Prevent Volume Encryption issues with Endpoint Security for Mac in macOS Big Sur
macOS Big Sur (version 11), the Apple’s operating system for desktops and laptops released in 2020, has come with some changes that may affect the Endpoint Security for Mac behavior.
This topic concerns only macOS users that have encrypted their partitions with Endpoint Security for Mac. It describes the potential issues that they will encounter with the Bitdefender security agent and how these issues can be prevented.
Changes in macOS Big Sur to file system formats and management tools
HFS, HFS+ and APFS
MacOS HFS (Hierarchical File System) Standard was a hard disk format introduced back in 1985.
HFS Plus or HFS+ is a journaling file system developed by Apple Inc. It replaced the Hierarchical File System (HFS) as the primary file system of Apple computers with the 1998 release of macOS 8.1. HFS+ continued as the primary macOS X file system until it was itself replaced with the release of the Apple File System (APFS) with macOS High Sierra in 2017.
APFS, or “Apple File System,” is one of the new features in macOS 10.13, High Sierra. It’s optimized for solid state drives (SSDs) and other all-flash storage devices, though it will also work on mechanical and hybrid drives.
The APFS file format was meant to replace HFS+ files. APFS files don’t need CoreStorage volume manager.
CoreStorage
CoreStorage represents a logical volume manager introduced with FileVault2 full disk encryption back when macOS X 10.7, Lion, was released.In order to encrypt a HFS/HFS+ disk, the disk is added to CoreStorage, a process that requires reboot.
Diskutil
Diskutil constitutes a built-in system tool used for performing disk and disk volume related tasks on the macOS operating system.
How to avoid potential issues generated by macOS Big Sur
As stated above and in the diskutil manual, starting with the macOS Big Sur (version 11), the CoreStorage logical volume management system becomes deprecated and will be replaced by the Apple File System (APFS).
This leads to the situation where data is lost due to that fact that HFS volumes can no longer be managed in the macOS Big Sur (11.0) version.
In this regard, we recommend that you follow the steps mentioned below:
1. Identify the endpoints that still contain HFS volume archives.
Note
HFS volumes are most likely to be located on:
OS X 10.11 El Capitan
macOS 10.12 Sierra
macOS 10.13 High Sierra and later if the OS was previously upgraded without converting the HFS volumes to APFS.
To identify the HFS volumes, use the following commands in Terminal:
diskutil cs list
a. No CoreStorage logical volume groups found
b. CoreStorage volumes found, not encrypted:
CoreStorage logical volume groups (1 found)
|
+-- Logical Volume Group 202B3204-29C1-4722-90F2-F00F626AA580
=========================================================
Name: Macintosh HD
Status: Online
Size: 42605699072 B (42.6 GB)
Free Space: 18964480 B (19.0 MB)
|
+-< Physical Volume 8CA4D9F6-CE15-4817-8FAD-24F295D95052
| ----------------------------------------------------
| Index: 0
| Disk: disk0s2
| Status: Online
| Size: 42605699072 B (42.6 GB)
| +-> Logical Volume Family A242AD19-1CD2-4874-B03D-C9E49A07DB66
----------------------------------------------------------
Encryption Type: None
| +-> Logical Volume 534678C2-4859-4733-91C3-A32E4E7C16C6
---------------------------------------------------
Disk: disk1
Status: Online
Size (Total): 42234413056 B (42.2 GB)
Revertible: Yes (no decryption required)
LV Name: Macintosh HD
Volume Name: Macintosh HD
Content Hint: Apple_HFS
c. CoreStorage volumes found, encrypting:
CoreStorage logical volume groups (1 found)
|
+-- Logical Volume Group 202B3204-29C1-4722-90F2-F00F626AA580
=========================================================
Name: Macintosh HD
Status: Online
Size: 42605699072 B (42.6 GB)
Free Space: 18964480 B (19.0 MB)
|
+-< Physical Volume 8CA4D9F6-CE15-4817-8FAD-24F295D95052
| ----------------------------------------------------
| Index: 0
| Disk: disk0s2
| Status: Online
| Size: 42605699072 B (42.6 GB)
|
+-> Logical Volume Family A242AD19-1CD2-4874-B03D-C9E49A07DB66
----------------------------------------------------------
