Skip to content

Instantly share code, notes, and snippets.

@fschuindt

fschuindt/how_to_remove_apple_mdm_T2_macbook.md

Created June 8, 2023 12:50
Show Gist options
  • Save fschuindt/9b5ee7481f2f921e00356bd868b5cb40 to your computer and use it in GitHub Desktop.
Save fschuindt/9b5ee7481f2f921e00356bd868b5cb40 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
how_to_remove_apple_mdm_T2_macbook.md

Remove Apple MDM

Note: Apple will store Wifi passwords on the T2 chip. SSD cleaning won't make it forget the password. You have to turn the network off, or change the password on the router.

Different Paths

Start from Path 1. If you get any messages about the MDM on the first usage, start all over from the Path 2.

Path 1

  • Get into recovery mode (Cmd + r) during start up.
  • Access Disk Utility and clean up all drivers. Delete everything.
  • Restart, it will fail. (Force shutdown holding power button, then power up again)
  • Enter again in recovery mode (Cmd + r).

Path 2

  • Boot into a T2 Arch Linux live USB. (Or any other Linux, the goal is really to run dd and blkdiscard)
  • dd if=/dev/zero of=/dev/nvme0n1 bs=4096 (Should take around 10min)
  • blkdiscard /dev/nvme0n1 -f
  • Power off the computer.
  • Remove the live USB device.
  • Power on, it should display an error message asking to contact Apple support.
  • Power off the machine again.
  • Power on in recovery mode (Cmd + r).

Resume Here

  • It will now ask for a Wifi connection, provide it with one network that you can turn on/off.

  • It will now start downloading the MacOS system image from Apple (Internet recovery mode), should take around 40min.

  • It will then open in recovery mode automatically. If you are on "Path 1", choose to install MacOS. If you are on "Path 2", you need to select the Disk Utility, erase the internal device, then proceed with the MacOS install. (Installation should take around 40m)

  • When it reboot, disable the Wifi network it was connected to. (Via router or similar)

  • It will take more a few minutes, then the installation will resume. Continue as normal.

  • When it asks about Wifi connection, select "Other network options" then "My computer does not connect to the internet".

  • Continue installation.

  • When MacOS opens, after finished, turn the computer off.

  • Power on in recovery mode (Cmd + r).

  • Go to the Utilities menu, open Terminal and type: csrutil disable. This will disable SIP (System Integrity Protection).

  • Reboot the MacOS into the normal system again.

  • Open the terminal and execute:

cd /var/db/ConfigurationProfiles
rm -rf *
mkdir Settings
touch Settings/.profilesAreInstalled
  • Reboot and start in recovery mode (Cmd + r) again.
  • Go to the Utilities menu, open Terminal and type: csrutil enable. This will re-enable SIP.
  • Reboot normally into Mac OS.
  • Done.

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment