How To Access Apple M1 Macs’ Hidden Boot Modes That Can Bail You Out Of Jam
While users may never want to have to rely on them, it's comforting to know that PCs running modern operating systems have fail-safes and recovery modes that can help get the system back up and running when disaster strikes. Back in the day, PCs came with a collection of floppy disks or a recovery CD that would reinstall the OS from scratch. These days it's a partition on the computer's primary storage that helps get back up and running. Every manufacturer does it a little differently, and with the advent of Apple Silicon M1 Macs, the procedure has gotten even easier.
Every Mac that relies on a built-in SSD and has Apple's T2 security chip ships with a secure vault that prevents booting from external storage and even locks down the operating system's partition to only run software signed by Apple. That includes all of the new Apple Silicon Macs, like our 2020 Mac mini, since they all ship with built-in SSDs. That means if you make a bootable USB drive from the macOS Big Sur installer, many Intel and all Apple Silicon Macs alike will refuse to boot from it in case of an emergency.
However, all isn't lost if a Mac's operating system goes belly-up. It can instead boot from one of several recovery options. On older PowerPC and Intel-based Macs, this required knowing one of a handful of keyboard commands when starting the Mac. Those shortcuts included holding Command + R while powering on to boot to recovery mode, or holding Option at the start to get to a boot menu. Worse, because Windows-style keyboards reverse the location of Alt from where a Mac keyboard has it, you might still not boot since the machine thinks you're holding the wrong key. To make this simpler, on M1-based Macs, owners just have to hold the power button to get a boot menu.
The boot menu is pretty straightforward. Either select the partition with macOS Big Sur installed, or pick Options, which will load the recovery partition. To boot macOS in safe mode, there's one keyboard shortcut to remember: hold Shift while selecting the macOS partition. Otherwise, Apple's Recovery tool can then reinstall the latest version of macOS directly from Apple's servers. We can also fire up the Disk Utility to diagnose and repair the drive, or even browse Apple support through the built-in Safari browsers. The Recovery tool is something of a miniaturized macOS of its own.
If the Recovery partition is so easy to access, doesn't that make a Mac a theft target? As it turns out, no. Mac owners can rest assured that if someone picks up their laptop in a Starbucks that the thief can't just wipe the system and reinstall macOS. The recovery partition on all Intel and M1-based Macs is locked, and you have to enter the password of an administrator to use it. As long as the system is still in the default state of not allowing external boot devices, the thief just picked themselves up a brick. This policy can be changed, which may be necessary if your Mac has peripherals that have third-party drivers that Apple hasn't digitally signed. The Big Sur system partition is locked down pretty tight even then, as M1 Macs will only install an OS that bears Apple's digital signature even in the more permissive state.
Since there's no way to boot an M1 Mac from an external drive, what happens if the Recovery partition becomes corrupted? In the February, 2021 update of Apple's Platform Security document, the company disclosed that Macs now have a Fallback Recovery OS. This is a duplicate version of the Recovery partition stored in another area of the built-in storage accessible by double-pressing the power button and then holding it when starting the machine. However, if the Recovery partition is damaged, it could be that there's an issue with the NAND itself, which would require service, much like any laptop with soldered storage like the Dell XPS 13 2-in-1.
Security options transcend the OS and apply to all partitions on a Mac with a T2 security chip
The last trick that Apple Silicon Macs have up their sleeve is Target Disk Mode. Back in the PowerPC and Intel days, TDM made Mac hard drives accessible over Firewire, which made for easy cloning or copying data to recover from disaster, as long as the disk was still readable. On Macs with Thunderbolt ports, including those with M1 CPUs, they're accessible with a Thunderbolt or USB 3 Type-C cable. The encrypted drive still requires a password to access, so it's still fairly secure, but data can be retrieved even if the system doesn't boot.
Apple takes a lot of criticism for its appliance-like approach to building computers. In reality, the entire PC industry has moved to highly integrated motherboards with soldered CPUs, RAM, and storage. Because of that, along with the apparent death of optical drives, computer manufacturers have had to find ways to recover the system in a self-sufficient way. While falling back on disaster recovery utilities is no substitute for a good backup strategy, it's reassuring that users can still try to get back important documents and data that might otherwise be lost.