On T2 Macs we have to allow booting from external media in some cases. Other options are to use internet recovery or MDS.
The new M1 Macs allow external booting by default, just like the old Mac days. To make things consistent across old Mac, T2 Mac and M1 Mac... can we allow external booting on T2 Macs using Jamf?
I'm also curious about this. We have a store of MacBook Pros which are on Catalina, which will set up with DEP. We'd like to upgrade them to Big Sur without having to log in, create an admin account, upgrade, and then wipe. Is there a method of allowing external boot without the whole process?
@d.mccullough Can you boot these Macs into Recovery mode? If so, Apple's Mac Provisioner 3.0 tool will allow you to create a USB stick to install Big Sur from Recovery mode on a Mac with Catalina installed.
Oooh, I like the sound of that. Thanks, @sdagley . I may also have the depot upgrade one and target-disk the rest, kind of a de-facto Jamf Imaging (don't use that word!)
@d.mccullough I'd advise against the TDM idea. At a minimum there will be a bridgeOS update required going from Catalina to Big Sur, and a TDM copy isn't going to do that for you. Successfully copying the Big Sur system partition is another issue.
Well, if we're running the macOS installer from another Mac and simply installing down to the drive as normal otherwise. it's not a copy so much as installing the OS to an external drive. That is still supported, afaik?
Mac Provisioner doesn't ask for the target, it just does the internal drive of the Mac it's running on, so it won't install to a Mac connected via TDM.
OK, thanks!
Is there an answer to the original question? Can we allow external booting on T2 Macs using Jamf?
Is there an answer to the original question? Can we allow external booting on T2 Macs using Jamf?
@Chase No, there is no mechanism for an MDM to change the boot security settings on a T2 equipped Mac to allow booting from a USB drive.
A really big critique of mine with Apple about this...
Dissallow external disk booting (Even to disks/volumes that have been created with createinstallmedia) (aka macOS recovery built by an a Install macOS *.app)...
They should have kept/allowed external booting to signed macOS installers (those created by createinstallmedia) then prevent internal disk erasure without a password.
A really big critique of mine with Apple about this...
Dissallow external disk booting (Even to disks/volumes that have been created with createinstallmedia) (aka macOS recovery built by an a Install macOS *.app)...
They should have kept/allowed external booting to signed macOS installers (those created by createinstallmedia) then prevent internal disk erasure without a password.
@bsuggett You _can_ run a macOS installer (well the startosinstall tool) from a USB drive while booted into Recovery Mode. That you can't boot from a USB drive is really only a problem if you're trying to downgrade the version of macOS installed on the Mac.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.