If you are running an M1 Mac, the only way to use that device after a wipe is by first connecting it to the internet to Activate it.
Conceivably these are the two closest methods to achieving what you are after:
Either wipe a Mac, DFU restore it using the latest IPSW available (this process will talk back to Apple's servers), Activate it (also talks to Apple's servers), then run through the Setup Assistant bypassing the network selection (this will not work if it is a company owned device and assigned to an Apple Business/School Manager account)
Alternatively, purchase a brand new M1 Mac, hope it is on the desired operating system version, and then proceed through the Setup Assistant without connecting it to a network.
For any modern Mac, every method of upgrading or erasing/reinstalling the operating system will require at some point, connecting the device to the internet so that it can verify things with Apple's servers.
Answer from smithjw on Stack ExchangeIf you are running an M1 Mac, the only way to use that device after a wipe is by first connecting it to the internet to Activate it.
Conceivably these are the two closest methods to achieving what you are after:
Either wipe a Mac, DFU restore it using the latest IPSW available (this process will talk back to Apple's servers), Activate it (also talks to Apple's servers), then run through the Setup Assistant bypassing the network selection (this will not work if it is a company owned device and assigned to an Apple Business/School Manager account)
Alternatively, purchase a brand new M1 Mac, hope it is on the desired operating system version, and then proceed through the Setup Assistant without connecting it to a network.
For any modern Mac, every method of upgrading or erasing/reinstalling the operating system will require at some point, connecting the device to the internet so that it can verify things with Apple's servers.
After reading through Eclectic Light posts + comparing setup methods on Intel + Apple silicon, the reason for connecting to Apple servers is due to what Apple calls "personalization", where the signatures of SSV partition files are checked with Apple. (It seems like the personalization servers will decline to verify any but the the latest releases of macOS, but that doesn't change the need to contact the servers.)
So, the only ways to install a SSV [1] are 1) through the macOS installer, and 2) using the asr command line tool (macOS 11.1's asr seems to be broken, so this is only true in 11.2 or 12+). asr is Apple-proprietary, and mostly supports copying images to/from existing SSV's (which seem to be architecture-specific).
- This means I can back up a recent Mac + its System volume to an external drive, and also restore it offline, but
- updating requires you to run the macOS installer somewhere, which will then try to hit the personalization servers.
- And restoring across architectures (Intel => Apple silicon) just doesn't have the right SSV, so you'll need to find a matching SSV/backup, or run the macOS installer again.
Firmware updates are also excluded from this process, so you'll be forced to run the macOS installer in those cases.
There are ways to construct a custom macOS image (manually bless-ing your modified System volume), but they require disabling SIP + SSV (which is what OCLP does), which can be unacceptable depending on your threat model.
(Note that since SSV works with volume snapshots, you can always roll back your SSV to the Apple-signed version, so this feels like less of a concern.)
For future reference, here's how I constructed a completely offline backup + restore for an Intel Mac (2019 MBP (with T2 chip), macOS Sonoma 14.2.1):
# first, reboot into macOS recovery (probably not necessary, but it's where I got things to work)
# manually create a r/w disk image to hold the... image
hdiutil create -fs apfs -size 80g -type sparsebundle -attach test4
# look for the `/Macintosh HD` disk in `diskutil list`: disk5s2
diskutil mount readOnly /dev/disk5s2
diskutil apfs listSnapshots /dev/disk5s2
asr --source /dev/disk5 --target /dev/disk7 -toSnapshot AAAAA-GUID
The -toSnapshot is important, as it selects the SSV snapshot that gets preserved. This leaves you with a disk image that we can turn into a restoreable backup.
And to restore:
# Note that `asr` will re-order data on the source disk,
# so if you converted to a read-only image, you'll need to `hdiutil -shadow` to make it writeable.
hdiutil convert -format UDRO -o test4-singlefile test4.sparsebundle
# `asr imagescan` seems to pre-compute this re-ordering, but I haven't re-run this process to reconfirm
#
# Note that you can also use `FULL_USAGE=1 asr` to get more detailed asr usages,
# https://derflounder.wordpress.com/2013/04/30/asrs-hidden-documentation/
#
asr imagescan --source test4-singlefile.dmg --filechecksum --verbose
hdiutil mount test4-singlefile.dmg -noverify -shadow test4-shadow
asr restore --source /dev/disk8 --target /dev/disk4 --toSnapshot AAAAA-GUID --noverify
Notes:
asrworks on entire APFS Containers, individual volumes cannot be split out (man asrtalks about the necessity of the Preboot and Recovery partitions)- I left off all the image verification steps because they take a long time + I was running these commands many times (
-noverifyand--noverify). - This whole thing is simpler with an external drive, but I'm using files for thoroughness.
Videos
Hi everyone, I've responded to many comments about not being able to activate an ASi Mac after a reset, so I thought I'd share here. The problem is, after a reset, the Activate Mac screen shows up and tells you to connect to Wi-Fi, but there's no menu. I've had the issue before, and had to figure it out with no internet access. Even better, there's nothing to buy! (Mods, could you sticky this please?)
-
Power off your Mac.
-
Hold Power Button until you see "Loading startup options", Then click options.
-
Wait for it to boot, then select your Language (if applicable)
-
Find the Wi-Fi menu in the top and connect to your network.
-
Activate your Mac.
-
Reboot, and follow the instructions. This time, you should be connected to Wi-Fi.
I hope this helps!
From what I can tell, if the previous owner has the device added to Find My you get an activation lock. I bought this used (although it seems I might be the first owner).
Question 1 - Is this screen supposed to ask for a password? Cause it let's me just connect to the internet and hit next and it says activated without entering any password or anything.
Question 2 - I don't think I saw this screen when I did a clean install of this macbook when I bought it. I am now selling it, and I have removed it from 'find my'. When I boot up to reinstall macos, it brings up the Activate Mac screen, lets me connect to wifi and then proceeds to a fresh setup screen for Monterey. So is there something I'm not doing right?
Thanks!
I updated MacOS to newest Sonoma and I clicked „erase all” to clear data. After that MacBook started with „Recovery Assistant” screen and on that after choosing WiFi I see loading and then info “failed to activate device”. No login form or anything. MacBook m1 air 13”
I erased and sold my M1 a week ago.
Stupid as I am, I thought "Erase All Content and Settings" was sufficient for a new user to start using it, i.e. I saw welcome screen after the whole ordeal.
Now, the new user contacted me and said it has an activation lock. After a quick Google search I learned that removing the Mac from iCloud would be sufficient. I did so yesterday by using my iPhone's Find My app.
Today, he says that the activation lock is still there, and says the only solution is access to my Apple ID. I find it extremely discomforting to share my Apple ID. Is it really needed? I don't have access to a Mac so I'm not able to exhaust any options he might have.
I was hoping that maybe starting the "setting up the Mac" process over again, from the start, just to make sure it isn't on a loop expecting to be provided user credentials.
Any insight would be much appreciated. Thanks in advance.