FileVault doesn’t use Sparse-Images anymore

posted December 20th, 2006

Today I wanted to move my Tiger FileVault Sparse Image into the Leopard testbuild (9A321). I really liked the way FileVault worked, saving everything in a crypto-image. It was really easy to back up and you were always sure that you backed up all the resource files etc.
In Leopard however, your crypto home is not stored in a sparse image anymore. It is now stored in a folder called foo.sparsebundle which has the following structure:

1> ls -la
total 24
drwx------@ 3 foo  foo   204 Dec 20 19:10 .
dr-x------  3 foo  foo   102 Dec 20 19:13 ..
-rw-------  1 foo  foo   510 Dec 20 19:10 Info.bckup
-rw-------  1 foo  foo   510 Dec 20 19:10 Info.plist
drwx------  2 foo  foo   204 Dec 20 19:33 bands
-rw-------  1 foo  foo  1276 Dec 20 19:10 token

The content seems to be in the bands folder. So this is what’s inside:

1> ls -la
total 746800
drwx------  2 foo  foo        204 Dec 20 19:33 .
drwx------@ 3 foo  foo        204 Dec 20 19:10 ..
-rw-------  1 foo  foo   90267648 Dec 20 19:44 0
-rw-------  1 foo  foo   91848704 Dec 20 19:11 80b
-rw-------  1 foo  foo   79454208 Dec 20 19:43 d
-rw-------  1 foo  foo  120791040 Dec 20 19:40 e

My impression was that freeing up unused space was much faster.

Here the content of the Info.plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DT
Ds/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>CFBundleInfoDictionaryVersion</key>
        <string>6.0</string>
        <key>band-size</key>
        <integer>134217728</integer>
        <key>bundle-backingstore-version</key>
        <integer>1</integer>
        <key>diskimage-bundle-type</key>
        <string>com.apple.diskimage.sparsebundle</string>
        <key>size</key>
        <integer>276446150656</integer>
</dict>
</plist>

The key management data seems to be in the token. But I will not post that little piece of information! ;)

It turns out that you can “mount” the sparsebundles just like the sparsimages.

foo

Posted in leopard |
This entry was posted on Wednesday, December 20th, 2006 at 9:17 pm and is filed under leopard. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

8 Responses to “FileVault doesn’t use Sparse-Images anymore”

  1. Air. Water. UNIX. » FileVault in Leopard doesn’t use SparseImages Says:
    January 1st, 2007 at 12:33 am

    […] Good little writeup on FileVault in Leopard and the move away from sparse disk images to SparseBundles which, as far as I can tell, is still a sparseimage inside a bundle directory. TheMacHackers think this was done to make free space allocation faster. […]

  2. Anthony Vance » FileVault–Cryptographic Analysis Says:
    January 6th, 2007 at 6:01 am

    […] Interestingly, developer builds of Mac OS X Leopard show that FileVault is significantly updated. It would be interesting to see another cryptographic assessment of FileVault after Leopard is release. […]

  3. Dave Says:
    August 20th, 2007 at 10:40 am

    Is it possible to mount a sparsebundle with Tiger?

  4. Dave Says:
    August 20th, 2007 at 1:37 pm

    Damn :-) It’s not possible to mount a sparsebundle with Tiger. That makes migrating back a bit tricky - or lets say: manual.

  5. Dave Says:
    August 20th, 2007 at 3:18 pm

    fuck - booting my leopard backup from external media freezes at boot time and the disk utility on the leopard dvd cant mount sparsebundles… screwed.
    i’ll try to copy the backup back to the internal hdd. maybe leopard has problems when booting from external drives.

  6. assorted pieces of random gobbledygook » Converting FileVault images for OS X 10.5. Says:
    October 29th, 2007 at 11:34 pm

    […] Just upgraded to Leopard doing a clean reinstall. Before I copied my sparseimage FileVault container (/Users/$USER/$USER.sparseimage) to an external USB drive, after the reinstall I copied it back. Then I remembered that FileVault in OS X 10.5 uses a new format (as reported in FileVault doesn’t use Sparse-Images anymore) and thought better of it. The new format apparently splits the image into 8MB big chunks, called bands which should make deallocation of free space much easier. […]

  7. MacMacken » 10 × Schwächen von FileVault Says:
    December 9th, 2007 at 3:48 am

    […] FileVault speichert die Benutzerdaten wie oben erwähnt in einem verschlüsselten Sparse Disk Image (beziehungsweise in einem verschlüsselten Sparse Bundle seit Mac OS X «Leopard»). Aus diesem Grund kann FileVault nur aktiviert oder deaktiviert werden, wenn mindestens gleich viel Speicherplatz zur Verfügung steht wie Benutzerdaten zu verschlüsseln oder zu entschlüsseln sind. In vielen Fällen muss man seine Benutzerdaten deshalb teilweise auf externe Festplatten «auslagern» um FileVault aktivieren oder deaktivieren zu können – FileVault zeigt ansonsten eine Fehlermeldung an. […]

  8. Lola Says:
    March 23rd, 2009 at 8:38 pm

    Please help. Without going into too much detail, my filevault sparsebundle is now a folder which contains tokens and bands. How can I restore it to be a .sparsebundle file as it was before. I really need to access my data….
    Appreciate your help!

Leave a Reply