APFS in Detail

January 15, 2017
Category: technology
2 minutes to read
Tags: apfs, apple, encryption, file system, hfs+, security

In June of 2016, Apple announced the file system that would be replacing HFS+: Apple File System (APFS). Adam Leventhal wrote a detailed series of posts about what’s coming in the new file system:

Apple announced a new file system that will make its way into all of its OS variants (macOS, tvOS, iOS, watchOS) in the coming years. Media coverage to this point has been mostly breathless elongations of Apple’s developer documentation. With a dearth of detail I decided to attend the presentation and Q&A with the APFS team at WWDC. Dominic Giampaolo and Eric Tamura, two members of the APFS team, gave an overview to a packed room; along with other members of the team, they patiently answered questions later in the day. With those data points and some first hand usage I wanted to provide an overview and analysis both as a user of Apple-ecosystem products and as a long-time operating system and file system developer.

Beyond losing the mass of technical debt accumulated in HFS+, the feature that appeals to me most is encryption becoming a first class citizen. This will be seamless to the end user, but provide for greater security going forward.

Multi-key encryption is particularly relevant for portables where all data might be encrypted, but unlocking your phone provides access to an additional key and therefore additional data.

[...]

APFS (apparently) supports constant time cryptographic file system erase, called “effaceable” in the diskutil output. This presumably builds a secret key that cannot be extracted from APFS and encrypts the file system with it. A secure erase then need only delete the key rather than needing to scramble and re-scramble the full disk to ensure total eradication.

Quite interestingly, APFS will be adding I/O QoS:

APFS also focuses on latency; Apple’s number one goal is to avoid the beachball of doom. APFS addresses this with I/O QoS (quality of service) to prioritize accesses that are immediately visible to the user over background activity that doesn’t have the same time-constraints. This is inarguably a benefit to users and a sophisticated file system capability.

I’m curious to see how much impact this will have in the real world, but conceptually it makes a lot of sense.

I also learned from Adam’s posts that if you want to experiment with prerelease APFS now, there is a bit of humor in avoiding interactive confirmation of the risks associated:

[diskutil] prompts you for interactive confirmation of the destructive power of APFS unless this is added to the command-line: -IHaveBeenWarnedThatAPFSIsPreReleaseAndThatIMayLoseData; I’m not making this up