Apple Software Restore lets you clone your Mac even with a Signed System Volume. Hereâs how to use it to copy your Macâs storage.For a variety of reasons, you may want to make a clone of your Startup Disk on your Mac. This can include software testing, backups, configuration, or many other reasons.In the past on macOS this was relatively easy, but that changed withmacOS Big Surbecause Apple added what is known as aSigned System Volumeto each macOS Startup Disk. Signed System Volumes are encoded with a special cryptographic marker for that one installation.If you try to clone a Signed System Volume or copy it, the copy will fail. Apple does this on purpose to prevent theft of Startup Disk volumes - and to prevent malicious software (malware) from hacking the macOS installed on Startup Disks.Ever since Apple added Signed System Volumes, most third-party clone software also wonât work. Or at least they wonât work when trying to create a bootable clone of a macOS system volume.There is, however, one way to still clone macOS drives since macOS Big Sur that does work: Apple Software Restore (ASR).Using ASR, you can use a part of macOS to copy a Startup Disk volume, then set it as an authorized (signed) volume, which will boot successfully.You can also use ASR to restore disk image (.dmg) files to physical disk volumes. In fact, when you do a Restore from within macOSâsDisk Utility, it uses ASR under the hood to perform the Restore.How to clone your Startup Disk using ASRThis guide covers macOS Catalina or later. For earlier versions of macOS, the process is slightly different.To make a clone on an Apple Silicon Mac, you must have a copy of macOS installed on the target. Youâll need it to make the clone bootable for your Mac, as this process doesnât work if you try to clone onto an empty drive on a Mac.For cloning on an Apple Silicon Mac, you must be using macOS Monterey or later. macOS Big Sur or earlier wonât work.You also canât cross-boot a cloned drive, i.e., you canât boot a clone made on an Intel Mac on an Apple Silicon Mac or vice versa.Grant full disk access to the Terminal app in System Settings.Also, be aware that any FileVault encryption your source drive uses will not be copied to the target. If you want to use FileVault on the target after cloning, you must boot into the cloned drive, re-enable FileVault, and allow it to re-encrypt the drive.Youâll also need to be comfortable using macOSâs Terminal app and in using disk volumes and the macOS Finder. A system administrator password is required to perform the cloning.The Terminal app also needs to be granted Full Disk Access inSystem Settings->Privacy & Security->Full Disk Accessin order for the cloning process to work. If Terminal doesnât appear in the list of apps to grant access to, click the+button and add it to the list from the /Applications/Utilities folder on your Startup Disk.Choose source and destination volumesThe disk volume you want to clone is called thesourcevolume, and the drive you want to clone it to is called thedestination. The destination should be an Apple File System (APFS) Container, but it can also be a single volume.The source and destination can be on the same drive, but itâs not recommended in case something goes wrong or in case errors occur during cloning.Either or both the source and destination drives can be an internal drive inside your Mac or an external drive. You can also clone from a Disk Utility disk image if it was also previously made using ASR.If you want to set up an unformatted external drive to use for the clone, first erase it using macOSâs Disk Utility app located on your Startup Disk at /Applications/Utilities.Warning: Be aware that using Disk Utility makes it easy to erase drives and destroy data. You may want to unplug any additional external drives connected to your Mac first.Alwaysback up your data before erasing any drive.Once you have Disk Utility running on your Mac, selectView->Show All Devicesin the menu bar, then click the disk drive you want to erase from the list on the left. Be sure to select a top-level physical drive from the list, and not a volume or container on a drive.When youâve confirmed this is the drive you want to erase, click theErasebutton in Disk Utilityâs main window. This will erase all volumes and software on the disk, including anyothervolumes present. You cannot undo this action, so be sure to choose the device to erase carefully.Use Disk Utility to erase a new drive for use as an ASR target.In the Erase sheet, give the new volume a name, and set theFormat:pop-up menu toAPFS. If thereâs aScheme:pop-up menu present, set it toGUID Partition Map, and click theErasebutton. This Erases the disk.Once the Erase process completes, youâll see a single new empty disk volume mount on the Finderâs Desktop. Quit Disk Utility.View disk and volume info in TerminalFor this next step, you may want to first eject and unplug all storage devices from your Mac except for the ones containing the source and destination disks. Doing so makes this step easier.Next, youâll need to view the specifics of your source and destination drives in macOSâs Terminal app to gather some data needed for ASR. To do so, open the Terminal app on your Startup Disk at /Applications/Utilities.Then, in Terminal type:diskutil listand pressReturnon your