Brief introduction to Apple machines:
Apple Inc. produce a large variety of machines including laptops, desktops, workstations, tablets, servers, mobile phones, watches, etc. These machines have different processors (laptops/desktops/workstations run PowerPC or Intel x86 processors, mobile phones and tablets run ARM-based processors, etc.) i.e. they require different erasure solutions:
- Blancco 5 and Blancco Drive Eraser support the Apple machines based on x86 processors, a.k.a. Intel-based processors. This roughly encompasses the Apple laptops/desktops/workstations built after 2006.
- Other Blancco products can handle other Apple devices (e.g. Blancco Mobile Device Eraser is the tool of choice to erase Apple iPhones and iPads).
If we focus on the Intel-based machines, they are often identified by family (MacBook, MacBook Air, MacBook Pro, iMac, …) and “model”:
- Many models per year:
- Apple Inc. release several models per year: depending on the year, there can be up to 44 models released (all families combined). For a given family, there can be up to 14 models released in a single year.
- These models contain variations, especially the processor, the video card, the storage and the amount of RAM can be different from one model to another. As an example, compare these apparently similar models from 9 months apart:
- In addition, Apple customize the hardware components of its machines. As an example, the firmware of a data storage drive branded by Apple can diverge from a similar data storage drive available in the market, occasionally the data storage drives branded by Apple do not implement all the standard firmware commands (as in the example above, other examples are provided later in the article).
- All this makes the support of a given Apple “model” rather difficult to predict. Therefore the correct identification of an Apple machine is crucial.
- Identifying an Apple model:
- Although the family is usually written in the front/back of the machine and is fairly easy to get, the “model” is sometimes a very broad category that can encompass the machine model number (e.g. A1286), the model identifier (e.g. MacBookPro5,1), the launch date (e.g. Late 2008), the processor type and speed (e.g. "Core 2 Duo" 2.53), the screen size (15”) and/or the electromagnetic compatibility (e.g. EMC 2255).
- The model number (e.g. A1286) is often used as a way to identify an Apple machine, as this number is usually available from the back of the machine. However, this number is not good enough to identify a specific model. As an example, the “model” A1286 is common to 22 different MacBook Pro machines manufactured between October 2008 and June 2012, having in common a similar form factor.
- The model identifier (e.g. MacBookPro5,1) is usually common to machines belonging to the same family and year, so it is more precise than the model number. However, this number is visible from the Apple operating system, not from the machine case.
- By far, the best way to clearly identify an Apple model (and therefore its technical specifications and hardware components) is via its serial number. This number is 11 or 12 characters long (e.g. W88401231AX or C02CG123DC79) and it is available from the back of the machine.
- If you have issues erasing an Apple machine, please contact the Blancco Support and provide both the family and the serial number of the machine.
- The webpage http://www.everymac.com is an excellent source of information on Apple machines. It also provides a useful Mac Lookup engine that works with serial numbers.
Generalities on booting Apple machines:
Blancco Drive Eraser can be booted on Mac laptops and workstations, although in some cases the success of the procedure depends on the Mac model and involves some additional steps:
- The Mac EFI firmware is not able to boot from PXE natively (i.e. network booting is not possible).
- Blancco Drive Eraser can be booted on Macs using a bootable USB-stick (see the FAQ article about Booting on machines with UEFI for more information).
- On some Macs, booting from a USB-stick will not work, instead boot from a Blancco Drive Eraser ISO image burnt on a CD.
- If USB boot does not work properly and there is no optical drive available for CD booting, connect an external USB connectable optical drive to the system and try booting from it.
- Before booting Blancco Drive Eraser, remove any external peripheral that is not required in the erasure process, in particular remove any connected Thunderbolt interface/adapter (they do not react properly to the Blancco Drive Eraser freeze lock removal process and ultimately can provoke the failure of the erasure).
Handling some specific Apple models:
Some Apple machines (example models: MacBookPro11,1 with OWC Aura SSD, MacBookAir6,1 , MacBook9,1 , MacBook8,1 , MacBookAir7,1) contain drives (mainly ATA SSDs and NVMes) that do not implement any firmware-based erasure command required to perform a “purge-level” erasure (e.g. required if you use the erasure standards “NIST 800-88 Purge” or “Blancco SSD Erasure”). The problem lies in the drive firmware level where the required commands are missing:
- Selecting these drives for erasure and selecting a “purge-level” erasure standard (e.g. “NIST 800-88 Purge” or “Blancco SSD Erasure”) will display a “NOT SUPPORTED” icon under the drive (Erasure-step > Advanced-view). This means that the drive does not support the selected erasure standard (and not that the selected erasure standard does not support the drive).
- This problem cannot be fixed in Blancco Drive Eraser. Ideally, in order to have a chance to purge these drives, Apple should publish an updated drive firmware (for the drives in question) including the missing commands.
- For the time being, Blancco Drive Eraser can only overwrite these drives. Overwriting these drives with the erasure standards “Aperiodic Random Overwrite” or “HMG Lower Standard” and using a 100% verification will achieve a “clear-level” erasure (as defined by NIST).
- Some of these Apple machines have NVMe drives (example models: MacBookAir7,1 , MacBook8,1 , MacBook9,1). It is recommended to overwrite them with Blancco Drive Eraser 6.2.0 or higher.
Since 6.1.2, Blancco Drive Eraser has improved its support for newer Apple machines. Nevertheless, some models require the software to be booted with special booting parameters 1,2:
- As a general recommendation, use preferably the booting option “FLR during startup”. If you use another booting option, make sure that the “splash” parameter is removed (if present).
- Models successfully tested with this configuration: MacBookAir7,1 , MacBookAir7,2 , MacBookPro11,1 , MacBookPro11,4 , MacBookPro11,3
- On some models, you need to add the "nomodeset" parameter (if missing).
- Models successfully tested with this configuration: MacBookPro13,3
- On some models, you need to add the "noapic" parameter.
- Models successfully tested with this configuration: MacBook8,1 , iMac17,1 , MacPro6,1 , MacBookPro1,2
- On some models, if you have troubles with the keyboard, touchpad or TouchBar, try adding the "intremap=nosid" parameter.
- Models successfully tested with this configuration: MacBookPro13,3 , MacBook9,1
- Keep in mind that some models need a combination of parameters.
- As an example the iMac17,1 needs adding “noapic” and removing both “splash” and “nomodeset” (if present).
1: Adding/removing the default booting parameters can be automated if the software image is configured with Blancco Drive Eraser Configuration Tool 2.2 or higher. This can also be carried out manually, as explained below:
- Boot the machine, select the booting option (e.g. "FLR during startup"), press "e" to edit the option.
- With arrow keys, move the cursor down to the line starting with: "linux /arch/boot/x86_64/vmlinuz img_dev=..."
- Move the cursor after “$isofile” and add/remove the boot parameter(s) without quotes.
- Press Ctrl + "X" or F10 to continue booting.
2: Please note that newer Blancco Drive Eraser releases (post 6.1.2) may not require any special booting parameter to boot on these machines. Please test and fine-tune the booting parameters of any new Blancco Drive Eraser release before moving it to a Production environment.