I have dealt with M1 Max and M4 Max MacBook Pros DFU mode many times[1], and the documentation is accurate. The primary DFU port is definitely what Apple says. I don't know, other ports may or may not exhibit DFU-like capabilities also; if so that would be unsupported and does not change correctness of Apple documentation.
UPDATE: nevermind--removed a paragraph as it does not appear the root cause is which port is DFU, but a misunderstanding of the DFU process by the blogpost.
[1]: at least once per every iOS/macOS device I have purchased to protect against software supply chain attacks when you receive a laptop in mail. DFU-restoring Apple software ensures that the OS you run is not tampered with as long as there is no bootrom exploit or hardware modification.
Isn't the OS untampered so long as booting into rescue mode > startup security shows it to be in sealed/verified mode?
Not sure, maybe there are other ways to achieve that (instinctively, I think the attack surface is much larger in your solution as it relies on the correctness of recoveryOS, not just bootrom/iBoot), but DFU would be easiest/safest/fastest and less error-prone for me. My ritual is to just plug in another Mac running Apple Configurator to my newly arrived iOS/macOS device and restore the OS image (actually faster than using a USB disk to install macOS). I think your approach may validate the system disk, but not whether configuration in data partition is loading a separate key logger binary on boot.
The luxury of having a second Mac to DFU is useful, sure — but optional. Once you’ve got rescue working, you just boop the data partition and the system is in sealed-safe fresh start mode.
Well, the risk there is slightly higher as you are assuming rescue partition does not have an exploit planted? Empirically, we've had iOS jailbreaks that exploited higher level kernel, but not bootrom.
That said I do it because DFU has been just faster than having the system do "Internet Recovery" not strictly for security purposes.
FWIW, you do not need another Mac to DFU restore another. Any computer could do[1].
[1]: https://github.com/libimobiledevice/idevicerestore
Well, I used to open with wiping the partition table from rescue terminal, when I couldn’t prove anything was sealed properly, which forces Network Recovery from the bootrom (and serves as a nice confirmation that it was wiped) — but now that the OS can get a secure attestation from the bootrom, I don’t stress quite so much about that. There are a lot of advantages to attestation in time savings!
The author followed the "all other MacBooks" case, but it appears that their Mac (a 16-inch model) also has it on the other side than the instructions claim.
I am reading the post again. It does appear the author is not fully aware what DFU is supposed to do. They are talking about "storage devices" in that context, which is a total misread--their interpretation of DFU seems to be something close to "default boot device."
The DFU port is definitely not the singular one on the right side of the device. The documentation debate is about which port on the left side of the device (closer or farther from MagSafe.)
> They are talking about "storage devices" in that context, which is a total misread
What misread are you talking about? I'm talking about storage devices because the documentation says you can't update macOS on an external storage device while it's connected to the DFU port.
> their interpretation of DFU seems to be something close to "default boot device."
No, that's not my interpretation. I have no idea where you're getting that from the blog post.
Fair enough. I now see the connection (i.e. separate from DFU process another doc excludes DFU designated port from participating in your process.) Regardless the documentation is 100% correct re which port is DFU port. If your process fails, it could be for any number of reasons only one of which has to do with using the DFU port, so it is not a logical implication to conclude the failure means DFU port is wrong.
> it could be for any number of reasons only one of which has to do with using the DFU port
Any number? How about naming them. Name one.
People in the comments here claim I'm wrong but totally hand-wave away my issue.
One can logically disprove a theory without providing an alternative theory: reductio ad absurdum.
> One can logically disprove a theory
You haven't done so.
> reductio ad absurdum
You misunderstand what this is. You suggested in another comment that I test the theory by trying the DFU process, but that is not reductio ad absurdum.
> You haven't done so.
Theory: "the DFU port seems to be the USB-C port on the right side of the Mac [p], not on the left side."
Reductio ad absurdum: "[p] port R is DFU => [q] we should be able to execute DFU process on port R (and not port L)" We execute DFU on port R and it fails [NOT q], therefore [NOT p], so the theory cannot be correct. QED
You can turn every empirical theory into a so-called "reductio ad absurdum" by phrasing the results of empirical tests as a premise in the argument, but that is itself totally absurd and a mockery of the logical idea.
It's not a mockery—that is precisely at the core of scientific method. Theory makes predictions (logical implications), and if you empirically find contradictory evidence, the theory is proven incorrect.
> Theory makes predictions (logical implications), and if you empirically find contradictory evidence, the theory is proven incorrect.
Of course. But again, that is not the form of argumentation known as reductio ad absurdum.
Reductio ad absurdum is not at the core of scientific method. Reductio ad absurdum is used for example in pure, nonempirical mathematics and geometry, and typically starts by assuming the opposite of the conclusion.
Genuinely curious — did you use an LLM to write this post; or do you have this tone naturally?
Love that this post starts with "genuinely curious" (a Claude-ism.)
No LLM entirely organic. (If you are talking about referring to the author as "they," that is impact to my head from working at woke workplaces.)
I can't really put my finger what (falsely!) tipped me off here.
I think the short, single clause, internal-monologue-ish sentences is what did it?
> I am reading the post again. It does appear the author is not fully aware what DFU is supposed to do.
That especially came off like an LLM being called out on being wrong about something?
Ah yes the woke practice of the singular they, when gender doesn't matter or is ambiguous. Which a hundo-percent never existed before scary mean woke-ism.
[flagged]
[flagged]
[flagged]
> Also yes, it is 100% corporate woke-ism...
In your experience, sure.
Some of us have done it that way since Usenet in the early 1980s w/out ever having worked in corporations, attended HR meetings, and well before woke entered the recent zeitgeist lexicon.
Using they is indeed a grammatical usage stretching back centuries in the english language.
Oxford Eng. Dict. cites it used in that manner going back to circa 1200. (well, as ' https://en.wiktionary.org/wiki/%C3%BEe%C8%9D%C8%9D ' in Middle English)
Sure, it is a personal experience, but no, you cannot gaslight me out of my personal experience by citing your superior knowledge of Middle English. The existence of such construct is not germane here. Forcing people to use the language a certain way is. Anyone who has faced this knows exactly what I am talking about and they can judge for themselves. Since this subthread was adding precisely zero value, I am going to stop right here.
I would not deny you your experience, I merely remind you that you do not speak for all and the experience of others.
Perhaps take your complaint to the root offending comment: https://news.ycombinator.com/item?id=46853452 that started all this by projecting their personal gripes outwards and onto all.
It's SO FUNNY HOW YOU JUST USED IT. Oh my god, I knew you would eventually, but in an actual reply in this thread. Truly amazing.
Anyone... They...
But yeah, I'm the weird one for using "they" the same you did rather than go look up the post authors gender. Jesus fucking Christ. Props for keeping the makeup on.
> it does not appear the root cause is which port is DFU, but a misunderstanding of the DFU process by the blogpost.
The blog post does not even discuss the DFU process.