Encryption Type: AES-XTS
Encryption Status: Unlocked
Conversion Status: Converting (forward)
High Level Queries: Not Fully Secure
| Passphrase Required
| Accepts New Users
| Has Visible Users
| Has Volume Key
|
+-> Logical Volume 534678C2-4859-4733-91C3-A32E4E7C16C6
---------------------------------------------------
Disk: disk1
Status: Online
Size (Total): 42234413056 B (42.2 GB)
Conversion Progress: 39%
Revertible: Yes (unlock and decryption required)
LV Name: Macintosh HD
Volume Name: Macintosh HD
Content Hint: Apple_HFS
d. CoreStorage volumes found, encrypted:
CoreStorage logical volume groups (1 found)
|+-- Logical Volume Group 202B3204-29C1-4722-90F2-F00F626AA580
=========================================================
Name: Macintosh HD
Status: Online
Size: 42605699072 B (42.6 GB)
Free Space: 18964480 B (19.0 MB)
| +-< Physical Volume 8CA4D9F6-CE15-4817-8FAD-24F295D95052
| ----------------------------------------------------
| Index: 0
| Disk: disk0s2
| Status: Online
| Size: 42605699072 B (42.6 GB)
| +-> Logical Volume Family A242AD19-1CD2-4874-B03D-C9E49A07DB66
----------------------------------------------------------
Encryption Type: AES-XTS
Encryption Status: Unlocked
Conversion Status: Complete
High Level Queries: Fully Secure
| Passphrase Required
| Accepts New Users
| Has Visible Users
| Has Volume Key
| +-> Logical Volume 534678C2-4859-4733-91C3-A32E4E7C16C6
---------------------------------------------------
Disk: disk1
Status: Online
Size (Total): 42234413056 B (42.2 GB)
Conversion Progress: Complete
Revertible: Yes (unlock and decryption required)
LV Name: Macintosh HD
Volume Name: Macintosh HD
Content Hint: Apple_HFS
e. CoreStorage volumes found, decrypting:
CoreStorage logical volume groups (1 found)
|
+-- Logical Volume Group 202B3204-29C1-4722-90F2-F00F626AA580
=========================================================
Name: Macintosh HD
Status: Online
Size: 42605699072 B (42.6 GB)
Free Space: 18964480 B (19.0 MB)
| +-< Physical Volume 8CA4D9F6-CE15-4817-8FAD-24F295D95052
| ----------------------------------------------------
| Index: 0
| Disk: disk0s2
| Status: Online
| Size: 42605699072 B (42.6 GB)
| +-> Logical Volume Family A242AD19-1CD2-4874-B03D-C9E49A07DB66
----------------------------------------------------------
Encryption Type: AES-XTS
Encryption Status: Unlocked
Conversion Status: Converting (backward)
Reversion State: Decrypting
High Level Queries: Not Fully Secure
| Has Visible Users
| Has Volume Key
|
+-> Logical Volume 534678C2-4859-4733-91C3-A32E4E7C16C6
---------------------------------------------------
Disk: disk1
Status: Online
Size (Total): 42234413056 B (42.2 GB)
Conversion Progress: 11%
Revertible: Yes (unlock and decryption required)
LV Name: Macintosh HD
Volume Name: Macintosh HD
Content Hint: Apple_HFS
2. From the examples above, we recommend that you follow the next patterns of actions:
Regarding the volumes in the decrypting phase, wait for the process to end.
Continue to decrypt the encrypted HFS volumes found in items c and d, using Endpoint Security for Mac. A computer reboot may be required for the process to take effect.
As for the items b and e, after you’ve made sure to backup your data, you may skip to step 5 to start the conversion process to APFS files, as long as they are Non Boot volumes.
3. Backup the data using Time Machine or any other backup software.
Note
A data backup is always recommended, not just before an OS upgrade.
4. Upgrade to the macOS Big Sur version – the boot partition will be converted to APFS automatically.
5. Convert any non-boot HFS volume to APFS by undertaking the following steps:
a. Identify the HFS volumes:
diskutil list– for HFS volumes not added to CoreStoragediskutil cs list– for HFS volumes added to CoreStorage
b. Convert the volume to APFS, as in the following examples:
diskutil apfs convert disk0s2diskutil apfs convert disk5
6. Check the data integrity and restore the data from the previous backup in case data was corrupted during the upgrade or during the conversion to APFS.
7. Encrypt the new APFS volumes using Endpoint Security for Mac in order to further protect your data.