Shirt Pocket Discussions  
    Home netTunes launchTunes SuperDuper! Buy Now Support Discussions About Shirt Pocket    

Go Back   Shirt Pocket Discussions > SuperDuper! > General

Reply
 
Thread Tools Rate Thread Display Modes
  #1  
Old 11-23-2019, 12:58 AM
Brad Brad is offline
Registered User
 
Join Date: Jun 2006
Location: Palo Alto, California
Posts: 16
APFS Encrypted recommended for new MBAir?

Hi Dave ~

Wondering if you personally use APFS, in particular APFS Encrypted, on new Apple SSDs?

Just got a new 2019 MBAir with a 1 TB SSD and staring at the Migration Assistant (just setting it up for the first time) and wanting to encrypt [edit: they call it FileVault of course], but having read the performance issues with APFS, particularly encryption, not sure what to do.

Recommendations?

Thank you kindly!
~ Brad

Last edited by Brad; 11-23-2019 at 07:36 PM. Reason: Correct wrong storage size
Reply With Quote
  #2  
Old 11-23-2019, 06:54 AM
dnanian's Avatar
dnanian dnanian is offline
Administrator
 
Join Date: Apr 2001
Location: Weston, MA
Posts: 14,923
Send a message via AIM to dnanian
T2 based Macs, like this one, are always storing their data to the SSD in an encrypted form. But the performance penalty for File Vault isn't bad: and if you find it objectionable you can always turn it off...
__________________
--Dave Nanian
Reply With Quote
  #3  
Old 11-23-2019, 10:04 AM
Brad Brad is offline
Registered User
 
Join Date: Jun 2006
Location: Palo Alto, California
Posts: 16
Great. Thanks for the reminder about the T2 chip. For completeness for future readers I found this white paper by Apple: https://www.apple.com/mac/docs/Apple...p_Overview.pdf

I do have one additional question based on a snippet from this white paper:

“External Boot policy

“External Boot policy controls whether a Mac can be booted from external 
 media. This policy is shown only on Mac computers with the T2 chip and is independent from the secure boot policy. Disabling secure boot doesn’t change the default behavior of disallowing boot from external drives.”

Do you advise (or is Apple implying) that booting from an external drive makes one’s backups less secure?

Thanks again!

Last edited by Brad; 11-23-2019 at 10:06 AM. Reason: Word choice clarity
Reply With Quote
  #4  
Old 11-23-2019, 10:49 AM
dnanian's Avatar
dnanian dnanian is offline
Administrator
 
Join Date: Apr 2001
Location: Weston, MA
Posts: 14,923
Send a message via AIM to dnanian
At an abstract level, your backup is inherently slightly less secure because it's not protected by hardware encryption like the T2 chip. And the ability to boot from external devices that aren't your backup enable some potential attacks (such as booby-trapped thumbdrives), which is why they are defaulting to "off".

But in general terms, those vulnerabilities are outliers, whereas actual drive failure is not. You're far better off being able to easily recover from a failure than protecting yourself from a thumbdrive that you picked up off the floor at a tradeshow in China...because protecting yourself from the latter requires a minimum of thought, whereas the former can only be protected against through direct action: backing up.
__________________
--Dave Nanian
Reply With Quote
Reply

Tags
apfs, encrypted, encrypted disk image, encryption, performance


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Disk Utility First Aid says 'invalid btn_btree.bt_key_count' on APFS volume wildthing General 2 01-16-2019 09:38 AM
Encrypted APFS clones wildthing General 11 02-05-2018 12:28 PM
SuperDuper Backup of AES 128 Encrypted Disk Image rwg4 General 3 11-30-2005 10:28 AM


All times are GMT -4. The time now is 06:48 AM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2024, vBulletin Solutions, Inc.