RecoveryOS

recoveryOS is the recovery environment used in macOS, watchOS, tvOS and audioOS. This is not the same as the iBoot Recovery Mode available on most Apple devices, as this type of recovery environment requires the device to be plugged into a computer.

macOS
recoveryOS for macOS had its first introduction with Mac OS X Lion. At that time, Apple stopped selling Mac OS X through DVD's, and instead, they provided either USB sticks, or it could be downloaded through the Mac App Store. Apple also introduced a recovery environment, that in case a macOS installation is corrupted, it could be recovered by reinstalling macOS through the internet, without the need to reinstall macOS through a DVD. It also includes the tools that were used to be on the DVD (Terminal, Disk Utility, Startup Security Utility).

Intel based Macs (including T2 Macs)
To boot to the local recovery mode, press Command + R at the same time during bootup until you see the Apple logo. To get the latest version of macOS (Internet Recovery), press Option (Alt) + Command + R at the same time until you see a spinning globe with text "Starting Internet Recovery. This may take a while.". You may need to choose a Wi-Fi network in order to download recoveryOS. To boot to the original macOS that your computer shipped with (or the closest version available), press Shift + Option (Alt) + Command + R at the same time until you see a spinning globe with text "Starting Internet Recovery. This may take a while.". You may need to choose a Wi-Fi network in order to download recoveryOS.

Apple Silicon based Macs
Press and hold the power button. You will see text "Countinue holding for startup options...". When you see the text "Loading startup options..." you may release the power button. Then choose Options (with the picture of a cogwheel (Software Update icon)). To boot to fallback recoveryOS (AKA System Recovery) double-press and hold the power button. You will see text "Countinue holding for startup options...". When you see the text "Loading startup options..." you may release the power button. Then choose Options (with the picture of a cogwheel (Software Update icon)). The fallback recoveryOS doesn’t have the capability to change the system security state.

What's included in recovery mode
- Restore from Time Machine: restore from a Time Machine backup. - Reinstall macOS: installs macOS full OTA from gdmf.apple.com (Pallas). - Safari (minimal version, does not have the capability to play videos): User can use the internet to troubleshoot the Mac. The default home page is an HTML file which contains information about using recoveryOS. - Disk Utility: Can be used to repair the disk using First Aid or erase the disk. There are more utilities that can be accesed through the menu bar by clicking Utilities: - Startup Security Utility: On normal Intel Macs, it can be used to enable/disable the firmware password (only on regural Intel and T2 Macs). On T2/Apple Silicon Macs, you can change the security settings and the allowed boot media settings. - Share Disk (Apple Silicon Macs only): Can be used to transfer files from one computer to another. The equivalent of Target Disk mode on Intel Macs. - Terminal: Can be used for advanced troubleshooting, and it has the possiblity to enable/disable System Integrity Protection using csrutil. File -> Choose Language: Switch between languages. This does not include the hello screen, which is normaly seen in the regular Language Chooser app. Window -> Recovery Log (Command + L): view recovery log. Country flag: switch between keyboard inputs. Wi-Fi: switch between Wi-Fi networks Apple logo -> Startup Disk: choose startup disk/boot to Target Disk Mode (only on Intel).

Downloading Intel recoveryOS
The internet recoveryOS is downloaded from osrecovery.apple.com using HTTP. The recoveryOS is completely separate from macOS, and the entire contents (the recoveryOS) are stored in a disk image file named BaseSystem.dmg. There is also an associated BaseSystem.chunklist, which is used to verify the integrity of the BaseSystem.dmg. The chunklist is a series of hashes for 10 MB chunks of the BaseSystem.dmg. The UEFI firmware evaluates the signature of the chunklist file and then evaluates the hash one chunk at a time from the BaseSystem.dmg. This helps ensure that it matches the signed content present in the chunklist. If any of these hashes don’t match, booting from the local recoveryOS is aborted and the UEFI firmware attempts to boot from Internet Recovery instead. First, a session cookie is requested from osrecovery.apple.com. Then a request is made to http://osrecovery.apple.com/InstallationPayload/RecoveryImage. The request looks like this: The response looks like this: While the connection to the osrecovery.apple.com is done using HTTP, the complete downloaded contents are still integrity checked as previously described, and as such are protected against manipulation by an attacker with control of the network. In the event that an individual chunk fails integrity verification, it is re-requested from the osrecovery.apple.com 11 times, before giving up and displaying an error with the globe frozen and displaying a warning symbol with an exclamation mark with the URL support.apple.com/mac/startup (which redirects to ). If the verification is successfully completed, the UEFI firmware mounts the BaseSystem.dmg as a ramdisk (not as an update ramdisk) and launches the boot.efi file that’s in it. There’s no need for the UEFI firmware to do a specific check of the boot.efi, nor for the boot.efi to do a check of the kernel, because the completed contents of the operating system (of which these elements are only a subset) have already been integrity checked.

Mac Diagnostics
Apple discountinued Apple Hardware Test in 2012 for a newer version, called Apple Diagnostics.

Booting Intel Diagnostics
Press D on startup at the same time until you see a progress bar on the screen. To boot from the internet, press Option (alt) + D at the same time until you see a spinning globe with text "Starting Internet Recovery. This may take a while.".

Downloading Intel Diagnostics
Just like on the recoveryOS, it is also downloaded from osrecovery.apple.com using HTTP. The steps are the same as downloading recoveryOS. The only difference here is that the diagnostics request URL is http://osrecovery.apple.com/InstallationPayload/Diagnostics.

Booting Apple Silicon Diagnostics
In the startup options, press and hold Command + D at the same time untill "Loading diagnostics..." appears on the screen.

Downloading Apple Silicon Diagnostics
The diagnostics are fetched from https://diagnostics.apple.com/api/v1/ast2-companion/public/services/assets. It is fetched as a JSON request. The request looks like this: The response looks like this:

Booting to recovery mode
Double press the side button when in iBoot recovery mode.

Usage
Can update/restore an Apple Watch using an iPhone (not just the paired iPhone).

audioOS and tvOS
Currently unknown.