How to remove an unwanted disk image on a 2019 iMac?

The macOS operating system resides in a sealed and read-only volume that can’t be opened, modified, altered and or Deleted by the user ( you ) or third-party applications

Creedence11M64FO.SECUREPKITRUSTSTOREASSETS_SECUREPKITRUSTSTORE_Cryptex—appearing in Disk Utility on macOS 15 “Sequoia” is actually part of Apple’s system cryptography and security infrastructure.

Creedence11M64FO >> Likely an internal Apple identifier for a cryptographic package or system trust module.

SECUREPKITRUSTSTOREASSETS_SECUREPKITRUSTSTORE >> Refers to the SecureKit Trust Store: Apple’s system-managed store for certificates, root CAs, and other cryptographic trust assets.

Cryptex >> In modern macOS, a “Cryptex” is a read-only, encrypted system volume or container that holds secure, signed assets that the system can access but the user cannot easily modify.

So altogether, this is a system-managed, encrypted cryptographic container that macOS uses to verify certificates, secure connections, and maintain the integrity of trusted system assets.

It's an OS bug.

The Creedence volume is a artifact of a macOS upgrade. It becomes visible to some users sometimes but not to others.

There doesn't seem to be a way to remove the volume as it is apparently part of the OS, though it should not be visible. It has been suggested that the Creedence volume holds cryptex info related to the sealed macOS volume or other encryption that takes place on the Mac. If that is correct, it wouldn't be wise to remove it (if you could), but simply to ignore it.

There have been several community threads about it, but I find no particular guidance for successfully dealing with it.

• https://discussions.apple.com/thread/256081966?sortBy=rank

• https://discussions.apple.com/thread/255784972?sortBy=oldest_first

• https://apple.stackexchange.com/questions/476879/why-does-my-mac-show-a-strangely-named-volume-credence-and-cryptex-after-updat

It’s a Cryptex container that macOS mounts as part of the sealed system architecture introduced in Big Sur and expanded in later versions like Sequoia.

The reason it suddenly appeared is usually an OS update, a security asset update, or sometimes a third-party system extension (antivirus, low-level utilities, external boot helpers) that triggered macOS to mount that cryptex separately instead of hiding it. Because it’s tied to the signed system volume, Finder and Disk Utility treat it like a disk image but it isn’t user-managed storage, so eject, unmount, and delete will always fail.

If you want to confirm that’s what it is, run diskutil list in Terminal and you’ll see it attached under the cryptex/system volumes rather than a real DMG.

Frankly speaking there’s nothing to remove, the only time it disappears is after a macOS update rebuilds the system volume or after uninstalling the third-party extension that triggered it. If the Mac is otherwise behaving normally, the safest move is to ignore it.

That particular cryptex looks related to a certificate trust store, based solely on the name.

Previous reports indicate that that particular cryptex can be tied to the presence of some third-party system add-on apps. Add-on anti-malware was one reporte potential culprit, as was an external startup volume.

That and all other cryptexes are protected parts of macOS, and cannot be deleted.

In recent usage, a macOS cryptex is a part of macOS (containing executable code and/or data) that is isolated against modifications and corruptions and whether these are accidental or casual attempted corruptions (including deletion attempts), or intentional or malicious modifications. Much as apps are isolated into a sandbox and access outside the sandbox restricted, cryptexes are parts of the operating system and run-time that are similarly isolated and protected against user and third-party shenanigans, though that isolation and protection happening through entirely different means.

Some drivers use cryptexes, parts of JavaScript support, dynamic libraries, and other parts of macOS itself reside in cryptexes. These are loaded as part of the startup, and probably also for certain apps.

The signed system volume and cryptexes are first available with macOS 11.

There is not much documentation past the man cryptex info at the command line, and the platform security info.

More information and discussions on that particular cryptex are available using a web search for the filename.

You can try a macOS reinstallation, or can ignore it pending some future local system reconfiguration, or some current or future macOS update or upgrade. It is, however, part of macOS.

Reference below from this link https://eclecticlight.co/2021/12/16/boot-disk-layout-in-macos-monterey/

" Volume layout on Intel Macs hasn’t changed since Big Sur. There’s the traditional hidden EFI partition, and a single APFS container with the bootable system, consisting of:

• the SSV, a mounted snapshot of the unmounted read-only System volume named Macintosh HD, which forms the root of the boot file system. The snapshot is named com.apple.os-update- followed by its UUID, and the volume (hence its snapshot) is typically about 15 GB in size;
• the writable Data volume, by default on the internal disk named Macintosh HD – Data, which is normally hidden from view at /System/Volumes and accessed via firmlinks. On Intel Macs, this is given its full name;
• Preboot, a small volume of around 714 MB;
• Recovery, the Recovery Volume, of around 1.1 GB;
• VM, containing virtual memory caches, which is upwards of 20 KB depending on use.

Note that the Seal on the unmounted read-only System volume is normally broken, but it’s the snapshot which is the important one: that should be sealed, unless you have broken its seal intentionally.

Apple’s terminology for the SSV isn’t entirely consistent. In APFS reference documentation, it’s used to refer to the Sealed System Volume,whereas in its Platform Security Guide it means the Signed System Volume, although the top-level hash is known as the Seal rather than the Signature. "

I have the same after updating from Monterey to Sequoia on my 2019 iMac. Cannot do anything about it.