Oddly, though, CCC, Disk Utility, and Terminal all agreed that his HFS+ volume was now an APFS Encrypted volume. This is an easy way to enable encryption on a volume: plug in a password, verify, add a hint, done! There's no OS on it, so he simply right-clicked on the volume in the Finder and chose the option to encrypt it: He had an HFS+ formatted 16TB RAID device, and had always intended to enable encryption on that volume. More proof that "FileVault" is just a nice name for the filesystem encryption underneath.One of our users made a startling discovery this week after upgrading to High Sierra. Now, APFS has the ability to do what CoreStorage did without the extra layer, so FileVault is just APFS Encrypted + Directory Services, and formatting a drive "APFS Encrypted" means "use Full Disk Encryption on this drive." If it's the boot volume, there's a prefpane to manage it, and you use your user password as the disk password, but that's it - no drive formatted as either APFS or HFS+ Encrypted can be read without the password, whether that was enabled throuh the FileVault prefpane or not.įun fact - if you format the boot drive as HFS+ Encrypted, or APFS Encrypted, before you do a brand new fresh and clean OS install, the Mac will still boot up and work just fine, though it shows the ugly "Disk Password" icon instead of a user profile pic, and you'll have to log in twice - once with the disk password and again with the user password.
In the "old days," FileVault was CoreStorage encryption + HFS+ + Directory Services.
It worked the same way it converted (or formatted, if it was a new disk) the disk to a CoreStorage logical volume, encrypted that, and then the filesystem inside (HFS+) was none the wiser. Technically, FileVault is only for the boot volume, since it integrates with Directory Services to allow the user password to also be the disk ecnryption password, but even still, one could format an internal or external disk with "MacOS Extended, Journaled, Encrypted" or use the diskutil command in Terminal, to create an encrypted HFS+ disk. Pre High Sierra, that FDE was implemented as Core Storage, which is a Logical Volume Manager, essentially a container, that HFS+ was inside of. I realize I'm a little late to this party, but, the easiest way to think about it is this:Įvery time you see "FileVault 2," substitute "Full Disk Encryption" instead, since that's Apple's marketing name for it.
0 kommentar(er)
