It may sound like a silly question: How does APFS and File Vault interact with each other?
I upgraded to High Sierra yesterday and I do have File Vault on.
APFS is now encrypted and File Vault is working. Are there two encrypted layers now?
Thanks
MacBook Pro with Retina display, iOS 10.1.1
What I get from reading the Apple and Ars docs is that "FileVault" refers to one method in Sierra, and a totally different method in High Sierra, and each OS uses only its native method.
FV in Sierra involved, as a previous poster mentioned, full disk encryption at the OS level, layered on top of HFS+.
FV is now being used as the name (for continuity without confusion hahahaha) for the APFS native encryption, which is for the record not true full-disk encryption but rather an on-the-fly encryption of files AND filesystem metadata, only as they hit the disk, and not the entire volume. This saves some processing.
The point is, the user simply interacts with "FileVault" in the control panel, turns it on or off, and never has to know that the function is different between Sierra (filesystem encryption over HFS+) and High Sierra (file encryption embedded in the APFS filesystem along with the other cool improvements).
So, short answer "No, there is no redundancy between FileVault as presented in the High Sierra Control Panel and the HS native APFS encryption that you know exists but don't seem to be able to directly manipulate. Same hunk of cheese.
To the poster who clued me in to "diskutil apfs list", thanks much, I am slogging through a FV enable on HS that has completed 26% in one hour on a 500GB Macbook SSD.
You are making me crazy guys 😁
I'll take the John Roberts-inspired liberty of rewriting your question, and then answering that rewritten question 😝 You want to know if using both APFS and FileVault is redundant, and the short answer is yes.
The longer answer is as follows: Apple wants macOS upgrades to be as hassle-free as possible so that their users are enjoying the device security they're accustomed to with their iOS devices and that they have come to expect given Apple's many public pronouncements on that subject. That means if their customers have been using FV, Apple doesn't want them to scream and howl some aspect of security has been diminished if they were to suddenly take FV away, replace it with APFS, and say "don't worry about it, we got this". Apple's decision is complicated by the continued prevalence of traditional hard disk drives, and at present APFS is not being deployed to those systems. It's also complicated by the fact institutional FV deployments are common, and require administrator control and recovery from user ineptitude. If there is anything resistant to change, it's corporate IT departments.
It's not reasonable to expect the vast majority of Mac users to know or even care if they're using hard disks or flash memory or some combination of the two. That's the whole point of APFS. They shouldn't know or care how their information is stored. They shouldn't even care what a "file" is or where it resides. They just want their stuff to work, and their information to be secure. Those are reasonable and achievable goals.
I can see Apple taking one of two courses: either they will eventually implement APFS for those devices, or they will let hard disk drives wither on the vine to suffer the demise they so richly deserve. I don't know which will happen first, but they are certain to happen. Either way, if you're using FV for internal / external / Time Machine, you can continue to use it without interruption to your current workflow. Same goes for APFS. If your Mac can use it, it will (and you can't refuse). If your external devices can use it, you can.
I suppose most people don't know, others won't care, and that's the idea.
If you want a broad overview of what Apple does, look at iOS. Where iOS goes, macOS is sure to follow. FileVault doesn't exist for iOS. Draw your own conclusions.
Hello <user whose profile name will be changed after I report it>,
First of all, Apple has been heavily pushing High Sierra and using the APFS file system as part of that. That is a lot of marketing. Most of it simply doesn't exist. Many of the APFS features that Apple touts are merely "future capabilities" that would never have been possible with the old file system, HFS+. This leads to a lot of confusion because then everyone wants to know the details, but there will never be any details forthcoming. Apple doesn't do details. Those marketing materials are all you will ever see. It would be great if Apple started getting back to publishing in-depth tech notes like they did years ago, but I just don't see that happening.
The really bad part about all of this is that other people are rushing to fill the information gap - with misinformation. I'm glad you mentioned that Ars doc. Now I see why people are getting confused. Ars Technica is flat-out wrong about APFS and encryption.
FileVault is a system that allows you to boot macOS from an encrypted volume. That's it. All it does is allow you to boot by entering your account password. The specific types of underlying filesystem or encryption used are irrelevant. APFS provides lots of options for fancy new filesystem operations, including encryption operations. But the specific type of encryption used for FileVault on APFS is full-disk encryption.
APFS vs. File Vault