keyboard.This displays info about all storage devices connected to your Mac, including their BSD (UNIX) device entries. Each drive entry listed in the/devdirectory includes:Drive partition or container schemeA list of volumes on each deviceThe type, name, ID, and size of each volume on each deviceFor example, the first device might have a device entry of/dev/disk0and one or more sequentially numbered volumes (partitions) on it, starting with a partition name such asdisk0s1. Additional volumes will have similar names with increasing partition numbers.Youâll also note that the last component of each device entry is the BSD disk name, and it always matches the disk name of the partition scheme listed under theIDENTIFIERcolumn. For example,/dev/disk0always has a partition scheme with an ID ofdisk0. The same is true for additional drives.This helps you remember which volumes belong to which devices.Next, note down the device entries and volume (partition) names and identifiers of the source and destination volumes you want to use for the cloning operation.This is really important to do. If you specify an incorrect volume identifier as the destination disk during cloning, all its data may be destroyed, and thereâs no way to undo it.Take your time and be careful.Viewing device info on the Mac using the diskutil command in Terminal.You may also notice in the disk list several partitions with names such asApple_APFS_ISCandApple_APFS_Recovery. These are special hidden volumes used by macOS, and you shouldnât touch them.Doing so may render your Mac unbootable.Device and volume confusionApple File System (APFS) can be a bit confusing sometimes.This is due mainly to two concepts:container disks(usually of typeApple_APFS) andsynthesizedor virtual volumes. Container disks can contain other volumes.A container works as a sort of wrapper around one or more other volumes, all of which can be of different types.Containers are useful because they enable the manipulation of multiple volumes at once, such as copying, cloning, and repairing. Containers also provide some additional internal information in case thereâs a problem with one or more of the volumes they contain.When you expand a container, it can then be treated as a device and the volumes it contains can be manipulated individually.Also be aware that partitions of typeApple_APFSare different than partitions of typeAPFS VolumeandAPFS Snapshot. This is because in APFS, containers can be expanded as if they were physical devices, and their wrapped volumes displayed as if they were volumes on a real, physical device.In macOS,Apple_APFSalmost always represents a container, andAPFS Volumealmost always represents a single, individual volume.Once you understand this, itâs easy to see how a Container device entry in thediskutillist can be confused for a real, physical device. Again - be careful.Next to each device entry, youâll notice a description in parentheses to indicate if the drive is a real, physical drive or a synthesized one. So, for example, you might see(internal, physical)or(synthesized)next to a device entry.All of this can be very confusing and lead to potential errors when using thediskutilcommand and Terminal. This is because, in some cases, itâs possible to have a virtual device entry that is actually a container on a real, physical device.Such virtual devices will usually somewhere intheirvolume list contain the empty labelPhysical Storefollowed by the partition identifier of the partition on the real, physical device they point back to.For example, you may see a container scheme line in a virtual device entryâs list, followed by a blank line which contains only the label âPhysical Storeâ, such as:Physical Store disk0s2Usually, right after that line will be listed the APFS volumes themselves, for example:APFS Volume Untitled 460.0 KB disk3s1This indicates that the container scheme itself points back to anApple_APFSContainer on a physical disk. And usually in these cases, aAPFS Container Schemeâs size will be identical to theApple_APFSContainer it points back to.Tiny APFS Volume entries listed in the KB size range usually indicate the disk was newly erased with a singleemptyvolume on it. To clone into a container, you can either remove all volumes inside it or merely add your clone as a new volume into it.Contrary to what you might think, itâs entirely possible to add a clone into the container that contains the volume macOS is currently booted into. Weâll get to this below.Also, before you start the clone, make sure the destination has enough space to hold the full size of the entire clone. If it doesnât, the clone will fail.This includes any recovery and boot partitions marked with âPrebootâ or âRecoveryâ if youâre cloning an entire device. You should probably allow for a little extra space in case ASR needs to move things around. A few GB should be enough.To summarize the above example:disk0- a real, physical device entry with aGUID_partition_schemeon itdisk0s2- anApple_APFScontainer on physicaldisk0disk3s1- anAPFS Volumeon a synthesized device (disk3) with aAPFS Container Schemeon itPhysical Store disk0s2- The identifier of theApple_APFSon the physical device from whichdisk3was synthesizedProbably the biggest gotcha in trying to understand all this is that theIDENTIFIERof theparentApple_APFScontainer