I noticed something disturbing on my rMBP running 10.13.3. I have FileVault enabled because I want my data to be encrypted on disk. And that seems to be happening on my main storage area ("Macintosh HD"). Awesome. But the command line 'diskutil' is implying that other APFS areas are NOT FV encrypted. The other areas are: "preboot" (whatever that means), "Recovery" (don't care about encryption), and "VM".
The VM area includes swapfile, and sleep image files. To not have that area encrypted is a much bigger deal. It means that anything in RAM could end up in those files including sensitive data that I would like protected which is the whole reason to turn on FV in the first place.
This computer has been around a while. It was upgraded from 10.12.x where it was running HFS+ with FileVault. During the upgrade, it was automatically converted to APFS.
I wonder if FV on HPFS+ protected the sleep image and swap files with FV? I certainly thought so since everything in the filesystem was protected. Is this a change in behavior? It seems like one that isn't desired. I wonder if new 10.13.x installs with APFS have this unfortunate behavior or if it is an artifact of the upgrade conversion. Or maybe diskutil is giving misleading information.
I will put my output here, it's pretty typical for a 256GB install of High Sierra.
The VM area includes swapfile, and sleep image files. To not have that area encrypted is a much bigger deal. It means that anything in RAM could end up in those files including sensitive data that I would like protected which is the whole reason to turn on FV in the first place.
This computer has been around a while. It was upgraded from 10.12.x where it was running HFS+ with FileVault. During the upgrade, it was automatically converted to APFS.
I wonder if FV on HPFS+ protected the sleep image and swap files with FV? I certainly thought so since everything in the filesystem was protected. Is this a change in behavior? It seems like one that isn't desired. I wonder if new 10.13.x installs with APFS have this unfortunate behavior or if it is an artifact of the upgrade conversion. Or maybe diskutil is giving misleading information.
I will put my output here, it's pretty typical for a 256GB install of High Sierra.
Code:
rmbp13:~$ diskutil apfs list
APFS Container (1 found)
|
+-- Container disk1 CC7C71A4-31AA-4359-A758-216EFCxxxxxx
====================================================
APFS Container Reference: disk1
Capacity Ceiling (Size): 250140434432 B (250.1 GB)
Capacity In Use By Volumes: 216734695424 B (216.7 GB) (86.6% used)
Capacity Available: 33405739008 B (33.4 GB) (13.4% free)
|
+-< Physical Store disk0s2 5EE1EA36-1700-4E62-9186-80141Axxxxxx
| -----------------------------------------------------------
| APFS Physical Store Disk: disk0s2
| Size: 250140434432 B (250.1 GB)
|
+-> Volume disk1s1 73C3A804-B015-342A-9BB4-11A045xxxxxx
| ---------------------------------------------------
| APFS Volume Disk (Role): disk1s1 (No specific role)
| Name: Macintosh HD (Case-insensitive)
| Mount Point: /
| Capacity Consumed: 212844924928 B (212.8 GB)
| FileVault: Yes (Unlocked)
|
+-> Volume disk1s2 B5757790-54DA-43D5-BEDF-B42CC6xxxxxx
| ---------------------------------------------------
| APFS Volume Disk (Role): disk1s2 (Preboot)
| Name: Preboot (Case-insensitive)
| Mount Point: Not Mounted
| Capacity Consumed: 20254720 B (20.3 MB)
| FileVault: No
|
+-> Volume disk1s3 4B40BF32-5383-4493-9703-812DBBxxxxxx
| ---------------------------------------------------
| APFS Volume Disk (Role): disk1s3 (Recovery)
| Name: Recovery (Case-insensitve)
| Mount Point: Not Mounted
| Capacity Consumed: 509861888 B (509.9 MB)
| FileVault: No
|
+-> Volume disk1s4 B85D2E27-2189-4B20-9EB5-59C252xxxxxx
---------------------------------------------------
APFS Volume Disk (Role): disk1s4 (VM)
Name: VM (Case-insensitive)
Mount Point: /private/var/vm
Capacity Consumed: 3221340160 B (3.2 GB)
FileVault: No