You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: senjutsu
senjutsu Author
User level: Level 1
4 points

Encrypting APFS Time Machine volumes

Is it necessary to encrypt APFS Time Machine volumes on Big Sur and up if File Vault is on? Let me try to explain why I'm asking this: I clearly remember warnings came up when I tried to use unencrypted disks with Time Machine when File Vault was on. No such warning comes up on Big Sur and up as far as I remember. So I presume Apple reckons not having encryption doesn't compromise the security of APFS Time Machine backups.


This is how I think it works: As you know, Time Machine snapshot format on Big Sur has changed (individual files on HFS+ volumes vs. some sort of "virtual file system" on APFS volumes.) Now that backups are comprised of virtual file systems instead of individual files, File Vault encryption is somehow applied to them, so no Mac other than the one they are created on can access them if File Vault is turned on, thus eliminating the need for encryption.

Am I correct or am I totally making this up?

MacBook Pro with Touch Bar

Posted on Dec 19, 2021 9:32 AM

Reply
Question marked as Top-ranking reply
User profile for user: Barney-15E
Barney-15E
User level: Level 10
116,086 points

Posted on Dec 19, 2021 9:59 AM

I think the latter. Choose a backup disk and set encryption options on Mac - Apple Support

Perhaps they removed (or remembered your response to) the warning.

There is a note in that article about drives that cannot be encrypted. If that applies, maybe that is why it didn't ask.

View in context

Similar questions

8 replies
User profile for user: senjutsu
senjutsu Author
User level: Level 1
4 points

Jan 2, 2022 3:36 AM in response to Barney-15E

Barney-15E wrote:

I think the latter. Choose a backup disk and set encryption options on Mac - Apple Support
Perhaps they removed (or remembered your response to) the warning.
There is a note in that article about drives that cannot be encrypted. If that applies, maybe that is why it didn't ask.


If you are referring to this note, it's about how the disk should be formatted:


Encryption is not available if you are using a disk directly connected to your Mac that is formatted using an Apple Partition Map (APM) or Master Boot Record (MBR) partition and the disk has more than one partition.


My disk was formatted using GUID Partition Map, so it was available for encryption. It was also not possible that they remembered my previous response, because it was a fresh macOS installation. And if they really removed the warning, I would like to know why they did so; that's the essence of my question: Why is encryption not required for File Vault-encrypted volume backups any more?


I hope I made myself clear.


Reply
User profile for user: senjutsu
senjutsu Author
User level: Level 1
4 points

Jan 2, 2022 3:48 AM in response to BlueberryLover

BlueberryLover wrote:

I believe that encryption for new APFS Time Machine backup volumes has been enforced since Big Sur for Macs which have a T2 security chip (even without enabling FileVault encryption).

Both of my 2 Time Machine volumes are encrypted and seem to work without any issues.


That's not what I remember has happened when I set up Time Machine on my MacBook Pro with a T1 chip, but it has been a while; I could be wrong. Anyway, I'm going to do do a fresh Monterey installation on this MBP soon, I will let you know the outcome.


Reply
User profile for user: senjutsu
senjutsu Author
User level: Level 1
4 points

Jan 2, 2022 5:18 AM in response to senjutsu

Barney-15E wrote:

It was never required. It was always an option.


You are absolutely right, my bad. Let me rephrase my question: Why does macOS not prompt for enabling encryption on new APFS Time Machine volumes when File Vault is enabled? That is, if I remember correctly; please see my previous post. I will let you know the outcome once I have reinstalled Monterey.


Reply
User profile for user: etresoft
etresoft
User level: Level 9
50,482 points

Jan 2, 2022 5:53 AM in response to senjutsu

senjutsu wrote:

Why does macOS not prompt for enabling encryption on new APFS Time Machine volumes when File Vault is enabled?

This is a user-to-user support forum. Apple is not here. We can answer “how” questions, but not “why” questions. If anyone even attempts to answer a why question, the best you could possibly get is an educated guess, but in many cases, it is just wild speculation.


If you are asking questions about setup of major operations like installing the operating system or setting up a Time Machine backup, you are more likely to get those wild speculations. In these situations, it is very difficult for most people to even experience what you are talking about because it would require erasing a computer or setting up a new backup.


The only meaningful downside to encrypting a Time Machine backup is losing your password. You can, and should, write down those passwords in a safe place. Then there are no downsides at all.

Reply

Encrypting APFS Time Machine volumes

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up