If you are running an M1 Mac, the only way to use that device after a wipe is by first connecting it to the internet to Activate it.
Conceivably these are the two closest methods to achieving what you are after:
Either wipe a Mac, DFU restore it using the latest IPSW available (this process will talk back to Apple's servers), Activate it (also talks to Apple's servers), then run through the Setup Assistant bypassing the network selection (this will not work if it is a company owned device and assigned to an Apple Business/School Manager account)
Alternatively, purchase a brand new M1 Mac, hope it is on the desired operating system version, and then proceed through the Setup Assistant without connecting it to a network.
For any modern Mac, every method of upgrading or erasing/reinstalling the operating system will require at some point, connecting the device to the internet so that it can verify things with Apple's servers.
Answer from smithjw on Stack ExchangeIf you are running an M1 Mac, the only way to use that device after a wipe is by first connecting it to the internet to Activate it.
Conceivably these are the two closest methods to achieving what you are after:
Either wipe a Mac, DFU restore it using the latest IPSW available (this process will talk back to Apple's servers), Activate it (also talks to Apple's servers), then run through the Setup Assistant bypassing the network selection (this will not work if it is a company owned device and assigned to an Apple Business/School Manager account)
Alternatively, purchase a brand new M1 Mac, hope it is on the desired operating system version, and then proceed through the Setup Assistant without connecting it to a network.
For any modern Mac, every method of upgrading or erasing/reinstalling the operating system will require at some point, connecting the device to the internet so that it can verify things with Apple's servers.
After reading through Eclectic Light posts + comparing setup methods on Intel + Apple silicon, the reason for connecting to Apple servers is due to what Apple calls "personalization", where the signatures of SSV partition files are checked with Apple. (It seems like the personalization servers will decline to verify any but the the latest releases of macOS, but that doesn't change the need to contact the servers.)
So, the only ways to install a SSV [1] are 1) through the macOS installer, and 2) using the asr command line tool (macOS 11.1's asr seems to be broken, so this is only true in 11.2 or 12+). asr is Apple-proprietary, and mostly supports copying images to/from existing SSV's (which seem to be architecture-specific).
- This means I can back up a recent Mac + its System volume to an external drive, and also restore it offline, but
- updating requires you to run the macOS installer somewhere, which will then try to hit the personalization servers.
- And restoring across architectures (Intel => Apple silicon) just doesn't have the right SSV, so you'll need to find a matching SSV/backup, or run the macOS installer again.
Firmware updates are also excluded from this process, so you'll be forced to run the macOS installer in those cases.
There are ways to construct a custom macOS image (manually bless-ing your modified System volume), but they require disabling SIP + SSV (which is what OCLP does), which can be unacceptable depending on your threat model.
(Note that since SSV works with volume snapshots, you can always roll back your SSV to the Apple-signed version, so this feels like less of a concern.)
For future reference, here's how I constructed a completely offline backup + restore for an Intel Mac (2019 MBP (with T2 chip), macOS Sonoma 14.2.1):
# first, reboot into macOS recovery (probably not necessary, but it's where I got things to work)
# manually create a r/w disk image to hold the... image
hdiutil create -fs apfs -size 80g -type sparsebundle -attach test4
# look for the `/Macintosh HD` disk in `diskutil list`: disk5s2
diskutil mount readOnly /dev/disk5s2
diskutil apfs listSnapshots /dev/disk5s2
asr --source /dev/disk5 --target /dev/disk7 -toSnapshot AAAAA-GUID
The -toSnapshot is important, as it selects the SSV snapshot that gets preserved. This leaves you with a disk image that we can turn into a restoreable backup.
And to restore:
# Note that `asr` will re-order data on the source disk,
# so if you converted to a read-only image, you'll need to `hdiutil -shadow` to make it writeable.
hdiutil convert -format UDRO -o test4-singlefile test4.sparsebundle
# `asr imagescan` seems to pre-compute this re-ordering, but I haven't re-run this process to reconfirm
#
# Note that you can also use `FULL_USAGE=1 asr` to get more detailed asr usages,
# https://derflounder.wordpress.com/2013/04/30/asrs-hidden-documentation/
#
asr imagescan --source test4-singlefile.dmg --filechecksum --verbose
hdiutil mount test4-singlefile.dmg -noverify -shadow test4-shadow
asr restore --source /dev/disk8 --target /dev/disk4 --toSnapshot AAAAA-GUID --noverify
Notes:
asrworks on entire APFS Containers, individual volumes cannot be split out (man asrtalks about the necessity of the Preboot and Recovery partitions)- I left off all the image verification steps because they take a long time + I was running these commands many times (
-noverifyand--noverify). - This whole thing is simpler with an external drive, but I'm using files for thoroughness.
