Bootstrap Buddy is a macOS authorization plugin created by Inetum Poland that enables MDM administrators to escrow the Bootstrap Token to an MDM server (if supported) on Mac computers that have failed to do so.
It is entirely based on Escrow Buddy from Netflix Client Systems Engineering team, so the credit goes to them.
- Managed Mac computers must:
- be enrolled in an MDM
- run macOS Ventura 13.3 or later1
- The MDM must:
- support Bootstrap Token escrow
- be capable of installing packages2
Use your MDM to install the latest Bootstrap Buddy installer package on your Mac computers. And that’s it! The next time a Volume Owner logs into the Mac, a new Bootstrap Token will be escrowed to your MDM server.
Important
While you can install it on all machines, it is recommended to limit deployment to those requiring Bootstrap Token escrow/fix.
See the wiki for Frequently Asked Questions and Troubleshooting resources.
If you’ve read those pages and are still having problems, please search our issues (both open and closed) to see whether your issue has already been addressed there. If not, you can open an issue.
For a faster and more focused response, be sure to provide the following in your issue:
- Log output (see wiki for information on retrieving logs)
- macOS version you’re deploying to
- MDM (name and version) you’re using
- What troubleshooting steps you’ve already taken
- Any relevant error messages or unexpected behavior observed
Contributions are welcome! To contribute, create a fork of this repository, commit and push changes to a branch of your fork, and then submit a pull request. Your changes will be reviewed by a project maintainer.
Contributions don’t have to be code; we appreciate any help maintaining our wiki or answering issues.
Bootstrap Buddy was created by Apple Business Unit at Inetum Polska Sp. z o.o.
It is however entirely based on Escrow Buddy created by the Netflix Client Systems Engineering team.
Local method of validating escrowed bootstrap token by verifying eligibility to perform Erase All Content and Settings is based on the feature introduced in v. 3.0b11 of the S.U.P.E.R.M.A.N. script by Kevin M. White, to whom the credit is due.
The Crypt project was a major inspiration in the creation of Escrow Buddy — huge thanks to Graham, Wes, and the Crypt team! Jeremy Baker and Tom Burgin’s 2015 PSU MacAdmins session on authorization plugins was also a valuable resource.
Escrow Buddy is licensed under the Apache License, version 2.0 and so is the Bootstrap Buddy.
Footnotes
-
While the authorization plugin itself requires only macOS Mojave 10.14.4 or later, Bootstrap Token validation depends on functionality introduced in macOS 13.3. ↩
-
MDM server’s ability to run scripts is optional, but may be useful for deactivating, reactivating, or uninstalling the authorization plugin on demand. ↩