Apple is deepening support for encryption in its PCs, laptops and devices with the introduction of Apple File System (APFS), a new file system that will replace the existing HFS+ file system from next year.
APFS has been "engineered with encryption as a primary feature", according to Apple, adding extra encryption features into the file system that will make it easier for users to encrypt files.
However, it may also reignite disputes with law enforcement and security agencies over backdoors for encrypted communications and devices.
APFS will be backwards compatible with HFS+, which is used by MacOS and iOS operating systems. HFS+ has been used by Apple since 2001, but existing third-party utilities will need to be updated to support it. Apple claimed that one of the main reasons why the new file system is required is to take advantage of the shift to flash-based storage media.
One of the key features, therefore, will be auto-trim to prevent devices using flash slowing over time (as any user of a cheap Android device eventually finds out).
"Like HFS+, APFS supports Trim operations. On APFS, Trim operations are issued asynchronously from when files are deleted or free space is reclaimed, which ensures that these operations are only performed once metadata changes are persisted to stable storage," said the Apple File System Guide.
It is also, Apple was keen to point out, compatible with traditional "spinning rust" hard disk drives.
However, it is the extra support for encryption that raised most eyebrows. "On OS X, full disk encryption has been available since OS X 10.7 Lion. On iOS, a version of data protection that encrypts each file individually with its own key has been available since iOS 4. APFS combines both of these features into a unified model that encrypts file system metadata," explained the guide.
"APFS supports encryption natively. You can choose one of the following encryption models for each volume in a container: no encryption, single-key encryption, or multi-key encryption with per-file keys for file data, and a separate key for sensitive metadata.
"APFS encryption uses AES-XTS or AES-CBC, depending on the hardware. Multi-key encryption ensures the integrity of user data even when its physical security is compromised."
Other features include ‘space sharing', enabling multiple file systems to share the same underlying free space on a physical volume.
"Unlike rigid partitioning schemes, which pre-allocate a fixed amount of space for each file system, APFS volumes can grow and shrink without volume repartitioning," said Apple.
The 64-bit Inode Numbers scheme will also enable APFS to support more than nine quintillion files on a single volume (which ought to be enough for anyone - for the time being).
APFS uses a copy-on-write metadata scheme to ensure that updates to the file system are crash-safe. This approach also reduces the additional overhead of journaling that occurs with HFS+.
BT wants to make the public switched telephone network history within eight years
Personal data being purloined by third parties via Facebook Login API
MacOS and iOS are better off apart, says CEO Tim Cook
Or they'll no longer be entitled to updates and bug patches