appears in thetextof the âPhysical Storeâ label in theNAMEcolumn on the synthesized child device entry (just before its volume list).Once you grasp that relationship, understanding APFS becomes much easier.Donât worry if all this is confusing. APFS takes quite some time to get used to and understand. Youâll get it eventually.The upshot of all this is that when running ASR to clone a volume, you have to be careful about which volume you target as your destination. If you make a mistake, itâs very easy to wipe out a container, which also wipes out all the volumes it references.You can target a Container as the destination, but you have to be careful about how you do it.Itâs easy to determine the source and destination volumes in thediskutillist by looking for the Container or volume names you want in theNAMEcolumn (such as âMacintosh HDâ, for example). But be aware itâs possible in macOS to have two volumes with identicalnames, but with a differentIDENTIFIERfor each.Prepare for cloningOnce youâve done all of the above and verified everything, itâs time to start the clone operation. For this example, weâll assume youâre running macOS Monterey or later.If the destination is an APFS Container and it contains the volume macOS is currently booted into, you must restart your Mac into Recovery Mode.The steps for doing this are different if youâre using anIntelorApple SiliconMac. Apple also has aIntro to macOS Recoverypage.This is necessary to avoid restrictions imposed by System Integrity Protection. If the destination doesnât contain the currently booted macOS volume, you can run ASR from Terminal without restarting.Oddly, next you must make sure either FileVault or Find My Mac is enabled. This ensures Recovery Assistant will appear after a restart and ask you for an admin password.Without this, ASR will fail.Restart using the instructions from Apple above to boot into Recovery Mode. Once in Recovery Mode, selectUtilities->Terminalfrom the menu bar.Once in Terminal, rundiskutil listas you did above. Note that the IDs for containers and volumes may have changed.If the source has FileVault enabled, youâll need to unlock its data volume it with two commands in Terminal:diskutil apfs listvolumegroupsdiskutil apfs unlockIf youâre running ASR without running in Recovery Mode, youâll need to instead unlock using thediskutil apfs unlockcommand followed by the data volume. For example:diskutil apfs unlock disk2s2The data volume is a separate volume that resides next to the actual bootable macOS volume. So, for example, if your bootable Mac volume is named âMacintosh HDâ, youâll also see a second volume next to it named âMacintosh HD - Dataâ.Prepare snapshots for cloningSigned System Volumes contain asealed snapshotof the copy of macOS that is on the Startup Disk. These snapshots are used to preserve the security of the installed OS to make sure it hasnât been tampered with.In order to use these snapshots on the destination, they must be copied over as-is. In order for ASR to make the snapshot copy, it has to know what the snapshotâs name or unique ID (UUID) is.To get the snapshot UUID or name in Terminal, note thediskutilID of the sourceâs system volume (for example âdisk2s1â) in theIDENTIFIERcolumn with:diskutil mount disk2s1This forces the volume to be mounted by macOS. Note this is the volume with macOS on it - not the Data volume.Terminal will display the mounted volume name and echo back the ID when it does.Next run:diskutil apfs listsnapshots disk2s1This displays the sealed snapshotâs name and UUID on this volume. If you get an error, go back and make sure the volume or Container ID you specified matches the one containing the macOS installation.You should see something like:i7@i7s-Mac-mini ~ % diskutil apfs listsnapshots disk2s1Snapshot for disk2s1 (1 found)|+â E3D1AF2D-7182-3217-BC82-2874219DAB48Name: com.apple.os.update-52F3A2F592F324F6AC5DE35D538FA237771DB7715C76582E51C5C432D80587DDXID: 42Purgeable: NoThe short string next to the "+â " is the snapshot UUID, and the longer string below it is the name. You can use either, but the UUID is easier.You can also view the snapshot name/UUID for the source in Disk Utility from the menu bar by selectingView->Show APFS Snapshots.Note, you must have an actual macOS volume selected in the sidebar in Disk Utility for this menu item to be enabled. Selecting the physical device or the Container wonât work.Viewing snapshot UUID and name in Disk Utility.Start the cloning operationThe command for starting the ASR cloning process is easy, but the entire command line is quite complex.The main command is:asr restoreThere are several options and parameters that go along with it. The three most important possible options are:â sourceâ targetâ eraseYou can also use theâfileoption to target a file as the destination. There are other options for skipping verification and warnings and controlling output.Thereâs also a coolserveroption to multicast a clone over a network, but it requires theâeraseflag. ASR can also read multicast .dmg files over a network by using the asr:// protocol. But in general, asr:// isnât used much.For a complete list of options and usage, in Terminal type:man asrand pressReturnon your keyboard. Thereâs also anonline versionat ss64.com.The man page has sections that discuss restoring