It’s hard to get away from the fact that Apple are pushing people away from traditional macOS imaging.  A lot of deployment workflows rely on creating an image file and cloning it to a target computers hard drive.  The image file can contain an operating system, applications and settings, in a consistent, deployable file.

 

macOS imaging file

 

So whats changed with macOS imaging?

The iMac Pro, by default, does not allow booting to external devices, preventing traditional macOS imaging.

In addition to directly attached boot disks, Apple have noted on thier website “iMac Pro computers don’t support starting up from network volumes.” (https://support.apple.com/en-gb/HT202770).

In early testing, it seems NetBooting is failing, even with secure boot switched off: https://twitter.com/tperfitt/status/946943556190658560

macOS imaging involves replacing the operating system on the Macs hard drive, which requires you to boot from another boot disk.  So with no option to boot to an external drive or network volume, imaging is off the table.

 

Will this affect other models of Mac?

Apple haven’t released information regarding Secure Boot and other models of Macs.  Based on the direction they appear to be taking, we would expect this new feature to be rolled out to other models throughout 2018.

 

Can we just switch it off?

Apple have provided a utility that can be accessed from Startup Security Utility (https://support.apple.com/en-gb/HT208330) that can be used to allow booting to external disks.

The downside is that you have to boot to the recovery partition, launching it from the Utilities menu.  Much like SIP (https://support.apple.com/en-gb/HT204899), although it can be switched off, the process is such a faff.  It will be easier to adopt new deployment workflows rather than fight against it.

 

What other workflows are available?

We’ve tested quite a few alternatives, but the ones that we found most “Apple friendly” are:

  • Upgrade to the latest macOS: Starting up holding down Option-Command-R will allow you to install the latest available macOS (if you already have 10.12.4 or later installed).
  • Erase and install the same macOS: Startup holding down Command (⌘)-R, use Disk Utility to erase the disk, and then re-install the same macOS version.

Using DEp with both of these options will help (https://www.apple.com/business/dep/).  Using DEP means that the newly installed Mac will automatically enroll into your MDM server.  Ddepending on it’s capabilities, the MDM server can deploy apps and custom settings.