APFS encryption vs FileVault

Discussion in 'macOS High Sierra (10.13)' started by lemimouth, Jun 10, 2017.

  1. lemimouth, Jun 10, 2017
    Last edited: Jun 10, 2017

    lemimouth macrumors regular

    Joined:
    Feb 14, 2015
    #1
    When I installed High Sierra I could choose between APFS or APFS (encrypted) partition type. I choose APFS.

    Then we have FileVault. At the moment I can't enable it because it greyed out. Will FileVault rely on APFS encryption (so activating FileVault will just encrypt the APFS volume with APFS encryption), or will it be an other layer on top of APFS ?
     
  2. cswifx Suspended

    cswifx

    Joined:
    Dec 15, 2016
    #2
    I suppose it's another layer? FileVault is a full-disk encryption, not sure about APFS because I haven't seen the APFS encryption yet.
     
  3. grahamperrin macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #3
    Does the grey persist after you unlock the preference pane?
     
  4. b416 macrumors newbie

    Joined:
    Jan 20, 2014
    #4
    Yes it does.
     
  5. LK LAW macrumors member

    Joined:
    May 30, 2016
    #5
    Some developer needs to shed some light on this one.
    As I understand FileVault is a part of CoreStorage. CoreStorage is being depreciated and put into maintenance mode as far as I know.
    Kind of wonder how FusionDrives are going to work then though.
    Also if APFS is encrypted on a multi key (instead of single key with FileVault) would the OS first boot basic functions via the recovery partition and then handover you when you login it'll continue the login process?

    Could someone look into this please :)
     
  6. justperry macrumors 604

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #6
    My Partition is APFS, can't enable Filevault, most likely because of APFS, I am pretty sure the
    new one is APFS encrypted.
    Wish upon install it would have asked me if I wanted APFS with or without encryption.
     
  7. yangm macrumors newbie

    yangm

    Joined:
    Apr 16, 2014
    #7
    I’m on the opposed side of the coin: I had FileVault enabled before upgrading and now I can’t turn it off:
    Screen Shot 2017-06-10 at 16.09.03.png

    By the looks of the partitions, FileVault no longer uses CoreStore, using APFS multikey encryption instead:
    Screen Shot 2017-06-10 at 16.10.59.png
     
  8. lemimouth, Jun 10, 2017
    Last edited: Jun 10, 2017

    lemimouth thread starter macrumors regular

    Joined:
    Feb 14, 2015
    #8
    I tried to install High Sierra (fresh from a usb key and reformatting the whole drive) with selecting APFS (encrypted), it asked me to create a password, but when I restarted my computer it didn't ask me to enter the password I set for encryption, as opposite as when I had FileVault enabled on my old installation and it asked the password to even start booting the OS.

    That's why I'm confused between the two (FileVault asks the password before booting but APFS encryption doesn't).

    Time to wait some more betas to enable FileVault and see what happens, then
     
  9. AVonGauss macrumors regular

    Joined:
    Oct 6, 2006
    Location:
    Boynton Beach, FL
    #9
    I believe this behavior was documented in the release notes.
     
  10. Nermal Moderator

    Nermal

    Staff Member

    Joined:
    Dec 7, 2002
    Location:
    New Zealand
    #10
    Indeed.
     
  11. grahamperrin macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #11
    Please join the discussion at APFS and Fusion Drives.

    Gentle hint: it's FileVault (l, not r). At your opening post, you can use the cog icon to edit the subject line.
     
  12. lemimouth thread starter macrumors regular

    Joined:
    Feb 14, 2015
    #12
    Oups, I must have read it wrong the first time and it stuck like this in my head :p
     
  13. LK LAW macrumors member

    Joined:
    May 30, 2016
    #13
    Great news! Does the pre-boot login window still need EFI to show the login window?
     
  14. grahamperrin macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #14
    We have a report of conversion from Core Storage-encrypted HFS, to APFS, being followed by a FileVault-related change:

    Notes and Known Issues for macOS 10.13 Build 17A264c (2017-06-06) appears to be a copy of information from Apple. I can't comment on its accuracy or completeness (I'm not enrolled with any Apple project). From that post:

    @nevheatley3 please: might that explain the apparent addition of encryption in your case?
     
  15. nevheatley3 macrumors member

    nevheatley3

    Joined:
    Nov 20, 2015
    Location:
    Manhattan, NY
    #15
    I cannot say, I'm not advanced enough to discern that. And unfortunately, I had to revert to Sierra so I cannot check anything on my end. But, it does seem plausible.
     
  16. mikecwest macrumors 6502a

    mikecwest

    Joined:
    Jul 7, 2013
    #16
    It appears you can enable it in terminal

    sudo fdesetup enable
     
  17. lemimouth thread starter macrumors regular

    Joined:
    Feb 14, 2015
    #17
    Thanks, great to know. But I'll wait until we can do it from the GUI. Maybe it's disabled at the moment for a reason
     
  18. lemimouth thread starter macrumors regular

    Joined:
    Feb 14, 2015
    #18
    Just enabled FileVault in beta 2 through the GUI. Estimated time went from initially 4 minutes to 10 seconds then more than 1 day. THAT is accurate !
     
  19. mikecwest macrumors 6502a

    mikecwest

    Joined:
    Jul 7, 2013
    #19
    in terminal it took for ever, but gave NO estimate of remaining time. In the Filevault pref pane, it said "1 minute remaining" after it finished, until the next reboot.
     
  20. lemimouth thread starter macrumors regular

    Joined:
    Feb 14, 2015
    #20
    I'll wait to see what happens. It can't seems to decide between "11 hours", "6 hours" and "more than one day". Disk Utility reports the volume as encrypted, though
     
  21. AppleComputer macrumors member

    AppleComputer

    Joined:
    Feb 16, 2012
    Location:
    Cupertino, CA
    #21
    Same here, had it enabled on sierra, stayed that way after high seirra beta installed.
     
  22. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #22
    Not being a smart-allec with this question.

    What is the point of enabling FileVault, when APFS is running and has already encrypted the SSD? APFS has better security than FileVault.
     
  23. Cinder6 macrumors 6502

    Cinder6

    Joined:
    Jul 9, 2009
    #23
    Source on APFS being more secure than FileVault 2?
     
  24. mikecwest macrumors 6502a

    mikecwest

    Joined:
    Jul 7, 2013
    #24
    I would think that FileVault 2 adds, additional security to APFS?
     
  25. grahamperrin macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #25
    As diskutil(8) does not report whether migration is complete, so I should not expect Disk Utility to report whether the encryption routine is complete.

    It's more like the other way round.

    The System Preferences interface to FileVault might evolve to take advantage of what will be possible with APFS, that could not be done with FileVault 2.

    Recall that with FileVault 1, it was easier (than with 2) to prevent an administrator from viewing your data.
     

Share This Page