Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Adora

macrumors 6502
Original poster
Jun 30, 2024
361
143
In addition to TimeMachine, I recently finally purchased Carbon Copy Cloner and SuperDuper and some expensive fast external drives to always have a bootable copy of my Mac's internal drive if it somehow fails or something else ist damaged and I could use another Mac to just boot from that drive it just works like before. At least I thought so...

Now I read this and am really shocked. I can't even boot from an external clone anymore if the internal storage fails? And also there are other issues why this backup-option is not recommended. I am very mad at Apple now. :mad:

What about using a different Mac to just go on? Is that also not possible?

I even thought the whole time my backups were bootable, even with updated backups and no completely new clone.

I could have saved much money and just used TimeMachine.


From CCC Help:

Things you should know before relying on an external macOS boot device​

This procedure relies on Apple's proprietary APFS replication utility, which is outside of our developmental control. We welcome feedback on this functionality, but we cannot offer in-depth troubleshooting assistance for problems that Apple's replication utility encounters.

  • Whether the destination is bootable depends on the compatibility of your Mac, macOS, and the destination device. We cannot offer any troubleshooting assistance for the bootability of the destination device beyond the suggestions offered in our External Boot Troubleshooting kbase article.
  • The destination may not remain bootable if you proceed to perform regular backups to the destination. This procedure is not intended to be used for regular backups.
  • Apple Silicon Macs: Apple's replication utility may fail to produce a bootable USB device. Results with Thunderbolt devices are more consistent. If you only have a USB device, we recommend making a Standard Backup to that device, then install macOS onto the backup (in that order specifically).
  • Apple Silicon Macs will not boot at all if the internal storage fails. An external bootable device will not serve as a rescue disk for that scenario.
For the reasons noted above, we do not recommend that you attempt to make your backups bootable; we recommend that you proceed with a "Standard Backup" instead. You can restore all of your documents, compatible applications, and settings from a standard CCC backup without the extra effort involved in establishing and maintaining a bootable device.
 

kschendel

macrumors 65816
Dec 9, 2014
1,289
563
It's sort-of true, as best as I can tell. You can boot from an external drive, however for machines with T2 chips, you need to change the startup security settings from the default (external boot disallowed). And, if the internal storage failed, you might not be able to change the startup security settings, because it needs an administrator password.

If you change the startup security while the internal storage is OK, then you can boot from a rescue drive; the downside is that if your computer is stolen, you've made it usable by the thief.
 

Mike Boreham

macrumors 68040
Aug 10, 2006
3,867
1,883
UK
It's sort-of true, as best as I can tell. You can boot from an external drive, however for machines with T2 chips, you need to change the startup security settings from the default (external boot disallowed). And, if the internal storage failed, you might not be able to change the startup security settings, because it needs an administrator password.

If you change the startup security while the internal storage is OK, then you can boot from a rescue drive; the downside is that if your computer is stolen, you've made it usable by the thief.
Changing Start up Security will not enable booting a Silicon Mac from an external when the internal has failed. It will an Intel Mac.
On Silicon the internal has a hidden iBoot volume which is always used on boot, internal or external. If this is not available machine will not boot. This is consistent with the CCC article.
 
Last edited:
  • Like
Reactions: Nermal and jdb8167

Mike Boreham

macrumors 68040
Aug 10, 2006
3,867
1,883
UK
In addition to TimeMachine, I recently finally purchased Carbon Copy Cloner and SuperDuper and some expensive fast external drives to always have a bootable copy of my Mac's internal drive if it somehow fails or something else ist damaged and I could use another Mac to just boot from that drive it just works like before. At least I thought so...

Now I read this and am really shocked. I can't even boot from an external clone anymore if the internal storage fails? And also there are other issues why this backup-option is not recommended. I am very mad at Apple now. :mad:

What about using a different Mac to just go on? Is that also not possible?

I even thought the whole time my backups were bootable, even with updated backups and no completely new clone.

I could have saved much money and just used TimeMachine.
How many times have you needed to boot from a bootable clone ?

How many of those times was the reason an actual internal drive failure? (my experience is never).

How many of these times was it absolutely necessary to able to carry on within 5 minutes of failure?

If the reason was other than actual internal failure, you could erase > reinstall > migrate from TM or CCC backup and be up and running in quite a short time (depends on qty of data and speed of backup drive).

Even before the changes to bootablility happened I always preferred to erase > install > migrate, which recovers the internal drive, unlike a bootable external clone which is a temporary solution. Yes, if the internal had failed this would not be an option. If near instant continuity of use is business critical, I would fork out for a second machine rather than rely on a bootable clone.

