This report documents a full macOS restoration performed on a MacBook Pro (Late 2019, Intel, T2 Security Chip) using a Mac mini (M4 Pro, Apple Silicon) as the host workstation. The operation was executed entirely via command-line interface using Claude AI's Terminal service, leveraging direct hardware access through Apple's Thunderbolt Target Disk Mode protocol.
The target MacBook Pro had suffered a broken Signed System Volume (SSV) seal — a cryptographic integrity
failure introduced in macOS Big Sur that prevented the laptop from booting and blocked all standard recovery methods.
Cmd+R Recovery, Internet Recovery, and startosinstall --volume were all non-functional.
| Tool / Service | Purpose |
|---|---|
| Claude AI Terminal Service | Primary operator interface — all commands issued and monitored |
| diskutil | Disk identification, erasure, partition management |
| createinstallmedia | Write bootable macOS installer to target disk |
| softwareupdate | Download macOS Sequoia 15.7.7 full installer |
| osascript / Terminal | Interactive sudo command execution |
| gh CLI + git | Push automation scripts to GitHub |
Starting with macOS Big Sur (11.0), Apple introduced the Signed System Volume (SSV) — a read-only, cryptographically sealed copy of the macOS system volume. At boot, the T2 chip verifies the seal by computing a hash tree over every file in the System volume. If any file differs from the sealed state, the Mac refuses to boot.
The MacBook Pro's SSV seal was broken. Common causes include:
| Cause | Description |
|---|---|
| Failed macOS upgrade | Interrupted update leaves system in partially-written, unsealed state |
| System file modification | Third-party tools (kernel extensions, tweaks) modified sealed files |
| Firmware update failure | T2 firmware update interrupted, leaving inconsistent state |
| Storage corruption | NVMe errors caused hash mismatches in system volume |
startosinstall --volume FailedThe standard command-line install tool was attempted on the Mac mini targeting the MBP's disk. It consistently
printed usage text and exited with code 1 — despite --volume being a valid flag (confirmed via
strings binary analysis).
Root cause: Apple Silicon Macs use a different security architecture (SPSB/LocalPolicy). The
startosinstall runtime validates the target environment and refuses cross-architecture installs from
Apple Silicon to Intel external disks. Additionally, --eraseinstall and --volume are
mutually exclusive and cannot be combined.
The solution bypassed startosinstall entirely in favor of Apple's createinstallmedia
tool, which has no architecture restriction and operates at the disk level rather than through the macOS security layer.
createinstallmedia rejects APFS volumes:
"APFS disks may not be used as bootable install media." The target disk must be erased as
HFS+ (Mac OS Extended, Journaled) before the tool will proceed. This is a critical, under-documented requirement.
Disk Strategy: Rather than using the entire 500 GB as an installer (leaving no room for macOS to install onto), the disk was split after writing the installer:
MacBook Pro booted holding T → Target Disk Mode entered (Thunderbolt symbol displayed). Thunderbolt cable connected to Mac mini. Disk enumerated via:
$ diskutil list
MBP identified as /dev/disk6 (external, physical, Thunderbolt).
Initial state: APFS container with 847 KB volume named MVVJ2LL
— this is the MacBook Pro's model number (MVVJ2LL/A = MacBook Pro 16-inch 2019, Space Gray),
not a serial number. macOS uses this as the default TDM volume name.
Note: disk identifier changed to /dev/disk4 on subsequent reconnection —
normal macOS behavior when re-enumerating Thunderbolt devices.
macOS Sequoia 15.7.7 selected (latest stable, confirmed MBP 2019 support). Download initiated:
$ softwareupdate --fetch-full-installer --full-installer-version 15.7.7 Installing: 1%...25%...50%...75%...89%...Install finished successfully
Installer placed at: /Applications/Install macOS Sequoia.app
APFS rejected by createinstallmedia. Disk erased as HFS+:
$ sudo diskutil eraseDisk JHFS+ MyVolume GPT disk6 Started erase on disk6 → Formatting disk6s2 as Mac OS Extended (Journaled) Initialized /dev/rdisk6s2 as a 466 GB case-insensitive HFS Plus volume Finished erase on disk6
$ sudo /Applications/Install\ macOS\ Sequoia.app/Contents/Resources/createinstallmedia \
--volume /Volumes/MyVolume --nointeraction
Erasing disk: 0%... 10%... 20%... 30%... 100%
Copying essential files...
Copying the macOS RecoveryOS...
Making disk bootable...
Copying to disk: 0%... 10%... 20%... 30%... 40%... 50%... 60%... 100%
Install media now available at "/Volumes/Install macOS Sequoia"
Duration: ~8 minutes. Full 499.8 GB disk used as bootable installer.
Disk split to create dedicated macOS installation partition:
$ sudo diskutil splitPartition disk4s2 2 \
JHFS+ "Install macOS Sequoia" 22g \
APFS "Macintosh HD" 477g
Unmounting disk → Formatting disk4s2 as HFS+ (22 GB)
Formatting disk4s3 as APFS → Finished partitioning
$ sudo createinstallmedia --volume "/Volumes/Install macOS Sequoia" --nointeraction Erasing disk: 0%... 100% Copying essential files... Copying the macOS RecoveryOS... Making disk bootable... Copying to disk: 0%... 100% Install media now available at "/Volumes/Install macOS Sequoia"
Installer uses 17.5 GB of the 22 GB partition (80% capacity). Duration: ~5 minutes.
$ diskutil eject disk4 Disk disk4 ejected
Thunderbolt cable disconnected from Mac mini.
MacBook Pro powered on holding Option (⌥). Boot picker displayed "Install macOS Sequoia". Selected → installer UI loaded → target selected: Macintosh HD (477 GB APFS partition). macOS Sequoia 15.7.7 installation initiated.
The SSV seal is not manually repaired — it is created fresh during every macOS installation. When macOS Sequoia installs onto the APFS volume, the installer performs these steps automatically:
To verify seal integrity post-installation:
$ diskutil info / | grep Sealed Sealed: Yes
startosinstall --volume fails silently when run on Apple Silicon targeting an Intel Mac's disk
in TDM. The flag exists in the binary (confirmed via strings analysis) but runtime validation rejects
cross-architecture installs. The only working alternative from an Apple Silicon host is createinstallmedia.
createinstallmedia refuses APFS-formatted volumes with the error:
"APFS disks may not be used as bootable install media." Any target disk must be erased as
JHFS+ (Mac OS Extended, Journaled) first. This applies even to the Intel Mac's internal SSD accessed via TDM.
diskutil splitPartition reformats the source partition, erasing content. The installer
must be re-run after splitting. Scripts should treat split + createinstallmedia as a mandatory two-step sequence.
A T2 firmware password manifests as a lock icon in the boot picker regardless of disk state. The password is stored in the T2 chip's secure enclave — not on the disk — and cannot be removed via Target Disk Mode. Remediation requires Apple Configurator 2 in DFU mode.
The full operation is automated in macos_restore_tdm.sh, available in the IT Solutions USA repository:
https://github.com/IT-Solutions-USA/mac-admin/blob/main/mac-admin/macos_restore_tdm.sh
| Phase | Script Action |
|---|---|
| 1 | Download macOS installer via softwareupdate (if not present) |
| 2 | Validate target disk exists and is external |
| 3 | Erase disk as JHFS+ (Mac OS Extended, Journaled) |
| 4 | Run createinstallmedia on full disk |
| 5 | Split: 22 GB HFS+ installer + 477 GB APFS target |
| 6 | Re-run createinstallmedia on smaller partition |
| 7 | Eject disk safely |
| 8 | Print next-step boot instructions |