In late 2017, Apple released the iMac Pro. Along with the new Secure Enclave protection provided by Apple’s T2 chip, the iMac Pro brought another notable development: It did not support booting from a network volume, otherwise known as NetBoot.
The one exception was Apple’s Internet Recovery, where Apple is providing a NetBoot-like service to provide access to macOS Recovery. The iMac Pro is still able to boot to Internet Recovery, which provides a way to repair the Mac or reinstall the operating system in situations where the Mac’s own Recovery volume is missing or not working properly.
With NetBoot not being available for the iMac Pro but still available for other models, it wasn’t yet clear if NetBoot-based workflows for setting up new Macs or rebuilding existing ones were on the way out. However, Apple’s release of of T2-equipped MacBook Pros in July 2018 which also could not use NetBoot has made Apple’s direction clear. As Apple releases new Mac models equipped with T2 chips and Secure Enclave, it is unlikely that these future Mac releases will be supporting NetBoot.
For Mac admins using NetBoot-based workflows to set up their Macs, what are the alternatives? Apple has been encouraging the use of Apple’s Device Enrollment Program, which leverages a company, school or institutions’ mobile device management (MDM) service. In this case, you would need to arrange with Apple or an Apple reseller to purchase Macs that are enrolled in your organization’s DEP.
When a DEP-enrolled Mac is started for the first time (or started after an OS reinstall), it is automatically configured to use your organizations’ MDM service and the device checks in with the MDM service. The MDM service then configures the Mac as desired with your organization’s software and configuration settings. A good example of what this process may look like can be seen here.
What if you don’t have DEP, or you don’t have MDM? In that case, you may still be able to leverage Recovery-based deployment methods, which would allow you install the desired software and configuration settings onto the Mac’s existing OS, or install a new OS along with software and configuration settings. For more details on these methods, please see below the jump.
To help facilitate deploying software and settings from the Recovery environment, Greg Neagle has released a couple of tools:
bootstrappr: https://github.com/munki/bootstrappr
installr: https://github.com/munki/installr
Both bootstrappr and installr can run in the macOS Recovery environment and work in similar ways. The main difference between the two is the following:
- bootstrappr: Installs one or more packages onto a target volume
- installr: Installs macOS and one or more additional packages onto a target volume
As an example of how bootstrappr works, please see below. In this case, I’ve set up a disk image using the instructions provided at the bootstrappr GitHub repo and copied it to an external drive named Provisioning.
On the disk image, I’ve included one installer package named First Boot Package Install, which was generated by my First Boot Package Install Generator tool.
1. Boot to macOS Recovery
2. Launch Terminal
3. Run the following command:
hdiutil mount /Volumes/Provisioning/bootstrap.dmg
The bootstrap disk image mounts as a new volume named bootstrap.
4. Run the following command:
/Volumes/bootstrap/run
5. Select the volume to install on (in this example, the volume is named Macintosh HD.)
The First Boot Package Install package included in the disk image is installed.
6. Once installation is completed, select the option to restart.
On restart, the First Boot Package Install package is able to run its own workflow, which is able to suppress the Apple Setup Assistant and run its assigned installation task. In this case, I’m only having it check for and install all available Apple software updates but it could be installing any desired package. This could include all software needed to set up a particular Mac, or installing a management agent to handle software installation and configuration.
