technical question on new mac mini

[philipma1957]

If you buy a new mac mini and do not make an external boot drive what happens if the internal ssd bricks.

is the new mac mini dead?

as you can't access the dead ssd and you never made an external boot drive.

 

[Mr_Brightside_@]

You should still be able to boot to internet recovery.

 

[F-Train]

what happens if the internal ssd bricks.

I assume that you're talking about a situation where you believe that your computer is not just being flaky, but that the solid state drive is well and truly dead.

This is the issue that helps keep Carbon Copy Cloner in business.*

In the real world, if this happens sometime in the next three years (AppleCare+), I will immediately start using another computer, or for that matter an iPad if what I'm doing is covered by macOS/iOS integration, and the 2018 mini will go straight to an Apple store for diagnosis and repair or replacement.

I see the point of a boot drive if you may be in a situation where you don't have an alternative (e.g. you're traveling with just a laptop), but it requires you to trust a computer that you've probably lost trust in (what's going to go wrong next?), and delays the inevitable, which is that you have to take the dead computer somewhere to be fixed or replaced.

As far as I'm concerned, in this kind of scenario I want to change over to another computer or, if it will meet my needs, an iPad. The whole point of AppleCare+ is that it lets me transfer the problem to Apple, which during the three years of coverage costs the grand sum of 9 cents a day. The sooner that I deliver the problem to Apple, the better.

* Before someone jumps on this, I own CCC 5, although it's doubtful that I'll upgrade to CCC 6 whenever it is released.

 

[CoastalOR]

If you buy a new mac mini and do not make an external boot drive what happens if the internal ssd bricks.
is the new mac mini dead?
as you can't access the dead ssd and you never made an external boot drive.

All data would be lost unless you have a backup. The new Mac mini has the T2 chip which will mean you can not boot from an external boot drive unless the Security setting has been changed to allow it. Internet recovery is supported without security modifications, but it will not help the loss of all data on the internal drive.

If you have an external boot drive and the T2 security settings have been changed to allow booting from an external then you can boot from the external.

https://support.apple.com/en-us/HT208862
https://support.apple.com/en-gb/HT208330
https://eclecticlight.co/2018/11/21/welcome-to-your-new-mac-living-with-the-t2-chip/

 

[saulinpa]

I think you should be able to change settings with a bad SSD. You can run the "Startup Security Utility" from Internet Recovery. Guessing that it stores a password somewhere.
https://support.apple.com/en-us/HT208198

 

[philipma1957]

I think you should be able to change settings with a bad SSD. You can run the "Startup Security Utility" from Internet Recovery. Guessing that it stores a password somewhere.
https://support.apple.com/en-us/HT208198

See my thoughts are this a piece of gear that works in every way other then the ssd becomes worthless if I can't do this. I know enough to make external booters for all my mac minis. I am thinking there is a real issue if you have a tricked out mini and did not make the booter just in case.

your link says:
About Startup Security Utility
Use Startup Security Utility to make sure that your Mac always starts up from your designated startup disk, and always from a legitimate, trusted operating system.


Available only on Mac computers that have the Apple T2 Security Chip, Startup Security Utility offers three features to help secure your Mac against unauthorized access: Firmware password protection, Secure Boot, and External Boot.

About Startup Security Utility

Use Startup Security Utility to make sure that your Mac always starts up from your designated startup disk, and always from a legitimate, trusted operating system.
Available only on Mac computers that have the Apple T2 Security Chip, Startup Security Utility offers three features to help secure your Mac against unauthorized access: Firmware password protection, Secure Boot, and External Boot.

so what is the default setting on a new mac mini?

 

[ixxx69]

If you buy a new mac mini and do not make an external boot drive what happens if the internal ssd bricks.

is the new mac mini dead?

as you can't access the dead ssd and you never made an external boot drive.

Interesting question, which I don't have an answer to, and unfortunately I don't think we'll really know until we start to see enough mini's with bricked internal SSD's (might be a while ).

Assuming everything is functional (i.e. not bricked), what we do know is that any T2 Mac can be booted from an external drive at any time assuming you have the admin user account password (and firmware password if it's been set). You can also reinstall macOS to an external boot drive using macOS (Internet) Recovery without a admin password.

