AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
MacOS Catalina 10.15 started the process of dividing the computer’s disk into the read-only operating system and writeable user data partition. No longer did a technician need to sit in front of the computer and boot it to an external drive to prepare it for something else. Because startosinstall was a command line tool, it was easy to remotely invoke on Macs. It included an -eraseinstall option for completely erasing the operating system on a disk (plus its user data ) and then installing a clean macOS. In March 2018, Apple introduced the startosinstall command in its macOS High Sierra 10.13.4 installer. Just like iOS devices were encrypted out-of-the-box, these chips enabled Mac disks to be encrypted out-of-the-box. This chip along with the Apple Silicon chip introduced in late 2020 became important for securing macOS installs. That installation process required an Internet connection to download the machine-specific firmware version.Īpple introduced another new security feature starting in 2017 that was specific to the hardware not the operating system - the T2 security chip. And it tied the operating system to specific hardware models by requiring firmware. To further increase security, Apple introduced its Apple File System (APFS) with macOS High Sierra 10.13, setting the stage for some major under-the-hood changes with how it could handle data on the drive. Over the next several major releases, more and more of the operating system fell under SIP. And this could only be done by a human sitting in front of the computer. Doing so required them to now boot to the Recovery HD to disable SIP first. SIP was the beginning of protecting the Mac operating system from external threats like malware, or even administrators, by removing their ability to modify it directly. The line where the transition began is blurry, but a good place to start is with OS X El Capitan 10.11, which is when Apple introduced System Integrity Protection (SIP). That’s because it had to go through a series of major changes over time to match the level of security built into iOS from the start. The Mac, though, didn’t have this speedy and convenient option until very recently. The road to Erase All Content and Settings on macOS The operating system was always there and didn’t need reinstalling, and it was as up-to-date as the last update applied. When the consumer was ready to sell their iPhone or maybe hand it over to a family member to use, the Erase All Content and Settings feature simply deleted the encryption key to the data partition and left the operating system partition alone. It remained read-only and unchangeable during normal use. The operating system partition only changed when applying an update. Next, the iPhone storage was partitioned into a read-only operating system partition and a writeable data partition. ![]() But Apple never gave the consumer direct access to the iOS operating system itself. Adding a PIN code gave the consumer a means to decrypt the device for use and a way to protect their data when not in use. Remember, the iPhone was a consumer product first, and Apple needed to make this process consumer friendly.įirst, the data storage on iPhone has always been encrypted. Apple designed this feature from the ground up to be a secure method for resetting an iPhone without having to reinstall iOS. How Erase All Content and Settings worksįor more than a dozen years - at least since the iPhone 3 - iOS has supported Erase All Content and Settings. Our goal should be to move the practice of erasing the entire Mac disk to its own little isolated island in the middle of the Dead Sea. ![]() When we may still need to completely erase and install.The security of Erase All Content and Settings. ![]()
0 Comments
Read More
Leave a Reply. |