macOS installer script not working for Apple Silicon M1 Macbook + macOS Monterey

Bernard_Huang
Contributor III

Hi all,

  Referring to this macOS installer script.

macOSUpgrade/macOSUpgrade.sh at master ยท kc9wwh/macOSUpgrade ยท GitHub

  This script works fine for Intel Macbook upgrading to macOS Monterey 12.0.1.

  But it does not work with Apple Silicon Macbook ๐Ÿ˜ž

  When attempting, I get the following error:

Spoiler
Error: failed to authorize for installation. Provide a password with --stdinpass or --passprompt.
By using the agreetolicense option, you are agreeing that you have run this tool with the license only option and have read and agreed to the terms.
If you do not agree, press CTRL-C and cancel this process immediately.

Investigating further, I run the following in a M1 Mabook's terminal.

Spoiler

/Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --nointeraction --forcequitapps
Error: A method of password entry is required.
Usage: startosinstall

.....

The error suggests I need to supply admin username and password via 
--user, an admin user to authorize installation.
--passprompt, collect a password for authorization with an interactive prompt.
--stdinpass, collect a password from stdin without interaction.

 

I want JAMF to execute this. I DO NOT want to need to supply admin account and password.

Anyone got any suggestions?

3 ACCEPTED SOLUTIONS

oit-jamf
New Contributor II

Hi there,

I managed to get the upgrade to Monterey running on an M1 macbook via Self Service with the help of a script from https://github.com/therealmacjeezy/Scripts/tree/master/macOS%2010.14%20Update%20Script, it was originally created for upgrading to Mojave but I made some adaptations to get it running for Monterey.

You will need to create the installer package and have it within the self service policy, the install macOS Monterey.app has to be available for the script to work.  Got it here: https://scriptingosx.com/2021/10/download-full-installer-update/

Most important - the logged in user has to have a secure token. This user does not necessarily have to be an admin.

this is the main key that triggers upgrade.

echo $fvPass | ./startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass

View solution in original post

Actually I wasn't patient enough. Works like a charm!

View solution in original post

AtillaTheC
New Contributor III

probably because this is an M1 script, I haven't tested yet on intel but this is the script i'm planning to test for that. 

#!/bin/bash

##Heading to be used for jamfHelper

heading="Please wait as we prepare your computer for macOS Monterey..."

##Title to be used for jamfHelper

description="

This process will take approximately 10-15 minutes.

Once completed your computer will reboot and begin the upgrade which can take an additional 45 minutes."

##Icon to be used for jamfHelper

icon=/Applications/Install\ macOS\ Monterey.app/Contents/Resources/InstallAssistant.icns

##Launch jamfHelper

/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &

jamfHelperPID=$!

##Start macOS Upgrade

/Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --nointeraction --forcequitapps --pidtosignal $jamfHelperPID >> /var/log/startosinstall.log 2>&1 &

exit 0

View solution in original post

48 REPLIES 48

tdcxmanila
New Contributor II

Same issue, I hope someone will provide answer ๐Ÿ™‚ 

garybidwell
Contributor II

If your still using a script calling startosinstall then you have no option but to supply this as its a Apple mandatory requirement for updating AppleSilicon devices
However since macOS 11 their preferred method for updates it now to use the MDM commands or config profiles to manage OS updates

https://support.apple.com/en-gb/guide/mdm/mdm02df57e2a/web

Mark Buffington's post gives a good overview on this and the MDM options

https://community.jamf.com/t5/jamf-pro/updating-to-macos-11-6-with-jamf-pro-10-32-x-and-mdm-commands...


SCCM
Contributor

M1's need the user to enter thier creds in order to do upgrades. No looked at the script your using but its not hardcoding creds in, or the user isnt typing thiers it wont work. Some one gave me a link to this script when i asked somthing similar: GitHub - grahampugh/erase-install: A script that automates downloading macOS installers and erasing ... i have tested this on a m1 with moterary and it works. It will prompt the user to enter in thier password, then will download the installer and run the upgrade

Bernard_Huang
Contributor III

 Thanks @garybidwell ,

Your reply makes perfect sense. But I am still not sure how to go about using MDM to trigger a Monterey upgrade.

