Apple introduced the APFS filesystem in 2018 with the release of macOS High Sierra (13.x). macOS Mojave (14.x) was the last version of macOS that could format a volume using the HFS+ Encrypted format. While current versions of macOS can still unlock and mount HFS+ Encrypted volumes, that support will come to a predictable end in October 2027 when Apple releases macOS 28. With that eventuality in mind, you can avoid losing access to your data by adopting APFS for volumes that require encryption.
What should I do for HFS+ Encrypted backups?
Backup disks are the "easy" scenario, you can simply erase the volume as APFS Encrypted, then re-establish your backups. Apple does not support converting HFS+ Encrypted volumes to APFS, so there isn't a migration option that will preserve the data on the backup. HFS+ doesn't offer support for snapshots, though, so HFS+ backups only have the "current" version of your data. Erasing the volume and repopulating the backup is the best path forward. CCC makes this really easy:
- Open CCC and select a backup task that has a HFS+ Encrypted destination.
- Click on the Destination selector and choose Backup Volume Setup Assistant…
- Check the box to enable encryption and specify a password.
- Click the button to erase the volume.
- Click the Start button to run the backup task and repopulate the backup.
What should I do for an HFS+ Encrypted volume that is not a backup volume?
If you have a production data volume that is HFS+ Encrypted, you can back up the data on that volume to an APFS Encrypted volume, then erase the original source as APFS Encrypted, then restore the data. CCC can help you with this as well, and has a built-in verification feature that makes this process safer.
Establish and verify the backup
- Click New Task in CCC's toolbar to create a new task.
- Click on the Source selector and select your HFS+ Encrypted volume as the source. If you're prompted to save the volume's password in the System keychain, click Don't Save Password.
- Click on the Destination selector and choose a volume on a disk that has ample space to back up the data from the source.
- When you select the destination, CCC will presents its Backup Volume Setup Assistant. If you selected a volume that already has other data on it, select the "Add a volume" box. Check the box to encrypt the destination, then provide a password. Add the new volume, or click the button to use the currently-selected destination volume exclusively for this task.
- Click Advanced Settings at the bottom of the window.
- Select the Postflight tab.
- Check the box next to Reverify files that were copied.
- Click Done, then click the Start button.
Or, if you already have an established backup task for this volume, you can update and verify that backup before erasing the primary source:
- Open CCC and select the applicable backup task
- Click Advanced Settings at the bottom of the window.
- Select the Postflight tab.
- Check the box next to Reverify files that were copied.
- Click Done.
- Hold down the Control key and click the Start button to perform an ad hoc Backup Health Check. CCC will update the content of the destination to match the source, and verify that every file on the backup volume matches the source.
Restore the backup
- Click Restore in CCC's toolbar to create a new Restore task.
- Select the backup volume from the Source selector.
- Select the original HFS+ Encrypted source volume from the Destination selector.
- Click on the Destination selector and choose Backup Volume Setup Assistant…
- Uncheck the box next to "Enable snapshots to retain backup history" (we don't recommend enabling snapshots on a primary source volume).
- Check the box to enable encryption, then provide a password.
- Click the button to erase the destination volume.
- Click the Start button to perform the restore.
When the Restore task has completed, you can delete the Restore task. Right-click on the Restore task in CCC's sidebar and choose the option to delete that task.