Don’t Interrupt Security Update 2019-001 (Mojave)’s Installation
Over on the MacAdmins Slack, in the #mojave channel, there was a lengthy discussion of problems that some admins saw after users installed Security Update 2019-001 (Mojave). The topic is also discussed in a thread on the Jamf Nation site—thanks to reader Bruce Carter for the initial pointer.
The details vary, but all revolve around problems at boot, with complete lockups, accounts not available, current passwords not working, the login window reappearing after the user enters the password, or a crash screen after login. So far, it seems that only Macs with the T1 or T2 security chip are affected—that includes the MacBook Pro with Touch Bar (2016 and later), iMac Pro, MacBook Air (2018), and Mac mini (2018).
As far as I can tell, no one has actually seen the problem happen in person; users are always reporting it after the fact. (And in the admin world, user reports are taken with a very large grain of salt.) But in at least some cases, the users are admitting that they interrupted the update because it seemed to be taking too long. That’s key, because as user James Dean suggested on the MacAdmins Slack, for at least some users, this update appears to install itself in an unusual way, seemingly turning the Mac off and back on, and at one point keeping it off for what he says feels like a minute. (On Tonya’s T1-equipped MacBook Pro (2016), the installation took about 10 minutes, and I didn’t notice any particularly unusual behavior, though I wasn’t watching all that closely.)
While the Mac appears to be off, I suspect that the security update is upgrading BridgeOS, which is a modified version of watchOS embedded on the T1 or T2 chip that runs things like the Touch Bar and the FaceTime HD camera. Mr. Macintosh reports that Security Update 2019-001 for Mojave also updates BridgeOS to version 17.16.11081.0.0. Given that BridgeOS runs on the T1 or T2 chip that’s responsible for boot security (see “What Does the T2 Chip Mean for Mac Usage?,” 5 April 2019), it’s not a stretch to theorize that interrupting a BridgeOS update would cause havoc with subsequent boot attempts.
Solutions to the problem range from using previous passwords to reinstalling macOS via Internet recovery, sometimes after reinitializing the boot drive and then restoring data and settings from a backup. So far, it seems that admins and consultants have been able to bring every affected Mac back to life, though sometimes with data loss, depending on the state of backups.
In the end, my advice is simply to go ahead with installing Security Update 2019-001 (Mojave), with two important caveats. First, make sure you have good backups before starting, in case the worst happens. That’s always a good plan anyway. Second, do not interrupt the installation process! It may take longer than you expect, but let it run as long as it needs. As a corollary to this second piece of advice, only start the installation on a MacBook Pro or MacBook Air when it’s plugged in; the last thing you want is for it to lose power in the middle of the installation.
I think it would be helpful when the installation process was accompanied with info for the user on what’s going on. Apple could for once tone down the minimalism a bit and prevent this kind of thing by letting the user know that the next bit in the update may take a long time and that it is to be expected. Why not?
More progress feedback is always good, except for the fact that it’s notoriously incorrect and variable between devices. Even with the install that I tested for this article, it first estimated 34 minutes, but quickly changed that and ended up finishing in 10. And if it really does have to do some of this stuff while the screen can’t be on, due to the low-level nature of what’s happening, it would be hard to provide progress feedback.
Nevertheless, I agree entirely that Apple should warn first that interrupting the installation could leave the Mac in a problematic state whenever low-level bits are being twiddled.
Feedback about device status has become worse with time, I think. The power light on the new Mac mini 2018 doesn’t even ‘breathe’ anymore when the Mac is sleeping, it just keeps shining like the thing is on. But I digress.
The Apple TV power light blinks when an update is taking place, the same could be done on a Mac. That, combined with a clear description and warning before the update is started, should prevent a lot of issues like these.
I agree with this wholeheartedly.
And the fact that Apple, the computer company with $250B+ in the bank, in 2019 still can’t get a decent estimate for remaining time to install is frankly pathetic. We used to make fun of Windows’ silly estimates. Well, nowadays the Mac has reached about the same level. User feedback is one of the most important aspects of HMI. Embrace it. Tell the user what you’re doing, how long it’s going to take, etc. If you have lights and sounds, use those. If you are going to lose display output or lights because of low-level operations, tell the user that is about to happen, tell them how long that will take, and then tell them once you’re done (or if you’ve failed). This is not the place to be terse. This is IMHO an aspect where Ive minimalism has no place whatsoever. Ideally, everything will run smooth and fast and in that case nobody will be forced to see/hear much about it at all. There’s your minimalism. But not by removing feedback.
The problem being reported is a black screen for an unexpectedly lengthy time. It would appear that this is due to the inability to display anything on the screen of modern Macs during the installation of firmware of some sort. Now that some Macs come with T2 Security chips, I would have to guess the updates for those are the cause, but my relatively new iMac without a T2 has occasionally been known to display that lengthy black screen, so that can’t be the entire story.
Since I’m used to that now, I always let it sit for an hour or more if an update goes on for a long time.
