![]() And it tied the operating system to specific hardware models by requiring firmware. To further increase security, Apple introduced its Apple File System (APFS) with macOS High Sierra 10.13, setting the stage for some major under-the-hood changes with how it could handle data on the drive. Over the next several major releases, more and more of the operating system fell under SIP. And this could only be done by a human sitting in front of the computer. Doing so required them to now boot to the Recovery HD to disable SIP first. SIP was the beginning of protecting the Mac operating system from external threats like malware, or even administrators, by removing their ability to modify it directly. The line where the transition began is blurry, but a good place to start is with OS X El Capitan 10.11, which is when Apple introduced System Integrity Protection (SIP). ![]() That’s because it had to go through a series of major changes over time to match the level of security built into iOS from the start. The Mac, though, didn’t have this speedy and convenient option until very recently. The road to Erase All Content and Settings on macOS The operating system was always there and didn’t need reinstalling, and it was as up-to-date as the last update applied. When the consumer was ready to sell their iPhone or maybe hand it over to a family member to use, the Erase All Content and Settings feature simply deleted the encryption key to the data partition and left the operating system partition alone. It remained read-only and unchangeable during normal use. The operating system partition only changed when applying an update. Next, the iPhone storage was partitioned into a read-only operating system partition and a writeable data partition. But Apple never gave the consumer direct access to the iOS operating system itself. Adding a PIN code gave the consumer a means to decrypt the device for use and a way to protect their data when not in use. ![]() Remember, the iPhone was a consumer product first, and Apple needed to make this process consumer friendly.įirst, the data storage on iPhone has always been encrypted. Apple designed this feature from the ground up to be a secure method for resetting an iPhone without having to reinstall iOS. How Erase All Content and Settings worksįor more than a dozen years - at least since the iPhone 3 - iOS has supported Erase All Content and Settings. Our goal should be to move the practice of erasing the entire Mac disk to its own little isolated island in the middle of the Dead Sea. When we may still need to completely erase and install.The security of Erase All Content and Settings.The road to Erase All Content and Settings on macOS.How Erase All Content and Settings works.However, “because that’s the way it’s always been done” isn’t a reason to avoid this new feature that only came to macOS last year with Monterey. They’ve been following this erase/reinstall practice since the computer started taking a permanent place on the desktop in the 1990s. If that makes administrators or security professionals a little queasy, that’s understandable. ![]() The idea for reinstalling a clean operating system was born out of an axiom administrators have followed which is to always erase and reinstall computer drives before repurposing them, preparing to retire them, or when troubleshooting has failed.Īpple is practically eliminating this need to erase and reinstall everything and replacing it with just needing to erase the data - leaving the operating system behind. Jamf Blog has maintained a series of posts for the past few years titled “Reinstall a clean macOS with one button”.
0 Comments
Leave a Reply. |