Ap­ple File Sys­tem FAQ: How APFS works with older Macs, en­cryp­tion, ex­ter­nal drives, and more

Macworld (USA) - - Contents - BY GLENN FLEISHMAN

With the re­lease of macos High Sierra and its up­grade for Ssd-based startup vol­umes to Ap­ple File Sys­tem (APFS), Mac­world read­ers had many ques­tions about how this new IM­AGE: filesys­tem—more ef­fi­cient and re­li­able for Ssds—will in­ter­act with older Macs, hard drives, net­worked file­shar­ing, and more. Here are the an­swers.

Many ques­tions re­volve around a con­cern that files stored on an APFS-

for­mat­ted vol­ume won’t be read­able or us­able else­where. Gen­er­ally, a filesys­tem struc­ture only af­fects the way in which doc­u­ments are stored on a drive. When the files are re­trieved, they’re in­de­pen­dent of that for­mat and can han­dle just as they would in any other case, like down­load­ing a file from a web­site.

CAN I OPT TO NOT IN­STALL APFS?

No. It’s manda­tory on SSDS when you up­grade to High Sierra. Fu­sion drive sup­port (Ap­ple’s hy­brid SSD and HDD combo) is com­ing and, we as­sume, manda­tory with the up­grade that car­ries it.

IS APFS A REA­SON TO AVOID UP­GRAD­ING TO HIGH SIERRA FOR NOW?

Opin­ions vary. It’s an en­tirely new filesys­tem if you have an SSD startup drive, and I gen­er­ally rec­om­mend most peo­ple wait un­til there’s a “dot” re­lease, in this case 10.13.1 or even 10.13.2, to en­sure any glitches found by early adopters are fixed with­out your liv­ing through the ex­pe­ri­ence. (Since some games and soft­ware, like Adobe In­de­sign [ go. mac­world.com/adin], aren’t work­ing cor­rectly with High Sierra at the mo­ment, that’s an­other rea­son to de­lay.)

ONCE HIGH SIERRA UP­GRADES MY STARTUP VOL­UME APFS, CAN I RE­VERT TO HFS+?

A reader hav­ing prob­lems af­ter up­grad­ing to High Sierra won­ders if APFS is the prob­lem and, if so, can they re­vert? You can’t: High Sierra doesn’t have a back-out mech­a­nism. You should make a clone (see next en­try) if you want to have the op­tion to re­vert back to Sierra. This will re­quire wip­ing the drive, re­for­mat­ting it, and then restor­ing the clone.

CAN I USE CLONING SOFT­WARE TO BACK UP MY DRIVE?

Yes, but with pro­vi­sos. Folks who de­velop cloning soft­ware for macos are on the front lines of cop­ing with these changes. Dave Na­nian of Shirt Pocket, mak­ers of Su­perduper, has a beta re­lease out (free to ex­ist­ing own­ers) that sup­ports APFS vol­umes, but on his blog he ad­vises gen­eral users against

If you clone your drive rou­tinely, make a full clone be­fore you up­grade, be­cause oth­er­wise you won’t be able to re­vert on an APFS drive to a pre­vi­ous sys­tem that uses HFS+.

up­grad­ing yet ( go.mac­world.com/shpo). Bom­bich’s Car­bon Copy Cloner ( go. mac­world.com/cacc), the other pop­u­lar drive cloning app, has a re­lease ver­sion that sup­ports APFS, but notes (as Shirt Pocket does) that Ap­ple has left some fea­tures un­doc­u­mented, and has a long list of re­sources to read be­fore up­grad­ing.

If you clone your drive rou­tinely, make a full clone be­fore you up­grade, be­cause oth­er­wise you won’t be able to re­vert on an APFS drive to a pre­vi­ous sys­tem that uses HFS+. It also gives you a clean re­vert po­si­tion in case of an up­grade fail­ure.

You should also up­grade your clone tar­get to APFS for rea­sons of like-to-like com­pat­i­bil­ity, and if you want to have a bootable High Sierra vol­ume. It’s not manda­tory, but it’s a good idea. (See be­low on con­vert­ing ex­ter­nal drives.)

