Confirmed; this is what happened to my 16" after this install. I needed to do a DFU restore (using Apple Configurator 2 -- you can download it to your hopefully spare MacBook from the app store) to get my mac back up and running. Unfortunately, for some reason, after the DFU restore, my 16" came back up to do a full reinstall, and I had to restore my files from backup.
I hope Apple doesn’t expect that everyone has a “Spare Macbook” laying around. I’ve been experiencing random system crashes when anything connects via TB3, and 3 random Kernel panics since the update.
The SSD in a T2 Mac is encrypted in the same way that an iPhone is, so if the DFU crashes hard enough you’ll have to regenerate new keys and that’s equivalent to drive zero.
No, it’s not possible to use a FileVault recovery key at this stage of repair.
It’s not failure, it’s secure by design to prevent attackers/governments from stealing your files without consent.
Under DFU brick and reset circumstances, the private key is gone, because otherwise an attacker could just upload a hacked firmware via DFU and access all your files.
I assume the installer uses a different process that performs a DFU upgrade-in-place that safely manages the handoff using signed code and such, but that’s not the process we get as a last restore described above.
If you don’t have off-device backups, you’re accepting the risk of losing all your data at any time due to any number of possible failures (software and hardware). Not much use getting upset about this specific case.
Not sure what DFU means as I'm not familiar with Mac. With any other encryption, it doesn't matter what the state of my system is. As long as I have the key, I can always decrypt it. And it's not a vulnerability. Without the key, the data is effectively inaccessible for everybody else (except maybe somebody with a quantum computer).
Took a day, but all's well now.