Think twice before encrypting your HFS+ volumes on High Sierra

APFS

Think twice before encrypting your HFS+ volumes on High Sierra

One of our users made a startling discovery this week after upgrading to High Sierra. He had an HFS+ formatted 16TB RAID device, and had always intended to enable encryption on that volume. There's no OS on it, so he simply right-clicked on the volume in the Finder and chose the option to encrypt it:

Screenshot of Finder contextual menu showing encryption option

This is an easy way to enable encryption on a volume: plug in a password, verify, add a hint, done!

Prompt for encryption password

Oddly, though, CCC, Disk Utility, and Terminal all agreed that his HFS+ volume was now an APFS Encrypted volume. Naturally he contacted AppleCare. "Not possible, says Apple", he reported.

It is apparently possible, however, and I was able to confirm this behavior on my test system. Take any HFS+ formatted volume that does not have an installation of macOS on it (that part is key), right-click on the volume in the Finder and choose the option to encrypt it. Rather than simply converting the volume to a CoreStorage Encrypted volume and keeping the HFS+ format, macOS converts the volume to APFS with no warning, and then enables encryption.

Potential hazards of converting your data volumes to APFS

Apple has demonstrated that the conversion from HFS+ to APFS has gone pretty smoothly, but there are a few scenarios where you might want to give some serious thought to that kind of conversion.

Did I want my expensive RAID device to be my APFS Guinea Pig?

APFS is supported atop RAID devices, so this conversion will surely work out just fine. That's what I'd be telling myself had this happened to me, but I'd certainly have appreciated some warning. Deciding to turn on encryption has one set of implications, and we've had our hands on HFS+ CoreStorage encryption since OS X Lion, so there aren't many surprises left. Adding a filesystem format change might make me decide that this is a bit too risky for this particular device. What if there's a specific issue with my vendor's RAID? Wouldn't I at least like the opportunity to reach out to that vendor for comment before casually flipping this irreversible switch?

APFS Encrypted volumes are not backwards-compatible

Do you share your disk between Macs? APFS Encrypted volumes aren't backwards compatible at all, so if you attach that converted disk to a Mac running an older version of the OS, you're greeted with this heart-attack-inducing error message:

The disk you inserted was not readable by this computer

I'm using the term "older Mac" fairly loosely, this error was presented on my system running macOS Sierra 10.12.6. There's no modicum of backwards-compatibility for APFS encrypted volumes, so caveat emptor.

APFS volumes cannot be reverted to HFS

This is perhaps the most important caveat to this conversion. When I made the choice to encrypt my volume, I made a choice that I knew was reversible. Once encryption conversion has completed, I can right-click on the volume and decrypt it if I decide that encryption wasn't the right choice. But if I disable encryption on my APFS volume, the APFS part sticks – it's not possible to convert an APFS volume back to HFS+ without erasing it.

I hope Apple addresses this with a simple warning at the top of the password dialog: "This volume will be converted to APFS." Perhaps a link to some documentation? The help button in that password dialog currently opens a blank page in Apple Help, so there's plenty of room to add an explanation of what will happen. 😉