I would ad­vise peo­ple who rely on clones as one leg of their backup process— some­thing I strongly rec­om­mend—to de­lay up­grad­ing to High Sierra un­til both ma­jor clone-soft­ware com­pa­nies ex­press sat­is­fac­tion with the state of doc­u­men­ta­tion and sta­bil­ity on their blogs.

HOW DO I MOVE DATA FROM AN APFS VOL­UME TO A NON‑APFS VOL­UME OR AN OLDER MAC?

You’ve got many, many choices:

> At­tach an HFS+ (or other sup­ported for­mat) ex­ter­nal drive to your Mac, and

copy files to that drive. Eject that drive and move it to the other Mac.

> Turn file­shar­ing on for your High Sierra Mac, and mount it as a vol­ume on the older Mac.

> Use Air­drop. (It some­times works!)

> Use Drop­box, SFTP, SMB, email, or any other net­worked file trans­mis­sion tech­nol­ogy to mount a re­mote vol­ume, sync with a di­rec­tory, or send a file or files. (APFS drives ap­par­ently can’t be shared over the now-out­dated Ap­ple Fil­ing Pro­to­col.)

WILL AP­PLE STOP SUP­PORT­ING HFS+?

Not for many years, be­cause of the tens of mil­lions of sys­tems out there. It would be fool­hardy and it’s un­nec­es­sary. It will likely pro­vide more and more rea­sons in fu­ture re­leases for ex­ter­nal drives to move to APFS, like re­quir­ing APFS drives for Time Ma­chine. But I can’t imag­ine that HFS+ will be un­mount­able in macos any­time in the next three years, and it will very likely re­main pos­si­ble for years af­ter that—al­though Ap­ple could only sup­port read-only HFS+ mount­ing at that point. Ef­fec­tively, Ap­ple would want the large ma­jor­ity of Macs in use to be ca­pa­ble of be­ing up­graded to at least Sierra, which can read and write APFS vol­umes, be­fore it stopped in­clud­ing read/write HFS+ sup­port.

SHOULD I UP­GRADE MY EX­TER­NAL VOL­UMES TO APFS?

You can up­grade ex­ter­nal drives that use ei­ther SSDS or hard drives, but not Fu­sion drives. How­ever, there are no ad­van­tages for hard drives, so I would rec­om­mend against it.

If you have an ex­ter­nal SSD that is only used for stor­age, the ad­van­tage is likely not high enough to give up com­pat­i­bil­ity if you ever think you would want to re­move that ex­ter­nal SSD and use it with a preSierra Mac. See our in­struc­tions on us­ing Disk Utility to up­grade an ex­ter­nal SSD ( go.mac­world.com/xssd).

There’s also some con­cern with how High Sierra’s ini­tial re­lease han­dles ex­ter­nal drives that have en­cryp­tion en­abled ( go.mac­world.com/enen), a

fea­ture that’s sep­a­rate from Fil­e­vault, which only en­crypts the startup vol­ume.

Ap­par­ently, an un­ex­pected be­hav­ior in this first re­lease is that us­ing the Fin­der-based op­tion to en­crypt a mounted phys­i­cal drive con­verts HFS+ drives to APFS with­out warn­ing.

SHOULD I

TURN ON

EN­CRYP­TION ON AN EX­TER­NAL HFS+ DRIVE IN HIGH SIERRA?

No! Ap­par­ently, an un­ex­pected be­hav­ior in this first re­lease is that us­ing the Fin­der­based op­tion to en­crypt a mounted phys­i­cal drive con­verts HFS+ drives to APFS with­out warn­ing. (That’s when you se­lect a vol­ume, right-click, and choose En­crypt Drive­name.)

CAN I MOUNT AN APFS VOL­UME ON A MAC RUN­NING AN OLDER VER­SION OF macos THAN HIGH SIERRA?

Only Sierra, which can read and write APFS vol­umes. While Ap­ple says in its APFS FAQ ( go.mac­world.com/sfpa), “For ex­am­ple, a USB stor­age de­vice for­mat­ted as APFS can be read by a Mac us­ing High Sierra, but not by a Mac us­ing Sierra or ear­lier,” this seems in­cor­rect, as we’d heard from other Mac ex­perts that Sierra could. We tested with a Usb-con­nected SSD drive, and we can read and write to an APFS par­ti­tion.