I tried the commands from 

https://community.jamf.com/t5/jamf-pro/updating-to-macos-11-6-with-jamf-pro-10-32-x-and-mdm-commands...

I can only see it finding macOS Big Sur 11.6.1, not macOS Monterey 12.0.1

 

Thanks @SCCM ,

Thanks for your link. But is the script really an erase & install of macOS?

All I want is to upgrade a M1 Macbook from Big Sur to Monterey.

JamieG
New Contributor III

Likewise also interested. Has anyone had any success using 'Download and Install updates' from JAMF Pro work to a Monterey upgrade? I have not at this time. I am not even seeing the Monterey upgrade enumerated in the Software Updates section of each computer.

The all the new MDM commands are there to support this in macOS 11/macOS 12, however I don't think all the new abilities are quite yet supported by Jamf.
I suggest joining the beta for 10.34 to see what's coming to make our lives easier around doing the updates/upgrades

Life for admins would be far easier if MDM commands could be called direct from the Jamf Binary, then they can be made into a normal policy rather than using a mass action
I would recommend up voting this feature request:
https://ideas.jamf.com/ideas/JN-I-22444

SCCM
Contributor

@Bernard_Huang its not a erase and install, thats a option if you want it. Create a package following the user guide:https://github.com/grahampugh/erase-install/wiki/1.-Installation#recommended-method---installer-pack...

In a policy have that install, then have a post install script run with the following to install Monterey (current build):

#!/bin/bash
/Library/Management/erase-install/erase-install.sh --build=21A559 --update --reinstall --current-user --check-power --confirm

 

oit-jamf
New Contributor II

Hi there,

I managed to get the upgrade to Monterey running on an M1 macbook via Self Service with the help of a script from https://github.com/therealmacjeezy/Scripts/tree/master/macOS%2010.14%20Update%20Script, it was originally created for upgrading to Mojave but I made some adaptations to get it running for Monterey.

You will need to create the installer package and have it within the self service policy, the install macOS Monterey.app has to be available for the script to work.  Got it here: https://scriptingosx.com/2021/10/download-full-installer-update/

Most important - the logged in user has to have a secure token. This user does not necessarily have to be an admin.

this is the main key that triggers upgrade.

echo $fvPass | ./startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass

View solution in original post

JamieG
New Contributor III

That looks very useful and I'll definitely give it a go. 

Is the '/usr/bin/fdesetup authrestart -delayminutes -1 -verbose -inputplist' still required in this case?

oit-jamf
New Contributor II

good question, I actually just left it in and it does not seem to impact much. You can try leaving it out. Let me know if it still works well then will remove it from my script as well.

JamieG
New Contributor III

Can confirm you can remove the entire section about authenticated reboot. Users are not admin nor disk owners.

 

Full working example here;

#!/bin/bash


# Pulls the current logged in user and their UID
currUser=$(ls -l /dev/console | awk '{print $3}')
currUserUID=$(id -u "$currUser")

fvPass=$(
# Prompts the user to input their FileVault password using Applescript. This password is used for a SecureToken into the startosinstall.
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" /usr/bin/osascript <<APPLESCRIPT
set validatedPass to false
repeat while (validatedPass = false)
-- Prompt the user to enter their filevault password
display dialog "Enter your macOS password to start the macOS upgrade" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" buttons {"Continue"} with text and hidden answer default button "Continue"
set fvPass to (text returned of result)
display dialog "Re-enter your macOS password to verify it was entered correctly" with text and hidden answer buttons {"Continue"} with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" default button "Continue"
if text returned of result is equal to fvPass then
set validatedPass to true
fvPass
else
display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file messageIcon
end if
end repeat
APPLESCRIPT
)

echo $fvPass | /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass

exit 0

oit-jamf
New Contributor II

perfect ๐Ÿ™‚

When I run this on an M1 Mac, it prompts for User password, and then just continues to spin. It never completes the script.

Actually I wasn't patient enough. Works like a charm!

View solution in original post

AtillaTheC
New Contributor III

Added your script to the full page splash. Working great so far! 