from filesystems, snapshots, and volumes. To exit the man system in Terminal, typeControl-Zorqon your keyboard.You can get verbose output while cloning with theâverboseandâdebugflags.An example of the simplest clone command line might look like this:sudo asr restore --source /Volumes/source --target /Volumes/destTo do the same as above but also erase and destroy all data (including volumes) on the destination when cloning, also add theâeraseflag at the end of the command line before starting.Theâeraseflag destroys all existing data on the target, so use it carefully. Itâs easy to wipe out several volumes at once inadvertently if youâre not careful.To include the above snapshot if youâre running in Recovery Mode, also add theâtoSnapshotflag followed by a space, then the snapshot name or UUID you obtained above. This will make the destination clone look and behave exactly like your source volume.In most cases, if you target a container and omit theâeraseflag - and if your source is a single volume, the volume will be added to the container and the other volumes will be left alone.But again, use caution and always back up all your volumes and data first, just in case something goes wrong.When running in Recovery Mode, you can usually omit thesudoat the start of the command because you entered an admin password when Recovery Mode started.When ASR starts, it will prompt to ask if youâre sure unless you used theânopromptflag above. Pressyin response and pressReturn.ASR will run several steps to execute the clone, and if everything worked, at the end youâll see the message âRestore completed successfully.â. If a clone fails, youâll need to open Disk Utility and look for a volume with âASRâ in its name and thenEraseit from the toolbar.Again, proceed with caution. Donât accidentally erase the wrong volume.Make the clone bootableWhen a clone operation succeeds, the destination still isnât bootable. Youâll need to do a few additional steps to make it so.After ASR runs, the destination volumes all have the same names as the originals (or one volume if you didnât clone a Container). Youâll need to rename these volumes with unique names so they donât conflict with the originals.If more than one volume with an identical name is mounted on the Finderâs Desktop, macOS will change one of the volumesâ names silently but only in the background. The ârealâ name the filesystem sees for each volume will be different than the duplicate(s)â names shown in the Finder, which can be confusing.Iâs best to make sure all volumes have unique names.You can rename unlocked volume names in the Finder by clicking on theirnamesand typing new ones. Alternately, you can rename them in Disk Utility by selecting them in the sidebar, thenControl-clickingeach one and selectingRenamefrom the popup menu.At any rate, itâs best to restart your Mac after renaming volumes to make sure the system picks up all the new names and discards any ones it may have created in the background.Note that this renaming also has to be done for the destinationâs Data volume. For example:Macintosh HDMacintosh HD - Datamight become:NewExternal HDNewExternal HD - DataDonotrename the special volumes on the clone named:PrebootRecoveryVMUpdateIf you do, the clone may not boot.If youâre still in Recovery Mode, youâll need to restart back into your normal installation of macOS to complete the next steps.Once youâre back in macOS, openSystem Settings, go toGeneral->Startup Diskand set your clone as the boot volume. This causes macOS toblessthe volume for booting by setting some special flags on it.You can now restart into the cloned volume by clicking theRestartbutton.If you see the message âThis volume does not have any authorized users for this computerâ, clickAuthorize Usersand follow the instructions. You may need to enter an admin password several times.You may also want to run First Aid in Disk Utility on the clone or its Container first before rebooting, just to make sure everything is ok on the destination.If, for any reason after restarting, you canât boot from the clone and canât get back to your original Startup Disk, you can select which volume to start from by resetting your Mac and then holding down a key:Power button (Apple Silicon)Option key (Intel Macs)This preempts the boot process and displays a screen that gives you the option to select which volume to boot from.Now you know how to make clones of your Startup Disk in various ways. Be careful when making clones since itâs very easy to destroy data.Apple Software Restore isnât intended for mass deployment of macOS to multiple machines. It is possible to do so, but itâs not a good idea.Instead, you should use Appleâs MDM technology to deploy to multiple devices at once. See themacOS Deployment Guidefor more info.ASR can be dangerous if not used carefully. For this reason, you should only use it when youâre sure you have enough time to do a restore without rushing.One single mistake can wipe out multiple drives at once and destroy all the data on them in an instant.It might also be a good idea to set up a test Mac with some extra drives on it and practice before using ASR in a real-world environment. You can use inexpensive USB thumb drives as test drives, although they will be a bit slower.Also see Appleâs technote (102655)How to reinstall macOS.
