One of the new features Apple is including in all its new hardware is the T2 Security Chip. This piece of hardware protects Macs by enabling Secure Boot, so a tainted OS can't start and leave your system vulnerable to hackers. But it also handles a bunch of encryption and other security functions, offloading those tasks from the main processor. But, it turns out, that extra security can make cloning your Mac harder and, if done incorrectly, brick your Mac.
According to an entry on the MIT IT Knowledge Base,if you try to reinstall the operating system on a T2 mac, you must disable the “Secure Boot” feature. If you don't do this before the drive is erased, "there will be no way to install a new OS and the system will be entirely unusable until the logic board is replaced".
It's important to note this applies to either installing a new OS or if you're cloning your system from another Mac.
The T2 Security Chip is a part of all the new Macs released over the last year or so. If you are in doubt as to whether this applies to your Mac, go to the Apple menu in the top let corner of your screen and choose "About This Mac" from the menu. Click on System Report and if there's an entry for "Controller" on the left side, you have the T2 chip and this applies to you.
In order to disable Secure Boot, you need to:
- Restart your Mac in Recovery Mode by holding down Command-R until the Apple Logo appears.
- Open the "Startup Security Utility" from the Utilities menu.
- Enter your password if prompted and change the Secure Boot setting to "No Security" and allow "External Boot" if you're planning to reimage your new Mac using an image created with Carbon Copy Coloner or some similar tool.
Apple's recommended process is to use the Migration Assistant to upgrade from one Mac to another. That works well in my experience. Until my most recent Mac, I'd used the Migration Assistant to move between several different Macs over a few years. But I also like cloning my Mac periodically, just in case.
If you have a T2-enabled Mac, it's worth keeping this bit of information in your memory bank somewhere.
And, once you're done, go back into the settings and re-enable Secure Boot