Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
FileVault vs "Native Encryption"
- Thread starter Guitar_t-bone
- Start date
- Sort by reaction score
See Reply #6 above. Encryption in High Sierra is called FileVault just as it was in Sierra. The difference is that APFS supports encryption natively whereas HFS+ used Core Storage.
You can also find an excellent explanation of APFS and FileVault in ArsTechnica's comprehensive review of High Sierra.
Great rundown of the performance of all the varients of formats on Carbon Copy Cloner's web site. By their measure, APFS-E (encrypted) is a LOT slower (boot times at least) than any other format option:
https://bombich.com/kb/ccc5/high-sierra-testing-and-known-issues
And do NOTE: There is a distinction between APFS-E (encrypted) and APFS-FV (File Vault)
![Screen Shot 2017-09-27 at 5.57.51 AM.png]( "Screen Shot 2017-09-27 at 5.57.51 AM.png")
https://bombich.com/kb/ccc5/high-sierra-testing-and-known-issues
And do NOTE: There is a distinction between APFS-E (encrypted) and APFS-FV (File Vault)
Hi there,
1) I formatted my MacBook Pro drive by erasing and selecting APFS (encrypted).
Now when the machine boots it shows me my account in order to enter the password but a "Disk Password" option as well.
What is this option?
2) Is it better to format the drive as APFS and then just turn on the Filevault?
Thank you.
1) I formatted my MacBook Pro drive by erasing and selecting APFS (encrypted).
Now when the machine boots it shows me my account in order to enter the password but a "Disk Password" option as well.
What is this option?
2) Is it better to format the drive as APFS and then just turn on the Filevault?
Thank you.
Perhaps, its early in the morning, but I'm not understanding that chart at all.
We have HFS, HFS-FV, APFS, APFS-E and APFS-FV along both X and Y axis, I'm not sure what I'm looking at
I'd like to know the differences between APFS-E vs APFS-FV as well, which I think the OP was also trying to discern.
The only difference is that the boot volume is formatted as APFS Encrypted prior to installation. Once installation completes, FileVault will already have been enabled.
It's just a word.
As mentioned by Bombich, the best way is to go with CCC is to restore to a non-encrypted volume and subsequently enable FileVault but keep in mind they're talking about restoring clones.
If you upgrade Sierra with FileVault already enabled, High Sierra will upgrade it as is without decryption.
Last edited:
To confirm what I wrote above about APFS Encryption, I created a High Sierra VM using Parallels 13.
I installed High Sierra to a volume that I erased as APFS Encrypted. I then completed installation and confirmed that, in fact, FileVault was already enabled.
![Screenshot%202017-09-27%2021.15.41.png]()
In the case of my own iMac, I upgraded Sierra with FileVault enabled and Disk Utility shows the exact same thing as the VM for the boot volume: APFS Encrypted.
Disk Utility for Virtual Machine created on pre-encrypted APFS volume
![Screenshot%202017-09-27%2021.36.27.png]()
Disk Utility for my 2017 iMac with FileVault enabled prior to upgrade
![Screenshot%202017-09-27%2021.38.54.png]()
There is no difference between APFS Encryption and FileVault.
Mike Bombich is only using APFS-E to mean restoring a CCC clone image to a volume already formatted as APFS Encrypted. By APFS-FV, he means to restore the image to a non-encrypted volume and then enable FileVault.
I installed High Sierra to a volume that I erased as APFS Encrypted. I then completed installation and confirmed that, in fact, FileVault was already enabled.
In the case of my own iMac, I upgraded Sierra with FileVault enabled and Disk Utility shows the exact same thing as the VM for the boot volume: APFS Encrypted.
Disk Utility for Virtual Machine created on pre-encrypted APFS volume
Disk Utility for my 2017 iMac with FileVault enabled prior to upgrade
There is no difference between APFS Encryption and FileVault.
Mike Bombich is only using APFS-E to mean restoring a CCC clone image to a volume already formatted as APFS Encrypted. By APFS-FV, he means to restore the image to a non-encrypted volume and then enable FileVault.
Last edited:
Are you seeing the odd Guest account and Disk on the login screen described in this thread and also by @lasniko above in post #30?