#!/bin/bash


# Pulls the current logged in user and their UID
currUser=$(ls -l /dev/console | awk '{print $3}')
currUserUID=$(id -u "$currUser")

fvPass=$(
# Prompts the user to input their FileVault password using Applescript. This password is used for a SecureToken into the startosinstall.
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" /usr/bin/osascript <<APPLESCRIPT
set validatedPass to false
repeat while (validatedPass = false)
-- Prompt the user to enter their filevault password
display dialog "Enter your macOS password to start the macOS upgrade" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" buttons {"Continue"} with text and hidden answer default button "Continue"
set fvPass to (text returned of result)
display dialog "Re-enter your macOS password to verify it was entered correctly" with text and hidden answer buttons {"Continue"} with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" default button "Continue"
if text returned of result is equal to fvPass then
set validatedPass to true
fvPass
else
display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file messageIcon
end if
end repeat
APPLESCRIPT
)
##Heading to be used for jamfHelper

heading="Please wait as we prepare your computer for macOS Monterey..."

##Title to be used for jamfHelper

description="

This process will take approximately 10-15 minutes.

Once completed your computer will reboot and begin the upgrade which can take an additional 45 minutes."

##Icon to be used for jamfHelper

icon=/Applications/Install\ macOS\ Monterey.app/Contents/Resources/InstallAssistant.icns

##Launch jamfHelper

/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &

jamfHelperPID=$!

##Start macOS Upgrade

echo $fvPass | /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass

exit 0

Excellent work! Thank you!

Any reason why this script would be hanging up on an x86 Mac?

AtillaTheC
New Contributor III

probably because this is an M1 script, I haven't tested yet on intel but this is the script i'm planning to test for that. 

#!/bin/bash

##Heading to be used for jamfHelper

heading="Please wait as we prepare your computer for macOS Monterey..."

##Title to be used for jamfHelper

description="

This process will take approximately 10-15 minutes.

Once completed your computer will reboot and begin the upgrade which can take an additional 45 minutes."

##Icon to be used for jamfHelper

icon=/Applications/Install\ macOS\ Monterey.app/Contents/Resources/InstallAssistant.icns

##Launch jamfHelper

/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &

jamfHelperPID=$!

##Start macOS Upgrade

/Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --nointeraction --forcequitapps --pidtosignal $jamfHelperPID >> /var/log/startosinstall.log 2>&1 &

exit 0

View solution in original post

Your first one worked on the first test install I did on an Intel Mac.

 

janderson215
New Contributor II

If I could give more kudos to you two, I would. Thank you!

Bernard_Huang
Contributor III

Thanks @oit-jamf 

Your line
echo $fvPass | ./startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass

really does work!
Now user is prompted for the their password, and it does proceed to start macOS Monterey installation.

Thanks a million.

Now the real in-house testing of Monterey upgrade begins. Good luck to all Mac Admins.

andrew_betts
New Contributor II

Both the M1 and intel version work great for us- and launches into the installer very quickly. 

But of course it doesn't work for Big Sur.   Auto launching the Big Sur installer continues to be a nightmare.

Will92
New Contributor II

This is my working execute command for intel: /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --nointeraction --forcequitapps

My question is for the M1, how would I edit this command that works on intel to work for M1?

Would it be just like this below? or do I replace "$fvPass" with our local admin pw that is filevaulted on our macs?

echo $fvPass | /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --nointeraction --forcequitapps --user $currUser --stdinpass

oit-jamf
New Contributor II

Hallo Will92,

well in your case you would have to put the password. I believe there is a way to like have it garbled and not showing in plain text within the script. There should but be another enabled FileVault user on your devices besides your local admin on the devices, no? If so , please have a look at the script posted above by JamieG.

Infra
New Contributor II

Image from iOS (4).jpg
Both on the M1 and Intel Chips we get the error message. We tried the solutions from AtillaTheC.
Anyone experiencing the same issues? Any help regarding this?

Do you have any software ristrictions still in place i.e install asssistant or the monterey app?

Infra
New Contributor II

Seems to be working now... I guess I was just not patient enough waiting for the command to run. Also I found out that the Install Monterey App can not be running or else it will break the cycle of the command for some reason.

