The file system changes like this in Catalina
WWDC has "discoveries" among features not introduced in the keynote. Of course, developers and consumer users have different perspectives, but when it comes to changing the specifications of the "file system", it's a different story, and it's a serious matter that affects all Mac users. This time, let's explain the changes in the file system in the next macOS "Catalina".
The file system has undergone major changes
The directory structure of macOS has continued since the days of its predecessors, NEXTSTEP/OPENSTEP. The principle that "only users with administrator privileges (superusers) are allowed to rewrite" was consistent.
However, with the introduction of "System Integrity Protection (SIP)" in El Capitan, rewriting of specific areas such as /usr became impossible in principle, even for superusers. This is to improve security. However, there was room for security to be relaxed, as SIP has multiple exception directories (ex. /usr/local, etc.), and it is possible to disable SIP itself.
Catalina tightens file access even more. A root volume (startup disk) formatted with APFS (Apple File System) is divided into a system area and a data area, of which the system area is completely read-only. This is the future macOS filesystem because it is forced when you update to Catalina. It is said that it is possible to cancel read-only by disabling SIP, but it is thorough that it automatically returns to read-only after restarting.
In the read-only system area, only the directory "/usr/bin" where unimportant UNIX commands are placed is placed. Files that can be rewritten, such as applications (/Applications) and user work areas (/Users), are placed in the data area and distributed as appropriate.
How the new file system will look to apps and users will remain the same. For example, the system folder is "/System/Library" and user shinobu's home directory is "/Users/shinobu". In both cases, the entity resides in the data area, but a mechanism is provided to distribute access made to the system area.
The key to this is "Firmlinks", which will be introduced into APFS in Catalina. It seems to have a function similar to a symbolic link, and if you access the system area, it will be automatically replaced with the data area where the body is. Moreover, only the directory can be targeted, and unless a directory path that definitely exists is specified, the target file cannot be accessed.
The slide used in the WWDC session describes its feature as a "Bi-directional wormhole in path traversal", which is a "path wormhole in which an unexpected path is specified to attempt unauthorized access to an unauthorized file." It is certain that there is an aim to prepare for "traversal attacks".
Encrypted volume duplication/restoration
I would also like to note that Apple Software Restore has been enhanced to make duplication/restoration of encrypted volumes more secure and reliable. .
First of all, I would like to understand that APFS has a function/concept called "Space Sharing". In conventional file systems such as HFS Plus, partitions are fixed to one physical disk, and the task of increasing or decreasing the size is complicated and risky, but APFS introduces the concept of "container", which is physically different Manage volumes across drives and partitions. The previously mentioned read-only file system (division of data area and system area) utilizes this Space Sharing.
Catalina enhances replication of APFS volumes. Even before APFS was adopted as the default file system, macOS had the "asr" command for volume duplication. You can create a new container while (decrypting) and defragmenting. The point is that it is not just decryption.
In addition, APFS provides encryption/decryption functions in the file system itself. In the system before High Sierra (HFS Plus), encryption and decryption used CoreStorage functions, so there was a concern that unencrypted data would be exposed at that time. There is no need for APFS to worry about that. It would be nice to see that the utility value of FileVault has increased.