there is no public known exploit that allows remote code execution before activation on any M1 macs on ANY version of the software. I bought a locked mac (someone had pawned it, pawn shop didn't know about activation lock, pawn shop sells it on ebay after the owner never collected it). It's a pretty nice Macbook Pro 14".
I do believe a known exploit exists, but it's deliberately kept quiet to avoid attention and patching. BTW m1 macs will only allow installing old versions of the software if you "reduce security settings" in recovery mode. Full security (the default) will not let you downgrade. Reducing security is the first thing I do on all my Macs. Unless you have 200 million in bitcoin or are a journalist in Saudi Arabia no one is going be getting physical access to your Mac to exploit a 0 day like that.
That's incorrect. Apple allows installation of any compatible version of macOS. They have not disabled any from booting or installing in full security mode as of now.
I realize your post is a bit old now but curious is this still true? If I have a T2-equipped Mac (e.g. Mini 2018) running Mojave and I upgrade it to Big Sur or later will I be unable to downgrade it back to Mojave? This is the first I've heard that might be difficult.
Still true, I'm afraid. With Big Sur or later installed, booting to recovery works as expected. But with Mojave installed, attempts to boot to the local recovery partition always fail, as do attempts to do an internet recovery. Booting from a Mojave installer USB does work, so I keep one of those around for recovery purposes. To the best of my knowledge, there's no going back once the T2 firmware has been upgraded.
EDIT: Just to clarify, yes you'll be able to go back to Mojave, but the Mojave recovery partition will never work again.
Are you sure? I thought it worked provided you didn’t use Activation Lock. You get error 5101 if the device is AL’d but recovery isn’t AL aware (before Catalina), but it’s been a long time since I’ve tested it!
As @chrfr said in post#5, wouldn’t Apple Configurator 2 restore Mojave firmware? Thought that was a cast iron method of completely (incl all firmware) restoring a machine back to factory state. Bootable installers will not roll back firmware.
Configuratior cannot downgrade firmware on anything but Apple Silicon devices, so no, it won’t restore the firmware to that which finds Mojave in internet recovery because Mojave only runs on Intel Macs.
Yes, I'm sure. Even after turning off Find My, trying to boot to recovery results in the machine immediately invoking internet recovery, which always fails with error -1008F. All I got from Apple Support was "oops..." As far as I'm aware, this problem affects only T2-equipped machines.
@MrMacintoshBlog posted this back in 2021, but there seems to be no signed firmware available corresponding to macOS 10.14.
It doesn't matter anyway, as once Intel Mac firmware is updated, you can't downgrade it. If you had an old T2 Mac that was still on High Sierra and you updated that to Mojave it'd end up with a Mojave version of firmware– signing isn't relevant here. Mojave never ran on Apple Silicon Macs so there'd be no firmware for those no matter what.
Not strictly correct in the case of T2 if you believe the article I linked to, but I agree that it's irrelevant for my situation.
Just a heads-up for anyone trying to stick with an older firmware for whatever reason (e.g. to retain Mojave recovery mode as above): Apple software updates may even take it upon themselves to download and install the latest firmware/Boot PROM/iBridge even if the updater being used is related to an older version of the OS.
For example, I noticed the Catalina side of a Mac Mini 2018 that was dual-booting Mojave (10.14.6 + SU2021-005) and Catalina (10.15.7 Supplemental but no later security updates) was woefully behind in security udpates. Though that side was little used, I installed Catalina SU2022-005, etc just to get it the final release. Then I was surprised to find this after the update:
Boot ROM: 2069.40.2.0.0 (iBridge 22.16.12093.0.0,0)
That's the T2 firmware associated with Sequota 15.2.
Just before the update I had recorded (for unrelated tests I was doing):
Boot ROM: 1554.140.20.0.0 (iBridge: 18.16.14759.0.1,0)
That's the T2 firmware expected for a system with Mojave Security Update 2021-005.
I had expected to see something like after installing that update on the Catalina side:
Boot ROM: 1731.140.2.0.0 (iBridge: 19.16.16064.0.0,0)
corresponding to the firmware originally included with Catalina Security Update 2022-005. But I guess Apple decided this system needs a few years more updates.
So if there is something in a new firmware that causes you problems, you may not want to install OS updates even if for an older OS until the fixed firmware becomes available unless you have a firmware downgrade plan.
More generally Apple needs to stop updating the firmware on every single OS update and/or doing so without permission. I know that sounds like the complaint of someone who thinks they own their computer.
For example, I noticed the Catalina side of a Mac Mini 2018 that was dual-booting Mojave (10.14.6 + SU2021-005) and Catalina (10.15.7 Supplemental but no later security updates) was woefully behind in security udpates. Though that side was little used, I installed Catalina SU2022-005, etc just to get it the final release. Then I was surprised to find this after the update:
Boot ROM: 2069.40.2.0.0 (iBridge 22.16.12093.0.0,0)
That's the T2 firmware associated with Sequota 15.2.
Just before the update I had recorded (for unrelated tests I was doing):
Boot ROM: 1554.140.20.0.0 (iBridge: 18.16.14759.0.1,0)
That's the T2 firmware expected for a system with Mojave Security Update 2021-005.
I had expected to see something like after installing that update on the Catalina side:
Boot ROM: 1731.140.2.0.0 (iBridge: 19.16.16064.0.0,0)
corresponding to the firmware originally included with Catalina Security Update 2022-005. But I guess Apple decided this system needs a few years more updates.
So if there is something in a new firmware that causes you problems, you may not want to install OS updates even if for an older OS until the fixed firmware becomes available unless you have a firmware downgrade plan.
More generally Apple needs to stop updating the firmware on every single OS update and/or doing so without permission. I know that sounds like the complaint of someone who thinks they own their computer.