TL;DR bootable clones are not as important as many people tend to think they are!
 

theolderoldcoot

macrumors newbie
May 23, 2024
15
33
I use CCC and TimeMachine and have tried SuperDuper. I never (knock-on-wood) needed a bootable backup.
 

Adora

macrumors 6502
Original poster
Jun 30, 2024
361
143
How many times have you needed to boot from a bootable clone ?

How many of those times was the reason an actual internal drive failure? (my experience is never).

How many of these times was it absolutely necessary to able to carry on within 5 minutes of failure?

If the reason was other than actual internal failure, you could erase > reinstall > migrate from TM or CCC backup and be up and running in quite a short time (depends on qty of data and speed of backup drive).

Even before the changes to bootablility happened I always preferred to erase > install > migrate, which recovers the internal drive, unlike a bootable external clone which is a temporary solution. Yes, if the internal had failed this would not be an option. If near instant continuity of use is business critical, I would fork out for a second machine rather than rely on a bootable clone.

TL;DR bootable clones are not as important as many people tend to think they are!
On one of my fist Macs ever the internal drive failed shortly after warranty ended. It was an 11" MBA from maybe 2012 or 2013. But in that time it was no hassle for me get a new Mac or use an external drive to do a clean install and just copy over what I really need from my backup, using migration assistant or not.

Now I am very sick and rely on a working Mac with a big enough screen size and a good mouse and keyboard. Even just buying a new one online is really exhausting for me. So it would be good to have a second one that would just work directly already here.

I didn't even use my 16" MBP anymore since I have a larger screen because it's much easier for my eyes, but thought in case of damage I just could hook a bootable backup drive to it and everything just works directly, when booting from that drive. Will this work at least? It's an M2Pro and the iMac an M3. Like I wrote I usually always disable all oh those security things.

But you are right it would be not that much more work to just migrate from a TimeMachine backup to the other Mac if there already is one.

So now everything is in one "chip"? CPU/GPU/RAM/FlashStorage and if any of that fails even if it's only the storage I can't use the Mac anymore?

Sounds like Macs nowadays are like my 2016 iPad Pro that recently just died and there is no possibility to find out what the reason could be. I think it was also "just" the storage.
 

Mike Boreham

macrumors 68040
Aug 10, 2006
3,867
1,883
UK
I didn't even use my 16" MBP anymore since I have a larger screen because it's much easier for my eyes, but thought in case of damage I just could hook a bootable backup drive to it and everything just works directly, when booting from that drive. Will this work at least? It's an M2Pro and the iMac an M3. Like I wrote I usually always disable all oh those security things.
Sorry about your health issues.

Not sure exactly what you are asking here. Are you asking if you could boot your old 16" MBP from a bootable clone of your current Silicon Mac?

If your 16" MBP is Intel, I am afraid the answer is no, Silicon will not boot Intel and vice versa.

If your 16" MBP is Silicon I think the answer is still no, but I am not sure about this. It is possible that reduced Startup Security Settings might allow this. The whole reason Apple is making external booting harder is because booting a Mac from a random bootable eternal is a big security risk.
 
  • Like
Reactions: gilby101

Adora

macrumors 6502
Original poster
Jun 30, 2024
361
143
Sorry about your health issues.

Not sure exactly what you are asking here. Are you asking if you could boot your old 16" MBP from a bootable clone of your current Silicon Mac?

If your 16" MBP is Intel, I am afraid the answer is no, Silicon will not boot Intel and vice versa.

If your 16" MBP is Silicon I think the answer is still no, but I am not sure about this. It is possible that reduced Startup Security Settings might allow this. The whole reason Apple is making external booting harder is because booting a Mac from a random bootable eternal is a big security risk.

It's an M2 Pro MBP like I wrote. So both are Apple Silicon.

Is it not even possible to make bootable installers anymore and use them or just booting another instance of macOS from an external drive. Or does that work if all is done on the same Mac?

I don't think anyone will get hold on my Macs, because I am always at home. So I don't really care about those security things.

Years ago I only had to turn off Gatekeeper, then SIP in addition and now change those boot security options to the lowest setting for being able to install kernel extensions.

And turning all this off doesn't let me boot from an external drive? But the latest CCC lets me create backup clones anyway as a legacy option and says there might be problems booting from USB and I should better use Thunderbolt. So it has to work somehow?

It was always the big advantage of OS X/macOS to put your main drive into another Mac or hook it externally somehow and it just worked. Could even be a completely different Mac, it just had to support the version of macOS. If you tried this with Windows and an almost identical PC there were always many problems, if it even booted.
 

chrfr

macrumors G5
Jul 11, 2009
13,661
7,198
It's sort-of true, as best as I can tell. You can boot from an external drive, however for machines with T2 chips….
Apple Silicon Macs are not T2 Macs. The T2 only appeared in late Intel Macs, so not relevant to the question here.
 

Mike Boreham

macrumors 68040
Aug 10, 2006
3,867
1,883
UK
It's an M2 Pro MBP like I wrote. So both are Apple Silicon.

Is it not even possible to make bootable installers anymore and use them or just booting another instance of macOS from an external drive. Or does that work if all is done on the same Mac?

Yes you can still create bootable installers and they will work on any Mac, including Intel,
I don't think anyone will get hold on my Macs, because I am always at home. So I don't really care about those security things.

Years ago I only had to turn off Gatekeeper, then SIP in addition and now change those boot security options to the lowest setting for being able to install kernel extensions.

And turning all this off doesn't let me boot from an external drive? But the latest CCC lets me create backup clones anyway as a legacy option and says there might be problems booting from USB and I should better use Thunderbolt. So it has to work somehow?
CCC can still make working bootable backups, (but it no longer the default method), and yes external booting is more reliable with true thunderbolt drive than USB....but no bootable clone will boot a Silicon Mac if the internal drive has failed, even if you turn off SIP, reduce Startup Security etc.
It was always the big advantage of OS X/macOS to put your main drive into another Mac or hook it externally somehow and it just worked.
That is still possible with a Silicon Mac and many people do it as their daily driver, but it won't work if the internal drive has failed.
Could even be a completely different Mac, it just had to support the version of macOS. If you tried this with Windows and an almost identical PC there were always many problems, if it even booted.
It is a security risk if someone can steal your Mac and boot from their external drive. This is why Apple have made it more difficult. The old story ...more security comes at the price of convenience.
 
Last edited:
  • Like
Reactions: Adora

Ben J.

macrumors 6502a
Aug 29, 2019
897
533
Oslo
I have three backups of my internal drive called MAX:
CCC Max Clone - bootable backup on ext drive1 (my fastest NVMe)
CCC MAX 2 - plain, non-bootable backup on ext drive2
CCC MAX 3 - on ext drive3, updated once a week and stored next door

I could have done fine without the bootable backup, but I find it very useful for two reasons:
• If I should find myself in a position where I've screwed up something on the internal by installing bad software f.ex, I can boot from the backup, run CCC and restore the internal to a previous snapshot state. And because this is done from an external boot, CCC only restores the recently modified files/folders, so it takes literally seconds. Pretty sure Disk Utilities can't do this, it will have to erase and restore the whole volume.
• If I'm in a hurry, I can simply carry on working on the clone, until I have the free time.
 

Mike Boreham

macrumors 68040
Aug 10, 2006
3,867
1,883
UK
I have three backups of my internal drive called MAX:
CCC Max Clone - bootable backup on ext drive1 (my fastest NVMe)
CCC MAX 2 - plain, non-bootable backup on ext drive2
CCC MAX 3 - on ext drive3, updated once a week and stored next door

I could have done fine without the bootable backup, but I find it very useful for two reasons:
• If I should find myself in a position where I've screwed up something on the internal by installing bad software f.ex, I can boot from the backup, run CCC and restore the internal to a previous snapshot state. And because this is done from an external boot, CCC only restores the recently modified files/folders, so it takes literally seconds. Pretty sure Disk Utilities can't do this, it will have to erase and restore the whole volume.
Yes rolling back from a local snapshots as you describe is near instant and a great tool. I have used it successfully a few times. I suspect it is a much underused capability. Much quicker than migrating form a backup drive.

But the CCC snapshots are only of the -Data volume and do not include the Signed Sealed System Volume. So you can do a whole machine roll back from the snapshots on a non-bootable CCC clone (assuming you have snapshots enabled). You don't need a bootable CCC clone.

Time Machine also makes the same snapshots and stores them on the boot drive so that you can do a roll back without any external backup connected. Since Big Sur it has not been possible roll back across a macOS update.

Since version 7, CCC can also make snapshots on the boot volume like TM. (see section on Vacation Snapshots). For snapshots, CCC is much more flexible than Time Machine because the retention policy is customisable where Time Machine is not.


• If I'm in a hurry, I can simply carry on working on the clone, until I have the free time.
Maybe because I have a lot of software and a lot of photos and data in iCloud, I always find that booting to a bootable clone takes a long time to reauthorise everything, and for all data and photos to finish syncing. It is not a quick option for me, though can imaging it could be for some.
 