For a variety of reasons, you may want to make a clone of your Startup Disk on your Mac. This can include software testing, backups, configuration, or many other reasons.
In the past on macOS this was relatively easy, but that changed withmacOS Big Surbecause Apple added what is known as aSigned System Volumeto each macOS Startup Disk. Signed System Volumes are encoded with a special cryptographic marker for that one installation.
If you try to clone a Signed System Volume or copy it, the copy will fail. Apple does this on purpose to prevent theft of Startup Disk volumes - and to prevent malicious software (malware) from hacking the macOS installed on Startup Disks.
Ever since Apple added Signed System Volumes, most third-party clone software also wonât work. Or at least they wonât work when trying to create a bootable clone of a macOS system volume.
There is, however, one way to still clone macOS drives since macOS Big Sur that does work: Apple Software Restore (ASR).
Using ASR, you can use a part of macOS to copy a Startup Disk volume, then set it as an authorized (signed) volume, which will boot successfully.
You can also use ASR to restore disk image (.dmg) files to physical disk volumes. In fact, when you do a Restore from within macOSâsDisk Utility, it uses ASR under the hood to perform the Restore.
How to clone your Startup Disk using ASR
This guide covers macOS Catalina or later. For earlier versions of macOS, the process is slightly different.
To make a clone on an Apple Silicon Mac, you must have a copy of macOS installed on the target. Youâll need it to make the clone bootable for your Mac, as this process doesnât work if you try to clone onto an empty drive on a Mac.
For cloning on an Apple Silicon Mac, you must be using macOS Monterey or later. macOS Big Sur or earlier wonât work.
You also canât cross-boot a cloned drive, i.e., you canât boot a clone made on an Intel Mac on an Apple Silicon Mac or vice versa.
Also, be aware that any FileVault encryption your source drive uses will not be copied to the target. If you want to use FileVault on the target after cloning, you must boot into the cloned drive, re-enable FileVault, and allow it to re-encrypt the drive.
Youâll also need to be comfortable using macOSâs Terminal app and in using disk volumes and the macOS Finder. A system administrator password is required to perform the cloning.
The Terminal app also needs to be granted Full Disk Access inSystem Settings->Privacy & Security->Full Disk Accessin order for the cloning process to work. If Terminal doesnât appear in the list of apps to grant access to, click the+button and add it to the list from the /Applications/Utilities folder on your Startup Disk.
Choose source and destination volumes
The disk volume you want to clone is called thesourcevolume, and the drive you want to clone it to is called thedestination. The destination should be an Apple File System (APFS) Container, but it can also be a single volume.
The source and destination can be on the same drive, but itâs not recommended in case something goes wrong or in case errors occur during cloning.
Either or both the source and destination drives can be an internal drive inside your Mac or an external drive. You can also clone from a Disk Utility disk image if it was also previously made using ASR.
If you want to set up an unformatted external drive to use for the clone, first erase it using macOSâs Disk Utility app located on your Startup Disk at /Applications/Utilities.
Warning: Be aware that using Disk Utility makes it easy to erase drives and destroy data. You may want to unplug any additional external drives connected to your Mac first.
Alwaysback up your data before erasing any drive.
Once you have Disk Utility running on your Mac, selectView->Show All Devicesin the menu bar, then click the disk drive you want to erase from the list on the left. Be sure to select a top-level physical drive from the list, and not a volume or container on a drive.
When youâve confirmed this is the drive you want to erase, click theErasebutton in Disk Utilityâs main window. This will erase all volumes and software on the disk, including anyothervolumes present. You cannot undo this action, so be sure to choose the device to erase carefully.
In the Erase sheet, give the new volume a name, and set theFormat:pop-up menu toAPFS. If thereâs aScheme:pop-up menu present, set it toGUID Partition Map, and click theErasebutton. This Erases the disk.
Once the Erase process completes, youâll see a single new empty disk volume mount on the Finderâs Desktop. Quit Disk Utility.
View disk and volume info in Terminal
For this next step, you may want to first eject and unplug all storage devices from your Mac except for the ones containing the source and destination disks. Doing so makes this step easier.
