Help

Allow booting from external media

gianmarcoguidi
New Contributor

Posted on ‎12-11-2018 12:41 AM

Hi everyone, you probably heard about the new Startup Security Utility that let you prevent or allow booting from an external drive on Mac with T2 chip.
I found the KB article from Apple that shows you how to choose the preferred option (https://support.apple.com/en-us/HT208198) but I'm wondering if you guys have found a way to change this options via terminal in order to make a policy, I couldn't find anything yet.

0 Kudos
3 REPLIES 3

Hugonaut
Valued Contributor II

Posted on ‎12-11-2018 05:49 AM

haven't tried this on T2

have you tried the bless command?

bless --setBoot
BLESS(8) BSD System Manager's Manual BLESS(8) NAME bless -- set volume bootability and startup disk options SYNOPSIS bless --help bless --mount directory [--file file] [--setBoot] [--nextonly] [--shortform] [--legacy] [--legacydrivehint device] [--options string] [--quiet | --verbose]

if that doesn't work have you tried doing a man systemsetup and those options might help as well

sudo systemsetup -setstartupdisk /Volumes/DISKHERE
________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month
0 Kudos

sshort
Valued Contributor

Posted on ‎12-11-2018 06:46 AM

@gianmarcoguidi unfortunately, Apple has prevented/disabled anyone from programatically changing this setting. It's a feature of the T2 chip that it can't be disabled without physical user interaction, which is why the only way adjust anything is from the recovery partition.

Is there something that you're trying to preload before going through a DEP PreStage or enrollment from something like Self Service? Due to the T2 restrictions there are tools like Bootstrappr or Installr to get some packages preloaded before first boot.

0 Kudos

gianmarcoguidi
New Contributor

Posted on ‎12-11-2018 08:19 AM

@sshort I'm afraid you're probably right, we're using this option just to inizialize computers of ex-employees in order to make them available for other users, we usually don't tent to use the Internet recovery to save time, just that :(
Thanks for your reply

0 Kudos