What we don't know is under what conditions a bricked SSD prevents the system from being booted at all. We know the T2 serves as the Mac's security system and SSD controller.

I would assume that if the T2 chip bricks, then the computer is bricked... that's an essential chip to the computer functioning.

I would guess that if any of the flash memory chips (SSD storage chips) go bad, but the T2 chip is still in working order, that the Mac could still be booted from an external drive.

But again, I haven't read anything from anyone who actually knows for sure in which scenarios a bricked T2 "SSD" would brick the whole system.

 

[Fishrrman]

saulinpa wrote:
"I think you should be able to change settings with a bad SSD. You can run the "Startup Security Utility" from Internet Recovery. Guessing that it stores a password somewhere."

No, I believe this is incorrect.

There must FIRST be a user account (even the most basic) with a password established, before one can access the startup security utility.

Otherwise, the security settings CANNOT be modified.

That's why the very first thing to do with a t2 Mac is to:
1. Get set up with a password
2. Boot to the recovery partition
3. Open Startup Security and DISABLE EVERYTHING that can be disabled.

... so you'll never be bothered by this crapola again.

 

[harriska2]

saulinpa wrote:
"I think you should be able to change settings with a bad SSD. You can run the "Startup Security Utility" from Internet Recovery. Guessing that it stores a password somewhere."

No, I believe this is incorrect.

There must FIRST be a user account (even the most basic) with a password established, before one can access the startup security utility.

Otherwise, the security settings CANNOT be modified.

That's why the very first thing to do with a t2 Mac is to:
1. Get set up with a password
2. Boot to the recovery partition
3. Open Startup Security and DISABLE EVERYTHING that can be disabled.

... so you'll never be bothered by this crapola again.

Boot to recover by pressing option key while booting?
Is the Startup Security an option when booted to recovery?

 

[F-Train]

That's why the very first thing to do with a t2 Mac is to:
1. Get set up with a password
2. Boot to the recovery partition
3. Open Startup Security and DISABLE EVERYTHING that can be disabled.

... so you'll never be bothered by this crapola again.

Before doing this, I think that people should find out how easy it is to break into a Mac computer with this "crapola" disabled.

They're in for a hell of a surprise, and informed decisions are kind of a good idea.

A couple of weeks ago, I was given a 2014 mini, which is of course pre-T2, that had been sitting in a storage room since 2015. The person who gave it to me didn't remember the password. It took me less than five minutes, from beginning to end, to reset it.

 

[ixxx69]

Boot to recover by pressing option key while booting?
Is the Startup Security an option when booted to recovery?

Using Command-R, you boot into "recovery" mode. From there you can re-install macOS or change the security settings.

In order to change the security settings (that allow booting from external drives), a functional admin user account & password on the internal SSD is required.

You can re-install macOS (or Time Machine backup) to either the functional internal SSD or an external drive without an admin macOS user account password. The security settings do not prevent macOS from being re-installed. So if you lose your admin password or the admin account becomes inaccessible, you can reinstall macOS and create a new admin account & password and then access the security settings.

Setting a firmware password will prevent access to recovery mode. In modern macs, the password is stored in firmware and if lost, can only be reset by taking it to an Apple store (however, that still does not allow Apple access to your drive if filevault is turned on). Once in recovery mode, you still need an admin password to access the security settings. The firmware password does not bypass the required admin password.

What we know will work and won’t work is as follows: if your SSD is functional but there’s no functioning admin user account, then you will only be allowed to boot an external drive if the security settings were previously enabled to allow it. If the security settings were previously disabled, then the system will prevent booting from the external, and there’s no way to change the security settings until there’s a functioning admin account on the internal SSD.

What's not clear is what happens if the SSD is non-functional but the computer otherwise works. If the SSD is bricked to the point where the admin user account is no longer functional, and re-installing macOS to the internal SSD won't work either, then that appears to be a scenario where booting from an external drive would only be possible if the security settings had been set to allow external booting prior to the admin account on the internal SSD becoming non-functional. However, that’s also dependent on the T2 chip itself being functional, and also that the T2 would still allow an external boot drive if the internal SSD is bricked. AFAIK, we do not know what system checks the T2 chip performs prior to allowing external boot drives.