I agree with you encrypting before with DU vs. after with FV is the same encryption, but that said, I wonder if encrypting first then installing is causing some of these odd login issues people are seeing. I know under Sierra and prior the FV setup process changed the boot procedure to work with the encrypted drive and I'm wondering if that is not getting done correctly by formatting encrypted first then installing.
You also don't get the chance to setup a recovery code by encrypting first.
[doublepost=1506517524][/doublepost]
This is from the CCC site and explains. I don't really see the significance of the chart anyway though. I could care less about boot times. I would like to have seen some file transfer tests.
The end result as far as the disk being encrypted is the same. FileVault is just the sort of brand name of the service and it uses APFS Encrypted to accomplish that.
Last edited:
I think boot times are telling, but yet I understand what you're getting at. Also though this is where APFS shines. I've yet to upgrade, though I may pull the trigger later today. I just finished getting a fresh CCC image on my backup drive.
I'm having no issues with High Sierra on my 2016 TB MBP. Come on in... the water is fine.
Yes, this is yet another advantage of installing to a non-encrypted volume and then enabling FileVault. This apparently ties the encryption to the user account.
With installation to the pre-encrypted volume the encryption password to unlock the volume was required separately each time at login.
@SRLMJ23 in the other thread reformatted and installed then turned on FV and it fixed the odd login issues. So looks like that is the way to go.
Thanks for testing.
I'm worried about gotomypc. That's a must have, and based on searching the interwebs, the beta wasn't playing nice. Gotomypc's answer was, that its a beta product, and they'll support high Sierra once released.I'm having no issues with High Sierra on my 2016 TB MBP. Come on in... the water is fine.
This seems to be without question at this point. In addition to the strange login issues, there is CCC is noting the slower boot times when clone images are restored to already encrypted APFS volumes.
One gets the impression that at least as things are now, Apple did not intend for High Sierra to be installed in this manner although that may change with future updates.
Thanks for testing.
My pleasure.
Yep... that seems to be best practice at this point. That will also ensure the login process is setup properly.
Correct, and just to reiterate for those who are upgrading, upgrade installs on Sierra with FileVault already enabled work perfectly with no login/performance issues. Also, the High Sierra installer is able to upgrade the encrypted volume as is without requiring decryption during the conversion to APFS.
To confirm what I wrote above about APFS Encryption, I created a High Sierra VM using Parallels 13.
I installed High Sierra to a volume that I erased as APFS Encrypted. I then completed installation and confirmed that, in fact, FileVault was already enabled.
![Screenshot%202017-09-27%2021.15.41.png]()
In the case of my own iMac, I upgraded Sierra with FileVault enabled and Disk Utility shows the exact same thing as the VM for the boot volume: APFS Encrypted.
Disk Utility for Virtual Machine created on pre-encrypted APFS volume
![Screenshot%202017-09-27%2021.36.27.png]()
Disk Utility for my 2017 iMac with FileVault enabled prior to upgrade
![Screenshot%202017-09-27%2021.38.54.png]()
There is no difference between APFS Encryption and FileVault.
Mike Bombich is only using APFS-E to mean restoring a CCC clone image to a volume already formatted as APFS Encrypted. By APFS-FV, he means to restore the image to a non-encrypted volume and then enable FileVault.
Good analysis. So it would seem the big penalty in boot times comes when you pre-format as excrypted. The rest of the variations are pretty darn close. At least close enough to not really matter.
Sorry to rehash a two week old thread, but I just can't understand this.
I upgraded to High Sierra on my 2017 MBP. In disk utility, it says my disk is not encrypted and is using APFS. I have an option to turn on FileVault. This thread leads me to believe that my disk utility is lying to me.
Is the disk encrypted? Can someone who steals my MBP hack into the data?
Will turning on FileVault do anything if I already have APFS?
Thank you
I upgraded to High Sierra on my 2017 MBP. In disk utility, it says my disk is not encrypted and is using APFS. I have an option to turn on FileVault. This thread leads me to believe that my disk utility is lying to me.
Is the disk encrypted? Can someone who steals my MBP hack into the data?
Will turning on FileVault do anything if I already have APFS?
Thank you
Weaselboy described this very nicely in another thread.
To paraphrase, FileVault is a product name. On HFS+ volumes FV uses core storage based encryption. On APFS volumes FV uses the native encryption built into APFS. Same name with different implementations based on file system type.
Since disk utility says it is not encrypted and you have the option to turn it on, your disk is not currently encrypted.
DS