APFS (Apple File System) is Apple’s new and modern file system that was introduced in macOS 10.13 (A.K.A. macOS High Sierra). It is a replacement for HFS+ (Hierarchical File System Plus) which has been around since 1998 and came out when the first iMac appeared, which in turn was preceded by HFS (Hierarchical File System) which appeared in 1985 when the Mac Plus appeared, and MFS (Macintosh File System) which appeared in 1984 alongside the original Macintosh. APFS is meant to be the default file system for all Apple products. In fact, if you’ve got an iPad or an iPhone, you’ve been running APFS since earlier this year when it was introduced as part of an iOS 10 update and you likely didn’t know about it. Even the Apple Watch runs APFS as its filesystem.
Here’s the key features of APFS:
- APFS is a 64-bit file system supporting over 9 quintillion files on a single volume.
- APFS is also optimized for devices that use flash and solid-state storage*
- APFS allows for clones which is a nearly instantaneous copy of a file or directory that occupies no additional space for file data.
- APFS allows for snapshots which is a point-in-time, read-only instance of the file system. This offers a way to revert changes to a given point in time.
- APFS uses a copy-on-write metadata scheme to ensure that updates to the file system are crash protected, without the write-twice overhead of journaling.
- APFS supports atomic safe save. This is similar to the idea of copy-on-write but applies to any file operation, such as a renaming or moving a file or directory. Using rename as an example, the file that is about to be renamed is copied with the new data (the file name); not until the copy process is complete are the directory and inode data updated to point to the new data. This ensures that if for any reason, such as a power failure, or some type of CPU hiccup, the write isn’t completed, the original file remains intact.
- APFS supports Space Sharing which allows multiple file systems to share the same underlying free space on a physical volume. Unlike rigid partitioning schemes that pre-allocate a fixed amount of space for each file system, APFS-formatted volumes can grow and shrink without volume re-partitioning.
- APFS supports Sparse Files. The advantage of sparse files is that storage is only allocated when actually needed: disk space is saved, and large files can be created even if there is insufficient free space on the file system.
*APFS currently does not support Apple Fusion Drives which is a mix of flash and spinning disk storage. This apparently is coming in a future macOS update. Pure spinning disks are not supported.
APFS has encryption using AES-XTS or AES-CBC modes depending on the hardware that is in play. Both files and metadata will be encrypted. Supported encryption methods include:
- Clear (no encryption).
- Single-key.
- Multi-key, with per-file keys for both data and metadata.
As far as I have been able to research and backed up by my observations, only the first two features have been implemented on macOS High Sierra. The reason why I worded it like that is that many of the under the hood features of APFS are not that well documented. That’s going to be a bit of a theme as I go along here. One thing that I should point out is that APFS encryption is software based encryption. Also, APFS encryption is volume based encryption. Meaning it doesn’t encrypt the whole disk. It encrypts volumes on the disk as you may have one or more volumes on the disk.
You can encrypt an APFS volume by going to:
- Settings
- Security & Privacy
- FileVault
- Turn On FileVault
It works the same way as FileVault 2 where it will ask you to save a recovery key in iCloud or it will generate one for you to write down or print out. You can also use the command line to initiate encryption and decryption. But I would avoid that as it is easy to get into trouble using that method.
Now APFS encryption is slow to encrypt. It encrypts at a rate of roughly 15 GB per hour. Or put another way, it took 19.5 hours to encrypt 295GB of data on an APFS volume residing on an SSD when I tested it. Conversion of a FileVault 2 encrypted HFS+ volume on the same SSD appears to be faster. My testing indicated that the same amount of data took 6 hours to convert that volume to APFS.
Now every Mac that I have upgraded to High Sierra has run into an issue where there has been “underallocation” or “overallocation” of the APFS volume. This I discovered by using Disk Utility after the upgrade process has completed. Again, Apple has no documentation that explains what this error means. But if I had to make a guess, the amount of space on the hard drive was not allocated properly during the HFS+ to APFS conversion. The only fix that I have found is to backup the data and reformat as Disk Utility cannot fix this error.