The reality is the SSD’s are extremely reliable (for all the complaining about Apple hardware on the forums, SSD’s failing is almost non-existent). Personally, I use filevault on all my drives, so there’s not really any practical security risk in allowing external boot drives.

 

[F-Train]

I use filevault on all my drives, so there’s not really any practical security risk in allowing external boot drives.

For the vast majority of people, the security risk is theft by a person or persons who want the computer, either for personal use or for resale for a quick buck. The decision whether to steal the computer doesn't turn on data that may or may not be accessible.

In my view, there's value in getting the word out that stealing an Apple computer has no reward because it can't be accessed. Unfortunately, I don't think that most Mac owners know how easy it is to reset the password of an Apple computer that doesn't have T2 protection. This is completely ignored by the anti-T2 crowd, and the only question is whether they ignore this out of ignorance or wilfulness.

 

[philipma1957]

For the vast majority of people, the security risk is theft by a person or persons who want the computer, either for personal use or for resale for a quick buck. The decision whether to steal the computer doesn't turn on data that may or may not be accessible.

In my view, there's value in getting the word out that stealing an Apple computer has no reward because it can't be accessed. Unfortunately, I don't think that most Mac owners know how easy it is to reset the password of an Apple computer that doesn't have T2 protection. This is completely ignored by the anti-T2 crowd, and the only question is whether they ignore this out of ignorance or wilfulness.

The reason I like older minis is exactly this they are easy to access with an external booter.

So defending apples t2 chip for those who have no need for it is fine go ahead defend it.
and if the t2 chip is there the thief has motive to ask me to give password. Meaning he may wait for me to come home.



here is the bottom line for me if you break into my house to rob my gear oh well I am screwed. But the thief would most likely leave and not wait for me to come home to get the password.


I don't have a lot of mobile computing because it is a huge security risk to walk down the street with a locked iPhone simply causes the thief to consider torture for the passwords. ie if I walk down the street with a 79 dollar moto phone a snatch and grab is not likely and if I choose no info of importance on the phone I can give the password freely.

So t2 chip does have real value for business and in an office but it certainly is far less important in a private home.

We will need to wait and see how many of these minis brick and have zero repair possibility to find out if my concern is real.

It the meantime cloning the internal drive to an external boot drive and setting all settings to let that boot seems to be the best solution as it will work if the ssd dies.

 

[F-Train]

The reason I like older minis is exactly this they are easy to access with an external booter.

We will need to wait and see how many of these minis brick and have zero repair possibility to find out if my concern is real.

Believe it or not, some people might think that that ease of access is a security problem that needed to be addressed.

Not even the most ardent members of the anti-T2 crowd has suggested that you can't have your computer fixed if you have lost the code. All you have to do is show proof of ownership, which doesn't sound exactly onerous.

Also, if you want to opt out, go ahead. There's nothing stopping you. Apple even tells you how to do it.
[doublepost=1552276178][/doublepost]Let me explain something that may have eluded you.

The pre-T2 computer that I talked about in post #12 was set up for Boot Camp Windows. As I said, I was able to reset the password for the macOS side in under five minutes. I could not get into the Windows side at all, and while it may have been possible a few years ago, I suspect that it isn't now.

I was interested in keeping the Windows partition because it was legitimately licensed as Windows 10 Pro, as in paid for, and I did not have the Microsoft key. However, in the end I used Boot Camp Assistant on the maxOS side to delete the Windows partition. It was the only way that I could get access to the entire drive.

Think about that.

 

[redheeler]

Not even the most ardent members of the anti-T2 crowd has suggested that you can't have your computer fixed if you have lost the code. All you have to do is show proof of ownership, which doesn't sound exactly onerous.

It depends what Apple would accept as proof of ownership. Plenty of Macs are simply resold to new owners, meaning the original owner and receipt are both long gone.

 

[F-Train]

It depends what Apple would accept as proof of ownership. Plenty of Macs are simply resold to new owners, meaning the original owner and receipt are both long gone.

