Apple: Difference between revisions

Line 43:

===Operating system downgrades===

It is not possible to upgrade or downgrade an iPhone, iPad, Apple TV, etc. to an Operating System (OS) version that is no longer signed by Apple. In most cases, only the most recent version is signed. Some exceptions exist, such as certain Apple TV models and Apple Silicon Macs. Downgrading the Apple TV 4K series is not possible at all due to the lack of a USB port. On Macs with T2 chip ~~or Apple Silicon~~, the user can select from three modes of secure boot:<ref>{{Cite web |title=About Startup Security Utility on a Mac with the Apple T2 Security Chip |url=https://support.apple.com/en-us/102522 |url-status=live |archive-url=https://web.archive.org/web/20250607083624/https://support.apple.com/en-us/102522 |archive-date=7 Jun 2025 |access-date=22 Jun 2025 |website=Apple}}</ref>

It is not possible to upgrade or downgrade an iPhone, iPad, Apple TV, etc. to an Operating System (OS) version that is no longer signed by Apple. In most cases, only the most recent version is signed. Some exceptions exist, such as certain Apple TV models and Apple Silicon Macs. Downgrading the Apple TV 4K series is not possible at all due to the lack of a USB port. On Macs with a T2 chip, the user can select from three modes of secure boot:<ref>{{Cite web |title=About Startup Security Utility on a Mac with the Apple T2 Security Chip |url=https://support.apple.com/en-us/102522 |url-status=live |archive-url=https://web.archive.org/web/20250607083624/https://support.apple.com/en-us/102522 |archive-date=7 Jun 2025 |access-date=22 Jun 2025 |website=Apple}}</ref>

*No ~~security~~: Allow any OS to run (same as turning off secure boot on a PC).

*No Security: Allow any OS to run (same as turning off secure boot on a PC).

*Medium ~~security~~: Allow any OS that is signed with a secure boot certificate (default, same as turning on secure boot on a PC).

*Medium Security: Allow any OS that is signed with a secure boot certificate (default, same as turning on secure boot on a PC).

*Full ~~security~~: Only allow the latest version of macOS, do not allow any other OS.

*Full Security: Only allow the latest version of macOS, do not allow any other OS.

iOS devices only support ~~full security~~ mode. The device checks for a cryptographic "ticket,"<ref>{{Cite web |date=2024-11-20 |title=APTicket |url=https://theapplewiki.com/wiki/APTicket |url-status=live |archive-url=https://archive.ph/jTHEl |archive-date=2025-10-26 |access-date=2025-10-26 |website=theapplewiki.com}}</ref> which are tied to the OS version and CPU serial number. These are provided by a server, which only provides them for the latest version (with very specific exceptions). The device refuses to boot if the ticket does not match. Workarounds exist, but with major caveats that are not viable for most users,<ref>{{Cite web |date=2021-09-27 |title=Firmware rendering |url=https://theapplewiki.com/wiki/Firmware_downgrading |url-status=live |archive-url=https://archive.ph/wip/uT2aI |archive-date=2025-10-26 |access-date=2025-10-26 |website=theapplewiki.com}}</ref> see the technical details on [[wikipedia:SHSH_blob|SHSH blobs]].

On Macs with Apple Silicon, the user can select from two modes of secure boot:

* Permissive Security: Accessible only via recovery Terminal tools (and still enforces Apple’s secure chain for much of the boot). This is the lowest available security policy on Apple silicon but does not remove secure boot entirely in the way “No Security” used to.

* Reduced Security: Allows booting older versions of macOS trusted by Apple but still enforces signed OS policy.

* Full Security: Only the currently signed macOS version trusted by Apple can boot.

iOS devices only support Full Security mode. The device checks for a cryptographic "ticket,"<ref>{{Cite web |date=2024-11-20 |title=APTicket |url=https://theapplewiki.com/wiki/APTicket |url-status=live |archive-url=https://archive.ph/jTHEl |archive-date=2025-10-26 |access-date=2025-10-26 |website=theapplewiki.com}}</ref> which are tied to the OS version and CPU serial number. These are provided by a server, which only provides them for the latest version (with very specific exceptions). The device refuses to boot if the ticket does not match. Workarounds exist, but with major caveats that are not viable for most users,<ref>{{Cite web |date=2021-09-27 |title=Firmware rendering |url=https://theapplewiki.com/wiki/Firmware_downgrading |url-status=live |archive-url=https://archive.ph/wip/uT2aI |archive-date=2025-10-26 |access-date=2025-10-26 |website=theapplewiki.com}}</ref> see the technical details on [[wikipedia:SHSH_blob|SHSH blobs]].