One reader asked if Ap­ple might re­lease a com­pat­i­bil­ity up­grade for pre-sierra OS X and macos re­leases to al­low them to mount APFS ex­ter­nally. My de­fin­i­tive an­swer is also no (though I don’t know Ap­ple’s mind). APFS is a fun­da­men­tal re­work­ing of the filesys­tem, which re­quires ex­ten­sive changes to the OS. I can’t see a triv­ial way to al­low this to prop­a­gate back­ward, even if Ap­ple were in the habit of re­leas­ing up­grades for older macos re­leases ex­cept for se­cu­rity rea­sons or Sa­fari up­dates.

A third-party might be able to use the APFS spec to al­low mount­ing such vol­umes, but there seems to be lit­tle mar­ket for what would be an ex­pen­sive prod­uct to de­velop and sup­port only for an ever-smaller num­ber of users of older macos fla­vors who also had up­graded boot or ex­ter­nal drives in High Sierra or later re­leases to use APFS.

AP­PLE SAYS EN­CRYP­TION IS BUILT INTO APFS. CAN I TURN FIL­E­VAULT OFF?

No. Ap­ple tries to sim­plify se­cu­rity ex­pla­na­tions, and I fear the way it has

mar­keted APFS may con­fuse peo­ple, since a few read­ers have al­ready asked this. With HFS+, the long-run­ning pre­vi­ous for­mat, en­cryp­tion was ap­plied as a layer ex­ter­nal to the for­mat. This re­quired more in­ter­me­di­a­tion be­tween the op­er­at­ing sys­tem and the un­der­ly­ing files when Fil­e­vault was en­abled.

With APFS, en­cryp­tion is an in­her­ent prop­erty that can be turned on and ne­go­ti­ated at the filesys­tem level. That should make it less likely that things could go wrong, and should be more ef­fi­cient. As a Fil­e­vault user, don’t dis­able the fea­ture, but you shouldn’t no­tice any dif­fer­ences in ev­ery­day use.

ARE MY TIME MA­CHINE BACK­UPS OF AN APFS VOL­UME ALSO IN APFS FOR­MAT?

No. HFS+, APFS, FAT32, and other for­mats af­fect how data is laid out in a disk par­ti­tion. It doesn’t af­fect in­for­ma­tion read from a drive. If your Time Ma­chine drive has HFS+ par­ti­tions, those will re­main in HFS+ for­mat.

Ap­ple says that a fea­ture of APFS al­lows cre­at­ing snapshots of an en­tire file sys­tem at a given mo­ment in time, which Time Ma­chine will rely on in High Sierra for mo­bile back­ups, which are the in­terim Time Ma­chine ver­sions stored on your com­puter when it’s not con­nected to a Time Ma­chine vol­ume or net­work with a Time Ma­chine server or Time Cap­sule on it.

IF I HAVE APFS ON ALL MY IOS DE­VICES AND MACS, ARE ICLOUD FILES NOW ENCRYPTED AT A DE­VICE LEVEL?

Read­ers won­dered if APFS’S abil­ity to use en­cryp­tion na­tively meant that files were stored in a dif­fer­ent fash­ion when synced among de­vices all con­nected to icloud. They are not. icloud re­mains encrypted in tran­sit and among your de­vices, but Ap­ple holds all the en­cryp­tion keys for contacts, events, pho­tos, mail, and other data that you can ac­cess at icloud.com when you log in.

icloud Key­chain re­mains encrypted end-to-end by de­vices. The new fa­ciali­den­ti­fi­ca­tion sync sys­tem in IOS 11 and High Sierra also syncs via icloud, but is encrypted in a fash­ion in which Ap­ple doesn’t have a way to de­crypt the data in tran­sit.

De­vice-based stor­age (data encrypted at rest) can’t per se be end-to-end, be­cause it has to be de­crypted and read to be acted upon by the lo­cal de­vice, like a Mac. End-to-end en­cryp­tion is typ­i­cally be­tween the op­er­at­ing sys­tem act­ing upon data on your de­vice and an­other op­er­at­ing sys­tem on the other end at a des­ti­na­tion. ■

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.