jazzace.ca

Anthony’s Mac Labs Blog

Imaging is More Dead

Posted 2018 May 31

While doing some research earlier this week, I happened to load up Apple Support (KBase) Article HT208020, the infamous “Imaging is Dead” article. I discovered that it received a significant update on 2018 May 10—significant enough that I thought it warranted a detailed comparison on this blog.

For reference, there have been three versions of this support article:

The Topic

The article is no longer about upgrading the OS on your Mac if you read the article title, it’s about installing macOS. This isn’t as big a change as it seems—I’ll dig in to why a little later. The new article is still directed at “system administrators” (Mac Admins), but Apple has iterated their terminology in a minor way, referring to your “organization” rather than your business or education “institution.”

No Subheads

The new article has no sub-sections in it. The original had three sub-sections and a sub-sub-section on NetRestore images. The phantom February edition had four sub-sections, since it separated upgrading and installing into separate sections. For ease of discussion, I’m going to use those sub-sections in the discussion that follows.

Before You Upgrade/Install

The fact that you need to be connected to the Internet has been upgraded to a callout box. (In the original version, the only item that rated a callout box was the often-cited, “Apple doesn't recommend or support monolithic system imaging when upgrading or updating macOS.”) The message is more carrot than stick in this version, using words like “make sure that” and “which allows” rather than “You must”, “Only”, and “can’t be done.” The current version also covers the case where you were lucky enough (sarcasm) to download the “stub” macOS Installer, since that is another reason you might need an Internet connection during installation (to download the full installation payload). To sum up: there’s a change in emphasis and an iterative improvement to the text—nothing ground-breaking here.

Upgrade/Install macOS

The original version offered four supported methods to “install” macOS, even though the header said, “upgrade.” The phantom February version had four methods to explicitly upgrade (but not the same four) and three methods to (erase and) install. The current version offers five methods to install, of which three are explicitly OK “whether or not macOS is currently installed on the target volume.” Here they are, plus one additional case, in table format:

Method 2017 December
Upgrade
2018 February
Upgrade
2018 February
Erase & Install
2018 May
Install
macOS Installer (Mac App Store) Yes Yes - Yes
Create & use a bootable installer Yes Yes Yes
(Disk Utility to Erase)
Yes
Install macOS from Recovery Yes Yes Yes
(Disk Utility to Erase)
Yes
Create & use a NetInstall image with System Image Utility Yes - - -
startosinstall - Yes --eraseinstall coming in Spring 2018 Yes (10.13.4 installer supports --eraseinstall)
Device Enrollment Program (DEP) - - - Yes[2]
Mac connected via Target Disk Mode Unsupported Unsupported image same OS via asr (except iMac Pro until 10.13.4) All asr imaging unsupported

Note that a dash in the table indicates a method wasn’t mentioned in that version; it’s still possible that it might work. Also, the phantom February version only described erase-and-install methods in the Install macOS section. I originally read the May version this way as well—that Apple had removed the “upgrade” content for clarity and was defining install as implying erasure as a first step. That’s almost certainly wrong. I think Apple has simply cleaned up their terminology and are referring to any workflow that runs a full macOS Installer as an install, whether an earlier version of the OS is present on the target volume or not.

So what should we take from this section? My biggest takeaway is that NetInstall methods are far more dead than many anticipated.[3] I was ambivalent about what NetInstall’s absence meant in my blog post about the phantom February article update, but I am ambivalent no longer; it’s clearly in the past.

Also, the change from “upgrade” to “install” appears to be just a terminology update. The startosinstall methods are now documented and DEP is now referenced.

About monolithic system imaging

I mentioned that the “Imaging is dead” callout box is gone, replaced by a simple sentence in the body of the article. I do think that particular callout box was vital to getting the message out to Mac Admins who refused to believe John Kitzmiller and others, who had proclaimed block copying of disk images were the way of the past as far back as 2013. But now, Apple appears to think the message has been received, so they have mostly transitioned to discussing what you can or should do, not what you can’t or shouldn’t do. This is in line with the style of the current version’s only callout box, as I described earlier.

This simplified statement about “monolithic system imaging” is also in line with that newer definition of “installing” that I mentioned earlier. Upon close inspection, it appears to encompass upgrading, updating, and even re-installing the same exact operating system. Apple’s use of the phrase “might not include model-specific information” (emphasis mine) means that traditional block-copying of a disk image might work under the right circumstances, but “Apple doesn't recommend or support” that method.

Apple also trimmed some fat from the article regarding creating a deployment image by cloning an existing APFS container. Since that original article (and the February one) never referenced HFS+ volumes, it appears Apple added it for the benefit of Mac Admins who were still using “Golden Machine” workflows but wanted/needed to purchase new Macs (I hear Apple makes good margins on their hardware—can’t impede sales, I guess). In retrospect, the Admins who held tight to their previous methods didn’t try out those previous instructions in any great numbers, generally choosing techniques like reverting to an earlier OS and/or reformatting SSD drives to use HFS+. Regardless, I think it’s safe to interpret the latest changes to mean that image-based deployments are unsupported, whether you are capturing images or creating them modularly with AutoDMG. If Admins choose to ignore that advice, Apple doesn’t want to hear about it. That new wording is actually broader in scope than the original article (hence my title for this post).

The only equivocation I wish to make relates to a curious footnote in the phantom February version, which begins, “iMac Pro supports upgrading macOS with monolithic system imaging,” and then clarifies that this is a feature planned for 10.13.4. If someone with an iMac Pro wants to test this for me by wiping their system, that would be dandy (ha ha), but the inference there was that the (T2) chip that manages Secure Boot would cause the Mac call home to Apple to get any necessary firmware updates and “heal” your block-copied system on first boot. My guess (and it is only a guess) is that we might see some interesting security features coming as more Macs support Secure Boot. Apple has been sending a clear message that you need to be connected to the Internet when installing the operating system; perhaps this messaging was designed to prepare us for new features that the T2 chip (and its successors) might bring, so that Macs are as secure and up-to-date as possible when first deployed or re-deployed.

Summary

So it looks like System Image Utility’s days are numbered (and, by extension, NetInstall-based workflows). Image-based deployments are now no longer supported. Installations need to happen while you’re connected to the Internet. And, even though Apple’s Style Guide defines “upgrade” and “update” for us, the support article I have been discussing is now all about “installing.” It looks like Armin Briegel picked the right title for his upcoming eBook, “macOS Installation.”


[1] I did capture a copy of this article, but I will not reproduce it in its entirety on my web site because Apple owns the copyright. [Return to main text]

[2] There is a fair bit of confusion about what Apple means by this and whether what they are suggesting even works right now. For the purpose of this discussion, I will just take this as an indicator that Apple felt that such an article should reference DEP, since that’s where they want all administrators to be, sooner than later. But if you want to dig a little deeper on this issue, I recommend you check out a discussion amongst Armin Briegel, Neil Martin, Owen Pragel, and others in the Mac Admins Slack (membership required) from May 29. [Return to main text]

[3] My sincere sympathies to Armin Briegel, whose had written a section for his upcoming eBook on the NetInstall method of macOS Installation. I suspect it will still make it in to the book, but its usefulness will diminish as we start seeing more Macs that can’t boot from an .nbi (network disk image). This technique will be more of a 10.12.x one, not one for more current OSes. [Return to main text]