Reprinted from TidBITS by permission; reuse governed by Creative Commons license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary on Apple and Internet topics. For free email subscriptions and access to the entire TidBITS archive, visit http://www.tidbits.com/ Level 2 Clean Install of Ventura Solves Deep-Rooted Problems Adam Engst TidBITS readers have recently asked me a few times if I think macOS 13 Ventura is mature enough to install on their Macs. My short answer was, 'Yes, it's fine,' because I have been running Ventura on my M1 MacBook Air since the beta last year and have experienced no problems. The longer answer was, 'But I still haven't upgraded my iMac, and once I do, I'll write about it.' You might wonder why I don't keep my Macs in sync all the time. Even when a new version of macOS is working well, I like to keep one of my Macs on the previous release until I feel confident recommending the upgrade to everyone. Having the previous release available helps me compare behaviors or interfaces between the two and see if bugs have been fixed or introduced. (We won't speak here of the abomination that is Ventura's System Settings; it's not a reason to avoid upgrading, but it is undeniably awful.) So if you've been waiting for us to give the go-ahead, I encourage you to upgrade when convenient. As always, I recommend Joe Kissell's [1]Take Control of Ventura for upgrade help. Now here's why it took me so long. Kernel Panics and Boot Authentication Failures I wasn't been sticking with macOS 12 Monterey on my 2020 27-inch iMac because of concerns about Ventura reliability or app incompatibility. Instead, I had put off the upgrade because I wanted to perform a time-consuming clean install that I hoped would resolve two long-standing problems. First, and most notably, was a series of kernel panics that started in mid-2021 in macOS 11 Big Sur and persisted through Monterey. My iMac sometimes panicked twice a day; more commonly, a week or two would pass between panics. Several times it even worked perfectly for 2 to 4 months before succumbing to another spate of panics. (I know all this because I saved 47 panic reports manually in my BBEdit Notes window. macOS used to generate panic logs that I could access in Console. Those logs may still be created, but I can't find them.) The kernel panics almost never happened when I was sitting in front of the Mac, and once I restarted, macOS restored the state of the Mac to where I was before the panic. While extremely troubling, they weren't all that disruptive. The second problem was less frequent but equally as inexplicable. Whenever I installed a minor macOS update, the first boot afterward wouldn't have access to my keychain for some reason, so that when all my usual apps launched, I was plagued by so many authentication requests (20? 50?) that I had to fight off the dialogs and restart again. On that next restart and every subsequent one, everything was fine. (Fellow TidBITS writer Glenn Fleishman had a similar ongoing problem with privacy preferences after restarts. He wrote up [2]a nuclear solution for fixing it.) This problem has bedeviled me since at least macOS 10.13 High Sierra, and persisted through macOS 12 Monterey. I assumed it was software cruft because my workaround was to switch to an otherwise unused admin account before updating, suggesting that the problem was related to my account. However, I could never root out anything that helped, like a corrupted preference file. Could a clean install eliminate these annoyances? Levels of Clean Install When I say 'clean install,' I mean something more significant than the term generally implies. A clean install usually refers to reformatting the Mac's boot drive and installing a fresh copy of macOS before restoring apps, settings, and data from a backup. Let's call that a 'Level 1 clean install.' It's no longer particularly helpful. Since Big Sur, your Mac's drive is split into two parts, even though it still presents as a single volume in the Finder. All your data lives on one read/write volume, while all system files are locked on a separate, read-only, cryptographically signed volume called the Sealed System Volume. For security reasons, Macs don't boot directly from that volume but instead from a snapshot of the system. Since every component is signed, any file being modified or corrupted in the smallest way'as little as a single bit flipped'due to a failure of the underlying storage will cause the seal to be invalid, and macOS will refuse to boot. The same would be true if someone developed malware that could unfathomably pierce the locked volume. In other words, if anything is wrong with your installation of macOS, your Mac won't boot at all. At least that's what Apple says'I've never actually seen a Mac refuse to boot because of such a problem. My iMac never refused to boot, and it installed the upgrade from Big Sur to Monterey and numerous minor updates within each major version without complaint. Resetting NVRAM, running hardware diagnostics, unplugging USB and Thunderbolt devices, and anything else I could think of made no difference or gave any hints toward a solution. My next step was a Level 2 clean install. Given my role in the Mac world, I install a vast amount of software. In my Applications folder in Monterey, I had 236 items. Some dated back to early 2017, the last time I performed a Level 2 clean install. I don't even recognize all the apps' names! The problem is that some of these apps installed kernel extensions and other system-level components over the years, and while Apple's macOS installer tries to disable crufty old bits that could cause problems, it's not entirely effective. Here's how I perform a Level 2 clean install: * I make several backups and verify that they're good. * To get started, I boot into macOS Recovery and erase the boot drive. * Next, I install macOS, which takes a very long time. * When restoring from my backup in Setup Assistant, I select the contents of my home folder but avoid restoring applications. (These choices are controlled by checkboxes in the process when the assistant asks what you want to restore.) * When restoration is complete, I force myself to download every app and utility and install a fresh copy. In the extremely unusual situation of an app I still use no longer being available for download, I can restore it from my backup, but I try hard to replace obsolete apps. Most of the time, apps access their licenses and settings from my user account, so I can pick up using them where I left off. Installing each app fresh is tedious and cuts into my productivity for a week or two, but I appreciate the feeling of starting anew. Is there a Level 3 clean install? Yes, but it would be a major pain, and I've never done one. For a Level 3 clean install, you would erase the boot drive, install macOS, and set up a new account. You would then manually copy just your data'no settings'into your new home folder. The hard part comes next. You must enter registration codes and reconfigure each app's settings from scratch. For some apps, you'll also have to sort through your home folder's Library folder to find subfolders that contain essential data'like certain items in Application Support and your Mail folder. Don't attempt a Level 3 clean install unless a Level 2 clean install hasn't helped and you're left fighting problems that occur in only your account. Did It Work? Although it may take months before I know for certain, the Level 2 clean install has apparently stopped the kernel panics. My iMac hasn't suffered a single panic since I upgraded on 3 March 2023, while I had seven panics in the previous month. The releases of macOS 13.3 and 13.3.1 also confirmed that a Level 2 clean install resolved the problem with authentication in the first boot after installing a minor update. Both of those updates installed fine, although I had to unlock my Time Machine drive and log in to Setapp after the macOS 13.3 update. No extra authentication requests appeared after the macOS 13.3.1 update. Viva Ventura! But more to the point, you might need a Level 2 clean install to resolve some tricky problems, and others might succumb only to a Level 3 clean install. If you're battling such recalcitrant gremlins, try deeper cleaning. References 1. https://www.takecontrolbooks.com/ventura/?pt=TIDBITS 2. https://www.macworld.com/article/1378183/how-to-reset-macos-privacy-preferences-when-other-options-dont-work.html .