Clear all

Startup Security Utility missing options


Topic starter

Helping someone set up a brand new MacBook Pro 2019 running the latest Catalina.  Would like to enable the ability to boot externally.  When we boot into Recovery Mode and open the Startup Security Utility, it only gives us the ability to set a firmware password (which is not set).  The options below for level of security and external boot are not present, as I've seen on other T2 Macs.  The System Report reports (under Controller) that a T2 chip is present. 

Did Apple change something in later Catalina versions or Security updates that prevents the ability to turn on External booting?

In case it matters, in reading articles about Startup Security, it seems that normal behavior is to ask for the admin password of one of the user accounts, but I'm never seeing that prompt?  If that's what's missing, how do I get it to authenticate with an Admin while in Recovery Mode?

4 Answers

About Startup Security Utility

Yes this and other articles is what I was referring to…the first screenshot on a 'normal' system shows the information below the firmware password. On this Mac that I'm looking at, that bottom section is missing. How do I get it to show that bottom section?


I’d try internet recovery mode. I recently had to rebuild a 2019 MBA and the onboard recovery mode gave me various problems until I did a full restore via internet recovery. 

I did a full reinstall via internet recovery - reformatted the hard drive back to square 1 in the process, but after all that, still only have the "firmware" option to change in Startup Security Utility.


I think you need to disable System Integrity Protection.

Will try since the reformat/reinstall didn't work, but it seems odd to change the SIP setting for the OS on the internal drive, to allow External booting. Also, I've not needed to disable SIP on other T2 laptops, in order to enable external booting (and changing the security to medium). But I will let you know, nonetheless.

Topic starter

Completely my bad. Confirmation bias at work.  I was *told* this was a 2019 MBPro.  When I looked at System Report > Controller, I swear I *saw* T2.   But now when I just double checked, it's a 2017 MBPro with a T1 chip.  No wonder.