Next, youâll need to view the specifics of your source and destination drives in macOSâs Terminal app to gather some data needed for ASR. To do so, open the Terminal app on your Startup Disk at /Applications/Utilities.
Then, in Terminal type:
diskutil listand pressReturnon your keyboard.
This displays info about all storage devices connected to your Mac, including their BSD (UNIX) device entries. Each drive entry listed in the/devdirectory includes:
For example, the first device might have a device entry of/dev/disk0and one or more sequentially numbered volumes (partitions) on it, starting with a partition name such asdisk0s1. Additional volumes will have similar names with increasing partition numbers.
Youâll also note that the last component of each device entry is the BSD disk name, and it always matches the disk name of the partition scheme listed under theIDENTIFIERcolumn. For example,/dev/disk0always has a partition scheme with an ID ofdisk0. The same is true for additional drives.
This helps you remember which volumes belong to which devices.
Next, note down the device entries and volume (partition) names and identifiers of the source and destination volumes you want to use for the cloning operation.
This is really important to do. If you specify an incorrect volume identifier as the destination disk during cloning, all its data may be destroyed, and thereâs no way to undo it.
Take your time and be careful.
You may also notice in the disk list several partitions with names such asApple_APFS_ISCandApple_APFS_Recovery. These are special hidden volumes used by macOS, and you shouldnât touch them.Doing so may render your Mac unbootable.
Device and volume confusion
Apple File System (APFS) can be a bit confusing sometimes.
This is due mainly to two concepts:container disks(usually of typeApple_APFS) andsynthesizedor virtual volumes. Container disks can contain other volumes.
A container works as a sort of wrapper around one or more other volumes, all of which can be of different types.
Containers are useful because they enable the manipulation of multiple volumes at once, such as copying, cloning, and repairing. Containers also provide some additional internal information in case thereâs a problem with one or more of the volumes they contain.
When you expand a container, it can then be treated as a device and the volumes it contains can be manipulated individually.
Also be aware that partitions of typeApple_APFSare different than partitions of typeAPFS VolumeandAPFS Snapshot. This is because in APFS, containers can be expanded as if they were physical devices, and their wrapped volumes displayed as if they were volumes on a real, physical device.
In macOS,Apple_APFSalmost always represents a container, andAPFS Volumealmost always represents a single, individual volume.
Once you understand this, itâs easy to see how a Container device entry in thediskutillist can be confused for a real, physical device. Again - be careful.
Next to each device entry, youâll notice a description in parentheses to indicate if the drive is a real, physical drive or a synthesized one. So, for example, you might see(internal, physical)or(synthesized)next to a device entry.
All of this can be very confusing and lead to potential errors when using thediskutilcommand and Terminal. This is because, in some cases, itâs possible to have a virtual device entry that is actually a container on a real, physical device.
Such virtual devices will usually somewhere intheirvolume list contain the empty labelPhysical Storefollowed by the partition identifier of the partition on the real, physical device they point back to.
For example, you may see a container scheme line in a virtual device entryâs list, followed by a blank line which contains only the label âPhysical Storeâ, such as:
Physical Store disk0s2
Usually, right after that line will be listed the APFS volumes themselves, for example:
APFS Volume Untitled 460.0 KB disk3s1
This indicates that the container scheme itself points back to anApple_APFSContainer on a physical disk. And usually in these cases, aAPFS Container Schemeâs size will be identical to theApple_APFSContainer it points back to.
Tiny APFS Volume entries listed in the KB size range usually indicate the disk was newly erased with a singleemptyvolume on it. To clone into a container, you can either remove all volumes inside it or merely add your clone as a new volume into it.
Contrary to what you might think, itâs entirely possible to add a clone into the container that contains the volume macOS is currently booted into. Weâll get to this below.
Also, before you start the clone, make sure the destination has enough space to hold the full size of the entire clone. If it doesnât, the clone will fail.
This includes any recovery and boot partitions marked with âPrebootâ or âRecoveryâ if youâre cloning an entire device. You should probably allow for a little extra space in case ASR needs to move things around. A few GB should be enough.
To summarize the above example:
Probably the biggest gotcha in trying to understand all this is that theIDENTIFIERof theparentApple_APFScontainer appears in thetextof the âPhysical Storeâ label in theNAMEcolumn on the synthesized child device entry (just before its volume list).
Once you grasp that relationship, understanding APFS becomes much easier.
