Ventura docs for M2 Macs in this comment: https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd?permalink_comment_id=4555340#gistcomment-4555340
Old Monterey docs in this old revision: https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd/32c410e3a1de73539c76fa13ea5486569c4e0c5d
Solution for Sonoma: https://gist.github.com/sghiassy/a3927405cf4ffe81242f4ecb01c382ac
You just press enter.
I’m not at the context for now, sorry, but just in case: you won’t be able to change Local Boot Policy until some admin have obtained Secure Token / became owner of the volume (usually those come together)
It’s granted when:
Upon the first (ever, since the system install) admin user is created. The token is then derived from one-time kind of nonce Secure Enclave stores for that purpose
Every user which is created by secure token-owner, via GUI is granted the token either.
using
sysadminctl
with “secure token unlock” grants the token to the newly created user; since Ventura AFAIK, if FV is enabled, explicit unlock might not be needed.the fact that
_mbsetupuser
is the disk owner looks like result of tampering, which I used my own trying to grant it Secure Token before everyone else. To my best knowledge, it doesn’t work reliable in last Monterey releases and in Ventura:Having done
In the absence of other users, will make
_mbsetupuser
disk owner and lead to the prompt you see.but likely the token won’t be granted so the system won’t be able to provision any user who would have had the token.
howeber, if instead of
_mbsetupuser
you create first user likewise, it will be granted token. But volume personalisation would have been needed to be initialised with the use of internet connection; AND it won’t work at all in Ventura at least, making you unable to boot from the volume.in Monterey however this hack would allow to create user without any involvement of
_mbsetupuser