No this only erases the data by destroying the encryption key stored in the T2. If you need to go back to a public update from the beta or do a full software restore you still need Configurator 2.This is awesome news.So glad to see this. Will it replace using Configurator 2 on the M1 to restore / revive?
Great coverage on the new OS releases, MR. I appreciate the hard work.
yet you did say this, which is what I responded to :
To just say it again, No you dont, you can destroy the encryption key.
The assumption behind many types of encryption is that the amount of computing time necessary to break said encryption is an impossible barrier to overcome. That assumes an exhaustive search of the potential key space. The NSA has manipulated the standards process enough times that that assumption is probably invalid for most NIST-approved encryption algorithms, and possibly invalid for public-key encryption.
i stand corrected
i suppose if the feature actually works as intended then perhaps one no longer needs to wipe the drive of an apple silicon computer in order to make the data inaccessible
better?
i’m still more curious about what data and settings it removes, ie: does it creates a completely fresh install faster and with fewer clicks and keystrokes than erasing the disk and reinstalling through a recovery volume or drive? for me that would be a much more interesting and useful feature
I wasn’t asking about backup. Configurator 2 isn’t a backup app. I was talking about in general not going back from beta.
If an adversary wants to "insta-delete" your personal files - they don't need this "new" feature. Moreover, data destruction isn't very helpful to them - they can't ransom you for permanently deleted files.
If you have FileVault enabled, you don't need to secure reformat (and you can't reliably secure reformat an SSD, anyway). Reformatting the drive will dump the encryption keys instead of decrypting the drive, making the data unrecoverable.
On T2 and M1 Macs, storage is always encrypted, both with FileVault on and FileVault off. With Monterey, as with Big Sur, FileVault is beneficial.
www.macworld.com
What if the user gives an app permission to load kernel extensions? Some of the apps I use continue to require them (as these are not exotic apps, I would consider this part of normal operation). Aren't kexts installed into the OS kernel and thus into the Signed System Volume? And, if so, doesn't that mean this feature will not restore the OS to its factory state?
Sounds like your prediction is that, if kexts are installed into the SSV, this feature won't work.
macOS uses full disk encryption. Every byte on the SSD is encrypted. Slack is as encrypted the same as data.
You were in regular recovery. You can start up using Option-Command-R (instead of Command R, which brings you back to what originally came installed on the Mac) erase the drive with Disk Utility(both volumes, Macintosh HD, and HD Data) then when you reinstall it will be the latest and greatest and whoever turns it on next will get the set up assistant. Option Command and R takes you to whatever the newest the Mac can handle. https://support.apple.com/en-us/HT204904
They don’t have to be in the SSV to be loaded in the kernel. According to this pages, 3rd party KEXTs stored in `/Library/Extensions`, but 1st party extensions are stored in `/System/Library/Extensions`.
eclecticlight.co
Why not? If every byte is encrypted, slack (if any) is also encrypted. Furthermore, nobody will be able t o tell what data is part of a file and what isn’t, since there will be no readable directory.