Donât worry if all this is confusing. APFS takes quite some time to get used to and understand. Youâll get it eventually.
The upshot of all this is that when running ASR to clone a volume, you have to be careful about which volume you target as your destination. If you make a mistake, itâs very easy to wipe out a container, which also wipes out all the volumes it references.
You can target a Container as the destination, but you have to be careful about how you do it.
Itâs easy to determine the source and destination volumes in thediskutillist by looking for the Container or volume names you want in theNAMEcolumn (such as âMacintosh HDâ, for example). But be aware itâs possible in macOS to have two volumes with identicalnames, but with a differentIDENTIFIERfor each.
Prepare for cloning
Once youâve done all of the above and verified everything, itâs time to start the clone operation. For this example, weâll assume youâre running macOS Monterey or later.
If the destination is an APFS Container and it contains the volume macOS is currently booted into, you must restart your Mac into Recovery Mode.
The steps for doing this are different if youâre using anIntelorApple SiliconMac. Apple also has aIntro to macOS Recoverypage.
This is necessary to avoid restrictions imposed by System Integrity Protection. If the destination doesnât contain the currently booted macOS volume, you can run ASR from Terminal without restarting.
Oddly, next you must make sure either FileVault or Find My Mac is enabled. This ensures Recovery Assistant will appear after a restart and ask you for an admin password.
Without this, ASR will fail.
Restart using the instructions from Apple above to boot into Recovery Mode. Once in Recovery Mode, selectUtilities->Terminalfrom the menu bar.
Once in Terminal, rundiskutil listas you did above. Note that the IDs for containers and volumes may have changed.
If the source has FileVault enabled, youâll need to unlock its data volume it with two commands in Terminal:
diskutil apfs listvolumegroups
diskutil apfs unlock
If youâre running ASR without running in Recovery Mode, youâll need to instead unlock using thediskutil apfs unlockcommand followed by the data volume. For example:
diskutil apfs unlock disk2s2
The data volume is a separate volume that resides next to the actual bootable macOS volume. So, for example, if your bootable Mac volume is named âMacintosh HDâ, youâll also see a second volume next to it named âMacintosh HD - Dataâ.
Prepare snapshots for cloning
Signed System Volumes contain asealed snapshotof the copy of macOS that is on the Startup Disk. These snapshots are used to preserve the security of the installed OS to make sure it hasnât been tampered with.
In order to use these snapshots on the destination, they must be copied over as-is. In order for ASR to make the snapshot copy, it has to know what the snapshotâs name or unique ID (UUID) is.
To get the snapshot UUID or name in Terminal, note thediskutilID of the sourceâs system volume (for example âdisk2s1â) in theIDENTIFIERcolumn with:
diskutil mount disk2s1
This forces the volume to be mounted by macOS. Note this is the volume with macOS on it - not the Data volume.
Terminal will display the mounted volume name and echo back the ID when it does.
Next run:
diskutil apfs listsnapshots disk2s1
This displays the sealed snapshotâs name and UUID on this volume. If you get an error, go back and make sure the volume or Container ID you specified matches the one containing the macOS installation.
You should see something like:
i7@i7s-Mac-mini ~ % diskutil apfs listsnapshots disk2s1
Snapshot for disk2s1 (1 found)
|
+â E3D1AF2D-7182-3217-BC82-2874219DAB48
Name: com.apple.os.update-52F3A2F592F324F6AC5DE35D538FA237771DB7715C76582E51C5C432D80587DD
XID: 42
Purgeable: No
The short string next to the "+â " is the snapshot UUID, and the longer string below it is the name. You can use either, but the UUID is easier.
You can also view the snapshot name/UUID for the source in Disk Utility from the menu bar by selectingView->Show APFS Snapshots.
Note, you must have an actual macOS volume selected in the sidebar in Disk Utility for this menu item to be enabled. Selecting the physical device or the Container wonât work.
Start the cloning operation
The command for starting the ASR cloning process is easy, but the entire command line is quite complex.
The main command is:
asr restore
There are several options and parameters that go along with it. The three most important possible options are:
You can also use theâfileoption to target a file as the destination. There are other options for skipping verification and warnings and controlling output.
Thereâs also a coolserveroption to multicast a clone over a network, but it requires theâeraseflag. ASR can also read multicast .dmg files over a network by using the asr:// protocol. But in general, asr:// isnât used much.
