Behavior of macOS After Toggling Secure Boot on T2 Chip: Does It Remember the ECID?

macos dual-boot external-disk secure-boot t2

Solution 1:

Yes, the T2 always "remembers" its unique ID (ECID) even if you turn Full Security off and on again. It is never discarded.

However, this is really not the question you would like to be asking:

The ECID is burned into the T2 chip and cannot change. The actual signature file created when the operating system is installed is stored on your disk drive as an im4m file. A valid signature can only be signed by Apple, and it contains the ECID from your T2 chip, limiting its validity to your specific computer.

The real question you want to ask is if those signature files are retained when turning off Full Security - and the answer is yes, they definitely are.

Every time you have a new signature created (for example when installing a new OS), the system creates a new, uniquely named im4m file on your drive. The old ones are not deleted.

When you disable "Full Security" and set it to "No Security", then the T2 chip stops checking the validity of the signatures in those im4m files. It doesn't discard them, delete them or anything of the sort.

Related

Deleted symlink to /etc and now missing sudoers
2013 Macbook Pro - hard drive always full!
How to free up storage space associated with "System" on macbook pro mojave OS? [duplicate]
I need to swap a colour with transparency
What are some of the functionalities I can turn off to speed up an old Apple Watch?
Custom notification size on iPhone
MAMP Pro license record
How can I restore an Application state from a cloned system?
Catalina not allowing me to read-write from remote host? How to fix?
Way to utilize iCloud shared album externally
Is it possible to use MacPorts without Xcode or Apple ID?
How to remove metadata from image files using AppleScript?