Why can't newer Mac hardware boot DBAN?
https://apple.stackexchange.com/questions/343998
-
27-04-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a DBAN CD )used with an external optical drive) which I have used in the past on multiple old Macs. I tried to use it on a 2018 Macbook Pro and DBAN could not be booted. Specifically, I tried holding down the "c" key and I could hear the CD spin a lot but then the normal OS booted. I tried booting while holding down "Option" but DBAN wasn't in the list of bootable options. I tried booting into Recovery and selecting the DBAN CD as the startup disk but I can't choose it (I see the DBAN CD but when I choose it I receive a message that the startup disk can't be used because "the bless tool was unable to set the current boot disk"). Again, if I open Terminal in Recovery Mode and try to bless the CD then it fails.
I wanted to know if this was a problem unique to one Mac so I tested the same CD in an old Macbook Pro (I think 2014 or 2015) and a different 2018 Macbook Pro. The CD is bootable normally in the old one and not in that second new one I tested.
Did Apple make a firmware change in newer systems that could have this effect?
Solution
T2 chip in newer Macs needs to recognize the boot media to allow it to start from that disk. You might be able to tell the system to use the drive as a startup volume if you can log in first with sufficient privileges (Preferences --> Startup Disk). Workaround? Boot to recovery partition, open Disk Utility, and do a secure wipe of the drive, using highest stringency options. Accomplishes the same thing (7 pass U.S. Department of Defense 5220-22-M compliant wipe) without the need to run DBAN. Also leaves the machine in a recoverable state so that the next user can install from the recovery partition, which is far faster than Internet Recovery (and in some cases, DBAN wipes the recovery partition, which makes reinstalling incredibly painful depending on the machine - I spent several days repairing an old Air after our IT folks used a DBAN equivalent to wipe it - even worse, this happened AFTER I had already run a full wipe from disk utility - the DBAN wipe wasn't even needed at that point!)
OTHER TIPS
It should be possible to boot the Mac with the same disk as used previously. However, on the 2018 MacBook Pro you'll need to first disable Secure Boot using the Startup Security Utility. You'll need to set Secure Boot to "No Security".
Please note that the internal SSD will not be available to DBAN to use. You'll only be able to wipe external drives.
This is really not a problem in this specific use case. The other answers to your question here that recommends that you use for example Disk Utility to do a 7 pass wipe - they are actually incorrect. In the modern day of SSDs (which all T2 equipped Macs have), you will actually not be sufficiently protected by simply doing a 7 pass wipe. This is due to the nature of SSDs.
In order to really secure wipe the drive, you'll also need to let the T2 chip "forget" the encryption keys for the drive, and set new keys. You can manage encryption keys from the File Vault part of System Preferences.
You can get a bless tool from here, which happens to be made by the same person who makes macOS cracks. Try blessing the cd with that tool, it should work (I think)