Videos
From what I can tell, if the previous owner has the device added to Find My you get an activation lock. I bought this used (although it seems I might be the first owner).
Question 1 - Is this screen supposed to ask for a password? Cause it let's me just connect to the internet and hit next and it says activated without entering any password or anything.
Question 2 - I don't think I saw this screen when I did a clean install of this macbook when I bought it. I am now selling it, and I have removed it from 'find my'. When I boot up to reinstall macos, it brings up the Activate Mac screen, lets me connect to wifi and then proceeds to a fresh setup screen for Monterey. So is there something I'm not doing right?
Thanks!
Hi everyone, I've responded to many comments about not being able to activate an ASi Mac after a reset, so I thought I'd share here. The problem is, after a reset, the Activate Mac screen shows up and tells you to connect to Wi-Fi, but there's no menu. I've had the issue before, and had to figure it out with no internet access. Even better, there's nothing to buy! (Mods, could you sticky this please?)
-
Power off your Mac.
-
Hold Power Button until you see "Loading startup options", Then click options.
-
Wait for it to boot, then select your Language (if applicable)
-
Find the Wi-Fi menu in the top and connect to your network.
-
Activate your Mac.
-
Reboot, and follow the instructions. This time, you should be connected to Wi-Fi.
I hope this helps!
I updated MacOS to newest Sonoma and I clicked „erase all” to clear data. After that MacBook started with „Recovery Assistant” screen and on that after choosing WiFi I see loading and then info “failed to activate device”. No login form or anything. MacBook m1 air 13”
I erased and sold my M1 a week ago.
Stupid as I am, I thought "Erase All Content and Settings" was sufficient for a new user to start using it, i.e. I saw welcome screen after the whole ordeal.
Now, the new user contacted me and said it has an activation lock. After a quick Google search I learned that removing the Mac from iCloud would be sufficient. I did so yesterday by using my iPhone's Find My app.
Today, he says that the activation lock is still there, and says the only solution is access to my Apple ID. I find it extremely discomforting to share my Apple ID. Is it really needed? I don't have access to a Mac so I'm not able to exhaust any options he might have.
I was hoping that maybe starting the "setting up the Mac" process over again, from the start, just to make sure it isn't on a loop expecting to be provided user credentials.
Any insight would be much appreciated. Thanks in advance.
So this is a desperation post. I'm pretty sure it's a lost cause, but trying y'all anyways, since definitely more helpful than Apple was and none of my other haunts had any ideas (even microsoldering/data recovery communities).
My fave client (the only one I handle that has any significant Mac user base) has an M1 MacBook Air (A2337) that will not activate. I'm sure it would be fine if I just DFU restored it, but client wants some data.
Backstory for context - Device is in Apple business manager and was enrolled in Mosyle. They switched MDM platforms to JAMF early this year. During the unenroll process (which was done during the transition and I was not present for so just going on the info I have from the client). Something went sideways and now it will only give this activation failure. End user has data on it she wants. I am guessing the Mosyle unenroll messed with users who have a secure token, ie. there isn't one anymore. I have access to Apple Business Manager, JAMF and pretty much any admin functions of the company, other than Mosyle since they haven't used that in months and months.
Stuff I already tried -
DFU Reviving (succeeds, but activation still fails)
attempting to activate on different networks (both Wi-Fi and cable)
booting to recovery
booting to a USB installer for macOS to upgrade the OS,
affiliating with JAMF in ABM (and then reviving again),
making a desperation call to Apple
granting the user permission to use the startup disk since that is the only option I can get other than wipe the device. It accepts her password, but then loops through the same prompts to grant permission to use that startup disk .