Well Gee-wiz, maybe if you purchase something second hand you should make sure that you can prove that you own it. You know, in case the employees at your local Apple store (e.g. in New York, where I live) question, quite rightly, whether you are dealing with stolen goods. Of course, the visit to the Apple store shouldn't be necessary in the first place. It's a last resort, after you have already screwed up on something that a 10 year old should be able to understand.

 

[philipma1957]

So to be safe clone the internal make a booter set all settings to allow it to boot. Then a dead internal ssd will not prevent the machines use. Do this first week of ownership and your done. So owning a new mini means more work to prevent it from bricking. Yet one more issue caused by solder ssd. The t2 chip has a purpose but more for business then home desktop use.

I wish I could curse out Apple and Tim Cook For this lock down of the gear. Yeah I know a cheap external booter will be about 50usd more but I will have to have it. Even if I never use it. Just incase the ssd bricks.

So I now have 2 failure points in the new Mini.

1) the ssd which I can work around if I do so in the beginning

2) the T2 chip which can not be worked around.

I am willing to concede the T2 chip has a purpose but not the soldered ssd.

 

[redheeler]

Well Gee-wiz, maybe if you purchase something second hand you should make sure that you can prove that you own it. You know, in case the employees at your local Apple store (e.g. in New York, where I live) question, quite rightly, whether you are dealing with stolen goods. Of course, the visit to the Apple store shouldn't be necessary in the first place. It's a last resort, after you have already screwed up on something that a 10 year old should be able to understand.

As I said, it depends what Apple would accept as proof of ownership. A sale receipt or order page may simply be rejected, as Apple decides there is no way to prove the receipt or seller is legitimate.

Can't think of any other form of proof most people would have, and hence the potential number of non-stolen bricked and unusable Macs out there goes way up thanks to the T2. Especially if the security features are on by default (you'd be surprised how often a novice user manages to forget a password or screw up "something that a 10 year old should be able to understand").

 

[philipma1957]

I have purchased hundreds of mac minis on ebay also sold hundreds of the
2006
2007
2008
2009
2010
2011
2012
2014

As I used to buy them mod them and sell them. So if an ebay proof of purchase is rejected by apple you have a brick according to F-Train as I said I concede that the T2 chip has value but the soldered ssd is simply wrong. Actually worse then the soldered ram was. So for now I am buying 2014's with 8gb ram and using 2tb ssd bootters with a black magic 4 slot ssd case

 

[Fishrrman]

Macs ran great for more than 30 years without the t2 chip.

Perhaps it's just me, but the FIRST THING I will do with any t2-equipped Mac is DISABLE this useless (for me) "security" ...

 

[philipma1957]

Macs ran great for more than 30 years without the t2 chip.

Perhaps it's just me, but the FIRST THING I will do with any t2-equipped Mac is DISABLE this useless (for me) "security" ...

I may really have to abandon Mac due to T2 and soldered ssds.

I have lots of 2012 and 2014 minis. And iPad and a old MacBook Pro.

But most of this gear will not do 10.15 os so once 10.14 stops being supported all my macs will be obsolete. My dell has same footprint as the new mini it has the i7 8700t cpu same gpu more then enough cpu and gpu.
I have 32gb ram and a nvme2 ssd 256gb along with a 1tb Samsung sata ssd! Once I had this the new mini lost much of its appeal to me.
I can put in a 2tb nvme ssd and a 4tb Samsung in fact I even have the high end usb c which is like the newest thunderbolt.

Of course I miss the Apple os but the Apple lockdown by Tim

Has turned me away.

 

[F-Train]

in fact I even have the high end usb c which is like the newest thunderbolt.

Maybe in your dreams

 

[philipma1957]

well put another way no one will ever buy a 2018 mac mini without a hdd/ssd/nvme m.2

Not sure I like that choice being stripped away.
Buying 2014's and dropping in ssd's of my choice was really nice
Buying 2012's and putting in ram and ssd of my choice was nice

the usb c does provide for my needs since My needs are not that of the thunderbolt 3 but you are correct it is not as good as thunderbolt 3.