Last edited:
  • Wow
Reactions: macfacts

Krevnik

macrumors 601
Sep 8, 2003
4,101
1,312
It is a security risk if someone can steal your Mac and boot from their external drive. This is why Apple have made it more difficult. The old story ...more security comes at the price of convenience.

I'm not sure this is the reason, as DFU mode would be a bypass for such a scheme. Activation lock is what deters theft. There is a security reason for it though.

Historically, peripheral firmware is stored on some sort of NVRAM which the peripherals have direct access to (Flash ROM or what-have-you). With Apple Silicon, this is stored on the SSD instead, and provided to the peripherals on boot up. So it's less firmware, and more software. This has two advantages:

1) It makes it harder to persist a firmware attack. The peripheral memory is fully reset on every boot, and the SSD partition with the peripheral software shouldn't normally be accessible to the running OS, so even taking control of the kernel should mostly keep this stuff out of reach of malicious software. So it's extra hoops malicious software has to jump through to persist itself at this level. It's not a common attack vector (yet), but Apple has been pretty aggressive in the last decade to ensure it stays that way. IIRC, there's also some checks to confirm the source of the software was Apple before providing it to the peripherals.

2) Peripheral software can be matched to the OS that is about to be booted. This can lead to better stability when you have to boot an older version of the OS for any reason (testing/etc). You won't get issues where new firmware + old OS exposes a bug that wasn't present with the old firmware and old OS. So developers aren't hamstrung by old firmware behaviors if they find an optimization/etc they want to make.

The result is that the SSD is serving the role of NVRAM. By ditching the separate NVRAM, Apple systems now have a single point of failure. If the SSD dies, it takes the "firmware" with it, so you couldn't boot the peripherals to talk to the external drive to fetch the "firmware" off that even if you wanted to. Much like if the NVRAM with the BIOS firmware dies in my gaming PC.

Honestly, I think Apple really needs to standardize on repairable systems here. The SSD is a wear component, and making it a big rework project to replace the chips on a logic board is going to lead to more waste (in total), not less. Especially when Apple will stop servicing these machines before their useful life runs out.
 
  • Like
Reactions: Mike Boreham

mr_roboto

macrumors 6502a
Sep 30, 2020
827
1,782
It is a security risk if someone can steal your Mac and boot from their external drive. This is why Apple have made it more difficult. The old story ...more security comes at the price of convenience.
The root of the problem is that all software has bugs, and the more complex that software is, the more bugs it has.

In a security context, bugs are vulnerabilities that an attacker could exploit. So if your goal is to create a highly secure boot process minimizing the chance of vulnerabilities, complexity is your enemy. In security circles this concept is often referred to as "attack surface" - the more complex a software stack is, the more places it can potentially be attacked.

My quibble with what you've said is this... it isn't about theft, it's just simplicity. UEFI (the firmware used on Intel Macs) is essentially its own operating system with graphics, a network stack, all kinds of disk drivers, and so forth. Apple Silicon boot firmware, on the other hand, is as minimalistic as possible while still retaining the ability to boot at all.

Unfortunately the driver stacks required to access external disks in this era are quite complex, with a large attack surface, and thus Apple is unwilling to include them in Apple Silicon boot firmware.

On that note, when you set up an Apple Silicon machine to "boot" from an external drive, what actually happens is the kernel and third stage bootloader and some other things get copied from that external drive to a private area on the internal SSD, along with pointers to the appropriate external drive. Apple doesn't truly support booting Apple Silicon from external drives, they just fake it.

I don't think anyone will get hold on my Macs, because I am always at home. So I don't really care about those security things.
Some of the threats Apple is guarding you against apply even if your computer is never stolen - malware that persists itself past OS reinstalls by infecting the firmware. The approach Apple has taken guarantees that Apple Silicon Macs in full security mode can boot only software that Apple signed, and are highly resistant to persistent malware.
 

ChrisA

macrumors G5
Jan 5, 2006
12,828
2,033
Redondo Beach, California
I could have saved much money and just used TimeMachine.
Yes, those other backup companies make money because they offer a system that is intellectually simple because the idea of a "Clone" is so easy to understand. They play on the fact that people tend to fear what they don't understand. So they offer something easy to understand.

That is their ONLY advantage.

Yes the details of how Apple's APFF system works and how it makes incremental backups with so little data movement is not easy to understand. But you don't have to know. Just use it and it works.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.