For a complete list of options and usage, in Terminal type:
man asrand pressReturnon your keyboard. Thereâs also anonline versionat ss64.com.
The man page has sections that discuss restoring from filesystems, snapshots, and volumes. To exit the man system in Terminal, typeControl-Zorqon your keyboard.
You can get verbose output while cloning with theâverboseandâdebugflags.
An example of the simplest clone command line might look like this:
sudo asr restore --source /Volumes/source --target /Volumes/dest
To do the same as above but also erase and destroy all data (including volumes) on the destination when cloning, also add theâeraseflag at the end of the command line before starting.
Theâeraseflag destroys all existing data on the target, so use it carefully. Itâs easy to wipe out several volumes at once inadvertently if youâre not careful.
To include the above snapshot if youâre running in Recovery Mode, also add theâtoSnapshotflag followed by a space, then the snapshot name or UUID you obtained above. This will make the destination clone look and behave exactly like your source volume.
In most cases, if you target a container and omit theâeraseflag - and if your source is a single volume, the volume will be added to the container and the other volumes will be left alone.
But again, use caution and always back up all your volumes and data first, just in case something goes wrong.
When running in Recovery Mode, you can usually omit thesudoat the start of the command because you entered an admin password when Recovery Mode started.
When ASR starts, it will prompt to ask if youâre sure unless you used theânopromptflag above. Pressyin response and pressReturn.
ASR will run several steps to execute the clone, and if everything worked, at the end youâll see the message âRestore completed successfully.â. If a clone fails, youâll need to open Disk Utility and look for a volume with âASRâ in its name and thenEraseit from the toolbar.
Again, proceed with caution. Donât accidentally erase the wrong volume.
Make the clone bootable
When a clone operation succeeds, the destination still isnât bootable. Youâll need to do a few additional steps to make it so.
After ASR runs, the destination volumes all have the same names as the originals (or one volume if you didnât clone a Container). Youâll need to rename these volumes with unique names so they donât conflict with the originals.
If more than one volume with an identical name is mounted on the Finderâs Desktop, macOS will change one of the volumesâ names silently but only in the background. The ârealâ name the filesystem sees for each volume will be different than the duplicate(s)â names shown in the Finder, which can be confusing.
Iâs best to make sure all volumes have unique names.
You can rename unlocked volume names in the Finder by clicking on theirnamesand typing new ones. Alternately, you can rename them in Disk Utility by selecting them in the sidebar, thenControl-clickingeach one and selectingRenamefrom the popup menu.
At any rate, itâs best to restart your Mac after renaming volumes to make sure the system picks up all the new names and discards any ones it may have created in the background.
Note that this renaming also has to be done for the destinationâs Data volume. For example:
might become:
Donotrename the special volumes on the clone named:
If you do, the clone may not boot.
If youâre still in Recovery Mode, youâll need to restart back into your normal installation of macOS to complete the next steps.
Once youâre back in macOS, openSystem Settings, go toGeneral->Startup Diskand set your clone as the boot volume. This causes macOS toblessthe volume for booting by setting some special flags on it.
You can now restart into the cloned volume by clicking theRestartbutton.
If you see the message âThis volume does not have any authorized users for this computerâ, clickAuthorize Usersand follow the instructions. You may need to enter an admin password several times.
You may also want to run First Aid in Disk Utility on the clone or its Container first before rebooting, just to make sure everything is ok on the destination.
If, for any reason after restarting, you canât boot from the clone and canât get back to your original Startup Disk, you can select which volume to start from by resetting your Mac and then holding down a key:
This preempts the boot process and displays a screen that gives you the option to select which volume to boot from.
Now you know how to make clones of your Startup Disk in various ways. Be careful when making clones since itâs very easy to destroy data.
Apple Software Restore isnât intended for mass deployment of macOS to multiple machines. It is possible to do so, but itâs not a good idea.
Instead, you should use Appleâs MDM technology to deploy to multiple devices at once. See themacOS Deployment Guidefor more info.
ASR can be dangerous if not used carefully. For this reason, you should only use it when youâre sure you have enough time to do a restore without rushing.
One single mistake can wipe out multiple drives at once and destroy all the data on them in an instant.
It might also be a good idea to set up a test Mac with some extra drives on it and practice before using ASR in a real-world environment. You can use inexpensive USB thumb drives as test drives, although they will be a bit slower.
Also see Appleâs technote (102655)How to reinstall macOS.