The Mac Admins’ Guide to Apple Silicon
Apple made a big announcement in June that they’re transitioning the Mac to Apple Silicon. This move will boost performance and introduce a lot of new and redesigned features to macOS Big Sur. In this guide, we’re going to catalog those changes and briefly discuss their implications for mobile device management (MDM) in Big Sur.
Here’s a quick overview of the topics we’ll cover:
- What’s Apple Silicon?
- A Primer on the Apple Silicon Mac
- The Biggest Changes Apple Silicon Brings to Mac
If you want to learn more about all the other new features coming with Big Sur, read our guide: macOS Big Sur & MDM: The Comprehensive Guide for Mac Admins.
What’s Apple Silicon?
Apple Silicon is an umbrella term that refers to the new system architecture that the latest Mac computers will use. This includes Apple’s System-on-Chip (SoC) architecture and frameworks such as Metal and Accelerate.
Together, these new components can boost the performance of a Mac by leveraging unified memory for CPU and GPU tasks. Apple Silicon will also make new boot and security features possible, as we’ll explore later in this guide.
Apple stated in their press release that this transition will establish a common architecture across all Apple products, which will make it easier to develop and optimize apps for the full Apple ecosystem. The release also stated that macOS Big Sur comes with new features that will make the transition to Apple Silicon as smooth as possible.
For over a decade, other Apple devices like iPhone, iPad, and Apple Watch leveraged custom SoCs to optimize performance per watt. Now that the Mac is transitioning to Apple Silicon, it will increase GPU performance, increase cross-platform compatibility, optimize performance per watt, and give the Mac access to new features like Neural Engine.
The first Mac with Apple Silicon will ship at the end of 2020, and Apple expects to complete the transition within two years.
A Primer on the Apple Silicon Mac
Before discussing some of the most significant changes that Apple Silicon is bringing to the Mac, let’s see what makes it different from the previous Intel-based models.
Apple Silicon Leverages Custom SoCs
Previous Mac computers used an Intel-based architecture that often included a multicore CPU and a discrete GPU. Some of the most recent models also had a T2 chip. On these discrete GPU devices, memory was stored separately for the CPU and GPU.
Apple Silicon combines all of these components into an SoC. This gives the system a unified memory architecture, which lets the GPU and CPU share memory and graphic resources without copying data across a PCIe bus.
This makes the Mac more powerful and energy-efficient, and it lets users access technologies developed for iPhone and iPad.
Apple Silicon Mac Switches to arm64 Native Architecture
The native architecture of the Intel-based Mac was x86_64. Now that Apple Silicon is leveraging Apple’s custom SoCs, Mac is moving to arm64. This is the same architecture that the iPhone uses.
Even though the Apple Silicon Mac uses a different architecture than the Intel-based model, it can still support apps built for x86_64. This is accomplished by Rosetta, a translator that can run a variety of x86_64 apps, such as macOS apps, Catalyst apps, games, and more complicated apps such as web browsers with embedded just-in-time (JIT) compilers.
Rosetta starts to work right when an app begins installation. At this point, Rosetta begins a JIT translation of all the executable code in the app. When the app is launched, this translation is loaded, and Rosetta runs a full x86_64 emulation.
Everything should work right out of the box, but if developers need to debug or profile their apps, they can build and run translated apps directly from Xcode 12. If an app doesn’t have portability issues, this can be completed with the click of a button. For more information on this, you can read Apple’s extensive developer documentation on Apple Silicon.
Asymmetric Multiprocessing Boosts Performance
Another big difference is Apple Silicon’s use of asymmetric multiprocessing. The Intel-based Mac used a powerful multicore CPU in which all of the processors had similar performance.
However, Apple Silicon uses a mix of performance cores to distinguish applications that require maximum performance from those that can use more power-efficient cores. This optimizes the efficiency of the Mac.
The Biggest Changes Apple Silicon Brings to Mac
The transition to Apple Silicon is bringing plenty of new features and capabilities to the Mac. From increased compatibility with the Apple ecosystem to revamped login experiences and recovery features, there’s a lot to look forward to. In this section, we’ll take a look at some of the biggest changes coming to Mac.
Mac Can Now Run iOS Apps
As we mentioned earlier, the Apple Silicon Mac uses arm64 as its native architecture. Since this is the same architecture as the iPhone, the latest Mac hardware is also capable of running iOS apps.
According to Apple’s developer documentation, apps that were built for iOS won’t need to undergo any changes to be compatible with the Apple Silicon Mac. Since the apps will use the same frameworks and infrastructures, there’s no porting process to get an iOS app onto Mac. However, developers can still use Mac Catalyst to modify iOS apps specifically for the Mac.