 

SeetendraPanda
New Contributor III

Hello Everyone

What am i doing wrong here this did not work on a M1 and Intel as well

#!/bin/bash


# Pulls the current logged in user and their UID
currUser=$(ls -l /dev/console | awk '{print $3}')
currUserUID=$(id -u "$currUser")

fvPass=$(
# Prompts the user to input their FileVault password using Applescript. This password is used for a SecureToken into the startosinstall.
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" /usr/bin/osascript <<APPLESCRIPT
set validatedPass to false
repeat while (validatedPass = false)
-- Prompt the user to enter their filevault password
display dialog "Enter your macOS password to start the macOS upgrade" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" buttons {"Continue"} with text and hidden answer default button "Continue"
set fvPass to (text returned of result)
display dialog "Re-enter your macOS password to verify it was entered correctly" with text and hidden answer buttons {"Continue"} with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" default button "Continue"
if text returned of result is equal to fvPass then
set validatedPass to true
fvPass
else
display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file messageIcon
end if
end repeat
APPLESCRIPT
)

##Heading to be used for jamfHelper

heading="Please wait as we prepare your Mac for macOS Monterey....."

##Title to be used for jamfHelper

description="

This process will take approximately 60 minutes to complete.

Once completed your computer will reboot and begin the upgrade which can take an additional 45 minutes."

##Icon to be used for jamfHelper

icon=/Library/MicronJamf/Install\ macOS\ Monterey.app/Contents/Resources/InstallAssistant.icns

##Launch jamfHelper

/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &

jamfHelperPID=$(echo $!)

##Start macOS Upgrade

echo $fvPass | /Library/MicronJamf/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass

exit 0

 

You havent actually put whats not working for you, or what  errors your getting? or the script output

vmalapati_mu
New Contributor III

Hi SCCM, Actually M1 macs are looking for admin rights to proceed with upgrade. I got this when I tried: 

echo $fvPass(local admin password) | /Library/Jamf/InstallmacOSMonterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $LocalAdmin --stdinpass

If you do not agree, press CTRL-C and cancel this process immediately.
Error: could not get authorization...

Do you have any other thoughts on this?

 

for FV2 enabled user: Error: You must provide authorisation for this volume by setting it as your startup disk.

it shouldnt be asking for admin if your running the script via jamf on a computer level, but the users will need to put there logged in account password in for the install to complete. Are the users getting the prompt, and are they typing it in?
Plus your line reads echo $fvPass(local admin password) | where in the dump above it shows echo $fvPass | . Try checking that line again
echo $fvPass | /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass

Also worth checking that the users are filevault enabled or it will not work

 

Justin13579
New Contributor

I have an M1 that I believe i've followed all the steps on - it runs the script, goes to a black screen with the Please wait.... and then never reboots. When I look at the Policy Log it shows it running, downloading monterey and then verifying the package and installing, then closing the package, then step 4 and 5 and shows completed. But the device is still sitting at the initial full screen splash page and hasn't gone anywhere from there.  Not sure what I'm missing.

I would pre-download monterey in a separate policy and verify its there then a separate one to call the script. 

My Intel chip Macs did this exact thing. No luck with actually executing the script on Intel macs.

After more testing the M1 script is working on both Intel and M1 macs, try using that one. 

I'll try the M1 script again.

The below is not working for me either at this point... IDK why its different with every OS version. 

Super frustrating. This "script worked flawlessly on the Big Sur upgrade (changing the app name within the script)

 

'Applications/Install macOS Monterey.app/Contents/Resources/startosinstall' --agreetolicense --forcequitapps --nointeraction

Justin13579
New Contributor

Appreciate the advice. I had done that previously in my efforts. I am beginning to suspect the original upload had an issue. So I'm going to push a new version up and see if I fair better. Taking of course your advice to keep the steps separate. Will let you know how it goes. Thank you.

 

I don't even push the installer from JAMF I just run the below to have each machine download it from apple. 

softwareupdate --fetch-full-installer

I ended up using the below instead due to inconsistencies in the version people were pulling. 

softwareupdate --fetch-full-installer --full-installer-version=12.1