Preventing Volume Encryption issues with Bitdefender Endpoint Security Tools in macOS Big Sur
This topic concerns macOS users that have encrypted their partitions with Bitdefender Endpoint Security Tools, and describes the potential issues that they might encounter with the Bitdefender security agent and how these issues can be prevented.
Changes in macOS Big Sur to file system formats and management tools
HFS, HFS+ and APFS
MacOS HFS (Hierarchical File System) Standard was a hard disk format introduced back in 1985. HFS Plus or HFS+ is a journaling file system developed by Apple Inc. It replaced the Hierarchical File System (HFS) as the primary file system of Apple computers with the 1998 release of macOS 8.1. HFS+ continued as the primary macOS X file system until it was itself replaced with the release of the Apple File System (APFS) with macOS High Sierra in 2017.
APFS, or “Apple File System,” is one of the new features in macOS 10.13, High Sierra. It’s optimized for solid state drives (SSDs) and other all-flash storage devices, though it will also work on mechanical and hybrid drives.
The APFS file format was meant to replace HFS+ files. APFS files do not need CoreStorage volume manager.
CoreStorage
CoreStorage represents a logical volume manager introduced with FileVault2 full disk encryption back when Mac OS X 10.7 Lion was released. To encrypt a HFS/HFS+ disk, the disk is added to CoreStorage.
Diskutil
Diskutil constitutes a built-in system tool used for performing disk and disk volume related tasks on macOS operating system.
How to avoid potential issues generated by macOS Big Sur
Starting with the macOS Big Sur (version 11), the CoreStorage logical volume management system becomes deprecated and will be replaced by the Apple File System (APFS).
This leads to the situation where data is lost due to that fact that HFS volumes can no longer be managed in the macOS Big Sur (11.0) version.
To resolve this issue we recommend you to follow the steps below:
Identify the endpoints that still contain HFS volume archives.
Note
HFS volumes are most likely to be located on:
OS X 10.11 El Capitan
macOS 10.12 Sierra
macOS 10.13 High Sierra and later if the OS was previously upgraded without converting the HFS volumes to APFS.
To identify the HFS volumes, use the following commands in Terminal:
diskutil cs list
No CoreStorage logical volume groups found.
CoreStorage volumes found, not encrypted:
CoreStorage logical volume groups (1 found) | +-- Logical Volume Group 202B3204-29C1-4722-90F2-F00F626AA580 ========================================================= Name: Macintosh HD Status: Online Size: 42605699072 B (42.6 GB) Free Space: 18964480 B (19.0 MB) | +-< Physical Volume 8CA4D9F6-CE15-4817-8FAD-24F295D95052 | ---------------------------------------------------- | Index: 0 | Disk: disk0s2 | Status: Online | Size: 42605699072 B (42.6 GB) | +-> Logical Volume Family A242AD19-1CD2-4874-B03D-C9E49A07DB66 ---------------------------------------------------------- Encryption Type: None | +-> Logical Volume 534678C2-4859-4733-91C3-A32E4E7C16C6 --------------------------------------------------- Disk: disk1 Status: Online Size (Total): 42234413056 B (42.2 GB) Revertible: Yes (no decryption required) LV Name: Macintosh HD Volume Name: Macintosh HD Content Hint: Apple_HFSCoreStorage volumes found, encrypting:
CoreStorage logical volume groups (1 found) | +-- Logical Volume Group 202B3204-29C1-4722-90F2-F00F626AA580 ========================================================= Name: Macintosh HD Status: Online Size: 42605699072 B (42.6 GB) Free Space: 18964480 B (19.0 MB) | +-< Physical Volume 8CA4D9F6-CE15-4817-8FAD-24F295D95052 | ---------------------------------------------------- | Index: 0 | Disk: disk0s2 | Status: Online | Size: 42605699072 B (42.6 GB) | +-> Logical Volume Family A242AD19-1CD2-4874-B03D-C9E49A07DB66 ---------------------------------------------------------- Encryption Type: AES-XTS Encryption Status: Unlocked Conversion Status: Converting (forward) High Level Queries: Not Fully Secure | Passphrase Required | Accepts New Users | Has Visible Users | Has Volume Key | +-> Logical Volume 534678C2-4859-4733-91C3-A32E4E7C16C6 --------------------------------------------------- Disk: disk1 Status: Online Size (Total): 42234413056 B (42.2 GB) Conversion Progress: 39% Revertible: Yes (unlock and decryption required) LV Name: Macintosh HD Volume Name: Macintosh HD Content Hint: Apple_HFSCoreStorage volumes found, encrypted:
CoreStorage logical volume groups (1 found) |+-- Logical Volume Group 202B3204-29C1-4722-90F2-F00F626AA580 ========================================================= Name: Macintosh HD Status: Online Size: 42605699072 B (42.6 GB) Free Space: 18964480 B (19.0 MB) | +-< Physical Volume 8CA4D9F6-CE15-4817-8FAD-24F295D95052 | ---------------------------------------------------- | Index: 0 | Disk: disk0s2 | Status: Online | Size: 42605699072 B (42.6 GB) | +-> Logical Volume Family A242AD19-1CD2-4874-B03D-C9E49A07DB66 ---------------------------------------------------------- Encryption Type: AES-XTS Encryption Status: Unlocked Conversion Status: Complete High Level Queries: Fully Secure | Passphrase Required | Accepts New Users | Has Visible Users | Has Volume Key | +-> Logical Volume 534678C2-4859-4733-91C3-A32E4E7C16C6 --------------------------------------------------- Disk: disk1 Status: Online Size (Total): 42234413056 B (42.2 GB) Conversion Progress: Complete Revertible: Yes (unlock and decryption required) LV Name: Macintosh HD Volume Name: Macintosh HD Content Hint: Apple_HFSCoreStorage volumes found, decrypting:
CoreStorage logical volume groups (1 found) | +-- Logical Volume Group 202B3204-29C1-4722-90F2-F00F626AA580 ========================================================= Name: Macintosh HD Status: Online Size: 42605699072 B (42.6 GB) Free Space: 18964480 B (19.0 MB) | +-< Physical Volume 8CA4D9F6-CE15-4817-8FAD-24F295D95052 | ---------------------------------------------------- | Index: 0 | Disk: disk0s2 | Status: Online | Size: 42605699072 B (42.6 GB) | +-> Logical Volume Family A242AD19-1CD2-4874-B03D-C9E49A07DB66 ---------------------------------------------------------- Encryption Type: AES-XTS Encryption Status: Unlocked Conversion Status: Converting (backward) Reversion State: Decrypting High Level Queries: Not Fully Secure | Has Visible Users | Has Volume Key | +-> Logical Volume 534678C2-4859-4733-91C3-A32E4E7C16C6 --------------------------------------------------- Disk: disk1 Status: Online Size (Total): 42234413056 B (42.2 GB) Conversion Progress: 11% Revertible: Yes (unlock and decryption required) LV Name: Macintosh HD Volume Name: Macintosh HD Content Hint: Apple_HFS
From the examples above, we recommend that you follow the next patterns of actions:
When the volumes are in the decrypting phase, wait for the process to end.
Continue to decrypt the encrypted HFS volumes found in items c and d, using Bitdefender Endpoint Security Tools. A computer reboot may be required for the process to take effect.
For the items b and e, after you’ve made sure to backup your data, you may skip to step 5 to start the conversion process to APFS files, as long as they are Non Boot volumes.
Backup the data using Time Machine or any other backup software.
Note
A data backup is always recommended, not just before an OS upgrade.
Upgrade to the macOS Big Sur version, and the boot partition will be converted to APFS automatically.
Convert any non-boot HFS volume to APFS by undertaking the following steps:
Identify the HFS volumes:
For HFS volumes not added to CoreStorage use the following command:
diskutil list
For HFS volumes added to CoreStorage use the following command:
diskutil cs list
Convert the volume to APFS, as in the following examples:
diskutil apfs convert disk0s2
diskutil apfs convert disk5
Check the data integrity and restore the data from the previous backup in case data was corrupted during the upgrade or during the conversion to APFS.
Encrypt the new APFS volumes using Bitdefender Endpoint Security Tools in order to further protect your data.