Now some key things to keep in mind about APFS:
- SSD’s will be converted from HFS+ to APFS automatically when you install macOS 10.13 and you cannot revert back without backing up and reformatting the drive, nor can you opt out of the conversion process.
- Only one company that I know of can do data recovery from a APFS drive which is DriveSavers (https://www.drivesaversdatarecovery.com/). Even then, APFS recovery is questionable at best according to the company. Thus if you value your data, back it up.
- Few if any third party disk utilities work with APFS. Therefore your ability to backup or repair an APFS volume is currently limited. Which means that if you run into issues on an APFS volume, a backup (if you can), reformat and restore may be your only option to fix an issue.
- APFS volumes cannot be read by earlier versions of macOS. Fortunately, you can still format volumes in HFS+ using Disk Utility which can be read by any version of macOS. Thus if you have USB thumb drives or external hard drives, format them for HFS+.
- APFS formatted volumes can not be used to share files via AFP (Apple Filing Protocol). In this use case, you must use SMB (Server Message Block) to share files. Apple has announced that support for AFP has been depricated for that reason, though it still exists in macOS 10.13 for backward compatibility purposes.
Clearly this isn’t your father’s file system. APFS has a lot going for it. Hopefully, Apple fleshes out the details about it and software companies catch up with utilities that support this file system so that all Apple users can fully benefit from it.
The 8th Edition Of Hack In Paris Announces Their Training Schedule
Posted in Commentary with tags Hack In Paris on December 19, 2017 by itnerdAfter the success of the latest edition with more than 650 attendees, this 5-day corporate event will be held for the eighth time in France, at the Maison de la Chimie, in the heart of the 7th district of Paris. An event for CISOs, CIOs, consultants, students and passionate about IT security field.
Once again they have selected the best speakers and trainers to offer a full and varied program. During a 1, 2 or 3-days training, you will learn and practice in a dedicated environment and supervised by professionals of hacking and security.
June 25th – 27th 2018: Training
Hack in Paris offers 18 training classes from 1 to 3 days led by international experts:
TRAINING 1 : Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation with Dawid Czagan
TRAINING 2 : Windows Post-Exploitation: Subverting the Core with Ruben Boonen
TRAINING 3 : Mobile App Attack with Sneha Rajguru
TRAINING 4 : Corelan Live – Bootcamp with Peter Van Eeckhoutte
TRAINING 5 : Practical IoT Hacking with Aseem Jakhar
TRAINING 6 : “Smart lockpicking” – hands on exploiting flaws in IoT devices based on electronic locks and access control systems with Slawomir Jasek
TRAINING 7 : Analogue network security architecture & design with Winn Schwartau & Mark Carney
TRAINING 8 : Hacking and Securing Windows Infrastructure with Paula Januszkiewicz
TRAINING 9 : Pentesting the Modern Application Stack with Francis Alexander
TRAINING 10 : Practical Industrial Control System (ICS) Hacking with Arun Mane
TRAINING 11 : Hacking IPv6 Networks v4.0 with Fernando Gont
TRAINING 12 : Pentesting Industrial Control Systems with Arnaud Soullie
TRAINING 13 : Reverse Code Engineering in Win32 apps: protecting yourself in-the-wild with Rodríguez Ricardo J
TRAINING 14 : Designing Linux Rootkits with Himanshu Khokhar
TRAINING 15 : Infrastructure Security Assessment with Omair
TRAINING 16 : Low-Level Hardware Penetration Testing with Henrik Ferdinand Noelscher and Javier Vazquez
TRAINING 17 : Smashing the SSL/TLS protocol with practical crypto attacks with Marco Ortisi
TRAINING 18 : Certified Chief Information Security Officer (CCISO) – online soon
Various topics will also be discussed in depth from a technical perspective. Additional details will be announced mid-February.
For more information visit https://hackinparis.com.
Leave a comment »