Apple doubles-down on encryption in new APFS file system
Posted on 06/14/2016 7:10:58 PM PDT by Swordmaker
The security services aren't going to like this
Apple is deepening support for encryption in its PCs, laptops and devices with the introduction of Apple File System (APFS), a new file system that will replace the existing HFS+ file system from next year.
APFS has been "engineered with encryption as a primary feature", according to Apple, adding extra encryption features into the file system that will make it easier for users to encrypt files.
However, it may also reignite disputes with law enforcement and security agencies over backdoors for encrypted communications and devices.
APFS will be backwards compatible with HFS+, which is used by MacOS and iOS operating systems. HFS+ has been used by Apple since 2001, but existing third-party utilities will need to be updated to support it. Apple claimed that one of the main reasons why the new file system is required is to take advantage of the shift to flash-based storage media.
One of the key features, therefore, will be auto-trim to prevent devices using flash slowing over time (as any user of a cheap Android device eventually finds out).
"Like HFS+, APFS supports Trim operations. On APFS, Trim operations are issued asynchronously from when files are deleted or free space is reclaimed, which ensures that these operations are only performed once metadata changes are persisted to stable storage," said the Apple File System Guide.
It is also, Apple was keen to point out, compatible with traditional "spinning rust" hard disk drives.
However, it is the extra support for encryption that raised most eyebrows. "On OS X, full disk encryption has been available since OS X 10.7 Lion. On iOS, a version of data protection that encrypts each file individually with its own key has been available since iOS 4. APFS combines both of these features into a unified model that encrypts file system metadata," explained the guide.
"APFS supports encryption natively. You can choose one of the following encryption models for each volume in a container: no encryption, single-key encryption, or multi-key encryption with per-file keys for file data, and a separate key for sensitive metadata.
"APFS encryption uses AES-XTS or AES-CBC, depending on the hardware. Multi-key encryption ensures the integrity of user data even when its physical security is compromised."
Other features include ‘space sharing', enabling multiple file systems to share the same underlying free space on a physical volume.
"Unlike rigid partitioning schemes, which pre-allocate a fixed amount of space for each file system, APFS volumes can grow and shrink without volume repartitioning," said Apple.
The 64-bit Inode Numbers scheme will also enable APFS to support more than nine quintillion files on a single volume (which ought to be enough for anyone - for the time being).
APFS uses a copy-on-write metadata scheme to ensure that updates to the file system are crash-safe. This approach also reduces the additional overhead of journaling that occurs with HFS+.
Missed the opening keynotes at WWDC? Read V3's coverage of all the main announcements.
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
More on the new ADFS file system over here. . . ping.
Great!...
...and I’ll let other people beat up on it for a couple of years before I entrust my data to it.
That’s due to it both being a new file system, and the fact that Apple’s software QA has taken a hit the last few years.
What happens when you cannot log into your encrypted pc?
Do you lose all your files?
Thanks. It sounds like a great file system, that will quickly become the default option. I especially like the space sharing / auto growth feature. Will be interesting to see how people and apps leverage the more advanced encryptin features, specifically the ability to have different key for a specific file.
Spinning Rust
LOL
I had the same thought. Very important to have backups, and to remember your passwords. But if encrypted, can you recover to another pc? In the past, I've lost encrypted hard drives on trashed pc's that could not be read on another pc. With the new MacOS, I imagine there are better safeguards to make it easier to recover to another Mac... if you remember the passwords.
Do you own the Apple Watch? If so, do you like? TIA
I hope they open up the spec enough so that we’ll have Linux drivers for it.
Off topic (but less so here than anywhere else, AFAIK):Tim Cook argued that every child should be taught a programming language in school, and he argued that SwiftIn furtherance of that objective, Apple announced, and demonstrated, “Swift Playground” for the iPad. On reflection, it reminds me of nothing so much as LOGO with its turtle control commands. Except of course that LOGO on an Apple II c was laughably crude in comparison. LOGO allowed a learner to command the cursor, called (but not illustrated as) the “turtle,” to move and turn.
- is open source,
- is used and useful for Apple developers.
- is very easy to learn,
- creates very fast code, and therefore
- Swift programming language should be taught to all children.
Swift Playground will allow the learner to command turns and motion by a fuzzy critter. Or a bunch of icons, which fall according to the laws of physics to the bottom of the display. With Swift commands the icons on the display follow laws of physics in a world under tilt control of the user manipulating the iPad. IOW, under “Swift Playground,” the learner has access to the gyro and the accelerometer in the iPad.
Swift Playground will be in the Developer’s release of iOS10, andwill be free in the App Store this fall.
Of possible interest to metmom for education . . . Ping.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.