Apple has also stated that future updates to macOS and MDM will enable delivery of iOS apps to Mac. This will open up the entire iOS App Store to Mac users, and in terms of MDM, it could bring popular business apps without macOS equivalents to managed Mac computers.
Apple Silicon Brings a New Login Experience to Mac
The Apple Silicon Mac is debuting a new unified login experience, complete with a revamped user interface, accelerated graphics, and new features. Previously, macOS wouldn’t boot until the user got to the FileVault authentication window. However, using the new login experience, macOS can be fully booted without requiring the user to unlock the system.
Image source: developer.apple.com
This update makes it possible to display a set of username and password fields instead of a list of users. Login accessibility can also be increased by adding support for VoiceOver.
The new login experience also has built-in support for CCID and PIV SmartCard authentication for FileVault. Previously, if users wanted to use a SmartCard to log in, they would need to type in their FileVault password and submit a SmartCard.
This required disabling pass-through authentication and completing user authentication at the FileVault pre-boot window. With pass-through authentication disabled, the user password would not be passed back to the macOS Login Window from the FileVault authentication window, allowing the user to then submit a SmartCard to the macOS Login Window to log in to the Mac.
The new login experience streamlines this process, so users no longer need to enter their FileVault credentials and submit a SmartCard.
macOS Recovery Has Been Redesigned
On the Intel-based Mac, accessing specific macOS Recovery features at start-up requires unique key combinations. This is changing on the Apple Silicon Mac.
Image source: developer.apple.com
Using the redesigned macOS Recovery, you no longer need to enter specific key combinations to access start-up features. You can simply hold down the Touch ID or power button at start-up. This will bring you to the new start-up options interface, where you can access features and tools by using the interface or shortcut keys.
Apple has also introduced a new recovery feature. On the Intel-based Mac, if macOS Recovery is not accessible, you can reinstall macOS using the Internet Recovery feature. On the Apple Silicon Mac, you can use a new feature called System Recovery.
System Recovery is a minimal macOS environment that lets you reinstall macOS and macOS Recovery. In the event that System Recovery is not functional, recovery can be achieved via Apple Configurator 2. This method lets you erase and install macOS and System Recovery.
The redesigned macOS Recovery and support for restores via Apple Configurator 2 will help IT streamline large-scale return to service operations, and because it’s the same operation that’s used for the iPhone, IT can cut back on necessary devices and resources.
Target Disk Mode Deprecated, Mac Sharing Mode Introduced
On the Intel-based Mac, users could transfer files between two Mac computers using target disk mode. This required connecting each Mac together via FireWire or Thunderbolt ports so that one would appear as an external hard disk on the other. This made it possible to drag files from one Mac onto another. This feature has been deprecated.
Image source: developer.apple.com
For the Apple Silicon Mac, Target Disk Mode will be replaced by a new macOS Recovery feature called Mac Sharing Mode. Much like Target Disk Mode, this feature lets users transfer files from one Mac to another. However, instead of treating the other Mac as an external hard disk, Mac Sharing Mode will turn the other Mac into an SMB (Server Message Block) network file share.
This will let you transfer files between the Mac computers. If the Mac has already been set up, the user will need authentication from a local administrator to begin using Mac Sharing Mode.
MDM Now Requires a Bootstrap Token
For the Apple Silicon Mac running on macOS Big Sur, Bootstrap Tokens will be required to manage Kernel Extensions (KEXTS) and software updates via MDM. This feature will be automatically enabled for devices enrolled via Automated Device Enrollment. However, for manually enrolled supervised devices, it must be enabled by booting into macOS Recovery and modifying the security options.
Even if you already have Bootstrap Token, the feature can only be enabled for devices enrolled through Automated Device Enrollment. Since MDM requires SecureToken to manage these features, we can infer that local users will need a SecureToken to enable them as well. For a deeper dive into Bootstrap Token and SecureToken, you can read our guide to Bootstrap Token and macOS Big Sur.
About Kandji
The transition to Apple Silicon is bringing a lot of exciting changes to the Mac, and the entire Kandji team is excited to build out support for the latest MDM capabilities. With powerful features like zero-touch deployment, one-click compliance, and offline remediation, Kandji has everything you need to enroll, configure, and secure your devices.
See Kandji in Action
Experience Apple device management and security that actually gives you back your time.
See Kandji in Action
Experience Apple device management and security that actually gives you back your time.