This happened to me. The update was beach balling and seemed completely stuck. Foolishly I interrupted it, and it seemed to finish. But the APFS volume was toast. It was not possible to log in, despite the users being present. Recovery didn’t work, as you couldn’t decrypt the volumes, and so they didn’t appear as a target for recovery. Basically it required complete reinstall.
Ouch, sorry to hear it. The problem is that we just had an example where you had to force-quit an install, with the initial release of Catalina, so we as a community are not accustomed to interruptions having such significant repercussions.
Thanks at least for warning us Adam. If Apple isn’t going to take proper care of its users, at least we can count TidBITS to do so.
Right on Brother!
Beyond that we’ve totally lost the startup chime that lets you know that the machine is at least waking up. I understand that chime (Boiiing!) would disturb situations in meetings and classrooms where people were firing up notebooks and such. The least Apple could have done was put an option to switch it on or off instead of just ditching it altogether. That was part and parcel of the Mac core experience. It’s not like eliminating a piece of hardware (the ⅛" audio plug on the portables) as the software to make that happen should be just about insignificant in cost on a per machine basis.
Apple had that option built in.
If my Mac had been muted before I started it, the chime would be silenced.
Even in the event that I’d forgot to mute it, or if I shut it down before knowing I’d be starting it in a meeting (not that I ever really shut my Mac down these days) where I’d want it muted, plugging in headphones would also silence the chime. The exception here I’m aware of is on an older Mac mini where the built in chime would play through the internal speaker regardless of headphones being plugged in or not.
What I do is disable any scheduled shutdowns, set Sleep to “Never”, then start the Security Update before I go to bed. I wake up in the morning to a completed update and reset my Shutdown & Sleep preferences to their normal settings. However my MacBook Pro with Mac OS 10.14.6 installed hasn’t mentioned any Security Updates recently. When was this SU released?
@ace, you repeated the recommendation last week to not upgrade to Mojave due to concerns with Mail etc. Is that still the case, or we OK to upgrade now (as long as we don’t interrupt the process)? Thanks!
Yes. This should have been in the article. It’s precisely what I came here to say. I mean, common sense says don’t interrupt. But then you sit and watch for half an hour while nothing happens, and finally start googling on your phone and find that you need to interrupt. I’m a lot more inclined to interrupt after that experience.
I believe the warning was not to upgrade to Catalina until the loss of mail issues were deemed addressed. Right?
We still recommend holding off on the upgrade to Catalina due in part to concerns with Mail. That doesn’t affect Mojave.
Yeah, I debated mentioning the Catalina interrupt issue there, but decided that it was just muddying the issue to have in the main text. Especially, as we can see in the comments, some people are having trouble keeping the versions straight as it is. That’s another downside of all the updates—it’s enough to make anyone’s head swim.
As you say, we know better than to interrupt installations willy-nilly, but we also all do it on occasion when something is going wrong. That’s why I was talking about the BridgeOS issues and the T2 chip—those really change the calculus when updating, since anything that changes them is doing more than just writing files to the boot drive.
My bad - sorry!
I have yet to see any software update or download that is remotely accurate in its time-to-completion prediction, on either Mac or Windows (including, of course, OS updates). Part of the reason, naturally, is that the actual download speed is constantly in flux, in the case of my Internet connection, majorly in flux - might be 150kB/s for 30 seconds, then 1Mb/s for 30 seconds, then 500kB/s, etc. (according to both iStat and Folx), on all devices. I’ve long thought that all developers should just ditch the time-to-completion estimate altogether, just use the status bar graphic and maybe a real-time speed display so you can see it’s actually downloading. Not possible while doing a firmware update, but generally.
Mr. Macintosh now has more details.
Howard Oakley has a great article on why the screen stays black for so long.
And over in the MacAdmin Slack, user stottmj has a great summary of the situation. Sounds like it can hit High Sierra Macs too, which makes sense, though I hadn’t heard of any being impacted before this.
Sure sounds to me like there would have been much less mayhem if Apple had not removed the tiny LED that indicated your MBP is running. With no indication left to the user, people are assuming it’s off when actually it’s still updating. They then proceed to “turn it on”, which has catastrophic consequences. Really poor design choice in my opinion.
I had a recent problem with an iMac Pro having some bad third party ram (as determined by the Geniuses) but the worst part was the diagnosis process. I would turn the computer on and could only tell it was on by the accessory external drive, which had a small light on it. Of course in working out the problem, I had to unplug all the peripherals to make sure they were not the problem. Then I could not tell if it was on or off as there was no chime and no lights. Modern minimalism taken to the extreme.
Just to add a data point: I have a MacBook Air (13-inch, 2017). After I clicked Restart on the Mojave Security Update the screen went totally black for about 2 minutes, and then (finally) the little rotating progress indicator appeared for a while and then it finally started to look like a normal update with a progress bar. The whole thing finished in about 25 minutes or less.
Am I wrong that it was version 10.14.6 both before and after this update? That bugs me.
And that Mac doesn’t have a T1 or T2 chip, so it will theoretically be a bit different anyway.
This is just a security update, so it should stay at version 10.14.6 afterward. However, if you click on that version number in About This Mac, it will show you the build number, which should have increased.
Join the discussion in the TidBITS Discourse forum