> (the OS volume itself isn't encrypted and is read-only, the data volume is enc... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		SamuelAdams on Jan 14, 2021 \| parent \| context \| favorite \| on: Apple removes first-party firewall exemption in ma... > (the OS volume itself isn't encrypted and is read-only, the data volume is encrypted with your password) Wait, WHAT? Can someone with an M1 encrypted volume Mac check this directory and see if you see thumbnails? > $TMPDIR/../C/com.apple.QuickLook.thumbnailcache/ A full writeup of this is at the link [1]. This has been a well-known thing in computer forensics for many years, which is why full disk encryption is so important. [1]: https://objective-see.com/blog/blog_0x30.html

my123 on Jan 14, 2021 | [–]

Everything in the Data volume is encrypted. The System volume is signed by Apple and is the same on every Big Sur Mac (SSV feature).

This can be disabled through csrutil though.

BillinghamJ on Jan 14, 2021 | | [–]

The OS volume is a read-only image now - just system files only, and is signed etc

wil421 on Jan 14, 2021 | [–]

No such file or directory on my M1 Air.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact