Bootstrap Buddy is a macOS authorization plugin created by Inetum Poland that enables MDM administrators to escrow the Bootstrap Token to an MDM server (if supported) on Mac computers that have failed to do so.
It is entirely based on Escrow Buddy from Netflix Client Systems Engineering team, so the credit goes to them.
- Managed Mac computers must:
- be enrolled in an MDM
- run macOS Ventura 13.3 or later*
- The MDM must:
- support Bootstrap Token escrow
- be capable of installing packages**
* while the authorization plugin itself requires only macOS Mojave 10.14.4 or later, Bootstrap Token validation depends on functionality introduced in macOS 13.3.
** the ability to run scripts is optional, but may be useful for deactivating, reactivating, or uninstalling the authorization plugin on demand.
-
Use your MDM to install the latest Bootstrap Buddy installer package on your Mac computers.
While you can install it on all machines, it is recommended to limit deployment to those requiring Bootstrap Token escrow.
That’s it! The next time a Volume Owner logs into the Mac, a new Bootstrap Token will be escrowed to your MDM.
See the wiki for Frequently Asked Questions and Troubleshooting resources.
If you’ve read those pages and are still having problems, please search our issues (both open and closed) to see whether your issue has already been addressed there. If not, you can open an issue.
For a faster and more focused response, be sure to provide the following in your issue:
- Log output (see wiki for information on retrieving logs)
- macOS version you’re deploying to
- MDM (name and version) you’re using
- What troubleshooting steps you’ve already taken
- Any relevant error messages or unexpected behavior observed
Contributions are welcome! To contribute, create a fork of this repository, commit and push changes to a branch of your fork, and then submit a pull request. Your changes will be reviewed by a project maintainer.
Contributions don’t have to be code; we appreciate any help maintaining our wiki or answering issues.
Bootstrap Buddy was created by Apple Business Unit at Inetum Polska Sp. z o.o.. It is however entirely based on Escrow Buddy created by the Netflix Client Systems Engineering team.
The Crypt project was a major inspiration in the creation of Escrow Buddy — huge thanks to Graham, Wes, and the Crypt team! Jeremy Baker and Tom Burgin’s 2015 PSU MacAdmins session on authorization plugins was also a valuable resource.
Escrow Buddy is licensed under the Apache License, version 2.0 and so is the Bootstrap Buddy.