The latest installment in the story of how bootable Mac backups will eventually disappear started with a blog post by Shirt Pocket Software's Dave Nanian. In it, he explained why SuperDuper could no longer make bootable duplicates on M-series Macs running under macOS 15.2 Sequoia, blaming Apple's asr (Apple Software Restore) utility. This tool is the only way to create a bootable backup for M-series Macs.
I read Nanian's blog post shortly before publishing the final TidBITS email issue of the year, so I only had time to write a short warning ("macOS 15.2 Sequoia Breaks Bootable Backups in SuperDuper," 16 December 2024) and add a proviso to my suggestion in another article ("OS X.2 Updates Boost Apple Intelligence and More," 11 December 2024) that now was a good time to upgrade to macOS 15:
Until Apple fixes the bug or we learn more about what's going on, anyone relying on a bootable backup -- as opposed to a data-only backup -- should hold off updating or upgrading.
Such is the problem with deadlines. I was curious if the problem with asr affected other backup apps like Carbon Copy Cloner and ChronoSync, but no information was available at that point. However, now that the necessary details have emerged, I have updated my recommendation on updating and upgrading.
First, I confirmed that the problem was real but limited to M-series Macs. On my Intel-based 27-inch iMac, SuperDuper had no problem completing a backup, and I was easily able to boot my iMac from that backup. However, when I tried the same backup on my M1 MacBook Air, SuperDuper failed quickly with the Resource Busy error that Dave Nanian mentioned.
I also verified that changing SuperDuper's settings to use the standard "Backup - all files" script with the Smart Update copying option successfully created a data-only backup of the M1 MacBook Air.
Next up, I tried ChronoSync. It wasn't encouraging to start, with its assistant warning me, "Note: Bootable Backups have been losing relevance on recent versions of Apple hardware and will eventually not be supported. You should consider creating a Data Volume Backup instead." The app's developers weren't being alarmist. While I can't definitively blame a bug in asr for ChronoSync's failure, fail it did. Twice!
Carbon Copy Cloner's in-app text was similarly down on bootable backups, noting, "Creating a bootable copy of the source OS requires an Apple-proprietary procedure. CCC provides this functionality in a 'best effort' manner. Please click the '?' button to the right to learn about the caveats associated with this procedure."CCC also failed twice, though again, I don't definitively know why. The destination SSD has worked fine in the past, and SuperDuper's data-only backup to it completed with no errors, so I don't believe it's a hardware problem.
Regardless of whether asr caused these problems, such uncertainty is problematic when it comes to backups. I feel terrible for Shirt Pocket Software, Econ Technologies, and Bombich Software because they're trying to provide a longstanding feature that users want -- bootable backups -- and they're entirely at the mercy of Apple's asr tool to do so. As we'll see, Apple has relatively little interest in supporting bootable backups.
Shortly after I completed my testing, Mike Bombich posted a blog entry that shared information from a 2020 call with Apple. (He had missed the start of the kerfuffle, being away to help a family member when macOS 15.2 shipped.) As he outlines in the post, Apple made it clear that it was willing to address problems associated with making backups "as long as it did not require making a compromise to platform security."
From Apple's perspective, allowing system files to be copied inherently introduces opportunities for attackers to modify system components. Since macOS 10.15 Catalina, the separate system volume is immutable, locked, and validated using cryptography -- what Apple calls the "signed system volume." Any method that allows it to be copied onto a bootable drive must preserve the same verification to ensure nothing has changed.
To mitigate this move away from easily making bootable backups, Apple has invested a lot of effort into macOS Recovery and Migration Assistant. It is now trivial and streamlined to boot a Mac into macOS Recovery, install macOS, and restore user files using Migration Assistant. With a separate system volume, a reinstallation just creates a new, secured, immutable volume and then copies your user files to the data volume. Because Apple controls every part of that process, there's no worry about the security of the system being compromised.
The other aspect of this topic is the value of an external boot drive to an M-series Mac. While Macs with Apple silicon allow booting from external drives, they remain dependent on their internal storage during that process, as Glenn Fleishman wrote in "An M1 Mac Can't Boot from an External Drive If Its Internal Drive Is Dead," 27 May 2021.
The fresh information here is that an M1-based Mac relies on its internal SSD to allow external drives to boot. If the internal SSD has failed or been entirely erased -- it contains several hidden volumes -- you can no longer boot from an otherwise valid volume on an external drive. Why would Apple do this? To increase security.
Mike Bombich closes his post by explaining that Carbon Copy Cloner will continue to support the Legacy Bootable Copy Assistant because it remains useful for Intel-based Macs. But he stresses that no one should base their backup strategy on bootable backups. While Apple may fix the asr bug, the writing is on the wall, with Bombich saying:
Apple made it unambiguously clear that "bootable backups" and System cloning are fundamentally incompatible with platform security.
I've been preaching the need to move on from bootable backups since early 2021, when I wrote "The Role of Bootable Duplicates in a Modern Backup Strategy" (23 February 2021). A slightly updated version of the backup strategy I recommended in that article would include:
I realize that most people won't have all five of these, so if you have to choose, I recommend Time Machine paired with Backblaze to protect against disasters that would affect your Mac and Time Machine drive. But whatever you do, please make backups. Losing data is a matter of when, not if.
Finally, let's return to the question of updating or upgrading to macOS 15.2 Sequoia. Assuming you're willing to change any bootable backups to data-only backups, I think it's safe to proceed.