===Class action lawsuit===

@@ Line 43: / Line 43: @@
 ===Operating system downgrades===
-It is not possible to upgrade or downgrade an iPhone, iPad, Apple TV, etc. to an Operating System (OS) version that is no longer signed by Apple. In most cases, only the most recent version is signed. Some exceptions exist, such as certain Apple TV models and Apple Silicon Macs. Downgrading the Apple TV 4K series is not possible at all due to the lack of a USB port. On Macs with T2 chip or Apple Silicon, the user can select from three modes of secure boot:<ref>{{Cite web |title=About Startup Security Utility on a Mac with the Apple T2 Security Chip |url=https://support.apple.com/en-us/102522 |url-status=live |archive-url=https://web.archive.org/web/20250607083624/https://support.apple.com/en-us/102522 |archive-date=7 Jun 2025 |access-date=22 Jun 2025 |website=Apple}}</ref>
+It is not possible to upgrade or downgrade an iPhone, iPad, Apple TV, etc. to an Operating System (OS) version that is no longer signed by Apple. In most cases, only the most recent version is signed. Some exceptions exist, such as certain Apple TV models and Apple Silicon Macs. Downgrading the Apple TV 4K series is not possible at all due to the lack of a USB port. On Macs with a T2 chip, the user can select from three modes of secure boot:<ref>{{Cite web |title=About Startup Security Utility on a Mac with the Apple T2 Security Chip |url=https://support.apple.com/en-us/102522 |url-status=live |archive-url=https://web.archive.org/web/20250607083624/https://support.apple.com/en-us/102522 |archive-date=7 Jun 2025 |access-date=22 Jun 2025 |website=Apple}}</ref>
-*No security: Allow any OS to run (same as turning off secure boot on a PC).
+*No Security: Allow any OS to run (same as turning off secure boot on a PC).
-*Medium security: Allow any OS that is signed with a secure boot certificate (default, same as turning on secure boot on a PC).
+*Medium Security: Allow any OS that is signed with a secure boot certificate (default, same as turning on secure boot on a PC).
-*Full security: Only allow the latest version of macOS, do not allow any other OS.
+*Full Security: Only allow the latest version of macOS, do not allow any other OS.
-iOS devices only support full security mode. The device checks for a cryptographic "ticket,"<ref>{{Cite web |date=2024-11-20 |title=APTicket |url=https://theapplewiki.com/wiki/APTicket |url-status=live |archive-url=https://archive.ph/jTHEl |archive-date=2025-10-26 |access-date=2025-10-26 |website=theapplewiki.com}}</ref> which are tied to the OS version and CPU serial number. These are provided by a server, which only provides them for the latest version (with very specific exceptions). The device refuses to boot if the ticket does not match. Workarounds exist, but with major caveats that are not viable for most users,<ref>{{Cite web |date=2021-09-27 |title=Firmware rendering |url=https://theapplewiki.com/wiki/Firmware_downgrading |url-status=live |archive-url=https://archive.ph/wip/uT2aI |archive-date=2025-10-26 |access-date=2025-10-26 |website=theapplewiki.com}}</ref> see the technical details on [[wikipedia:SHSH_blob|SHSH blobs]].
+On Macs with Apple Silicon, the user can select from two modes of secure boot:
+* Permissive Security: Accessible only via recovery Terminal tools (and still enforces Apple’s secure chain for much of the boot). This is the lowest available security policy on Apple silicon but does not remove secure boot entirely in the way “No Security” used to.
+* Reduced Security: Allows booting older versions of macOS trusted by Apple but still enforces signed OS policy.
+* Full Security: Only the currently signed macOS version trusted by Apple can boot.
+iOS devices only support Full Security mode. The device checks for a cryptographic "ticket,"<ref>{{Cite web |date=2024-11-20 |title=APTicket |url=https://theapplewiki.com/wiki/APTicket |url-status=live |archive-url=https://archive.ph/jTHEl |archive-date=2025-10-26 |access-date=2025-10-26 |website=theapplewiki.com}}</ref> which are tied to the OS version and CPU serial number. These are provided by a server, which only provides them for the latest version (with very specific exceptions). The device refuses to boot if the ticket does not match. Workarounds exist, but with major caveats that are not viable for most users,<ref>{{Cite web |date=2021-09-27 |title=Firmware rendering |url=https://theapplewiki.com/wiki/Firmware_downgrading |url-status=live |archive-url=https://archive.ph/wip/uT2aI |archive-date=2025-10-26 |access-date=2025-10-26 |website=theapplewiki.com}}</ref> see the technical details on [[wikipedia:SHSH_blob|SHSH blobs]].
 ===Class action lawsuit===