A recent article prompted me to pull together a reference page for some fundamental changes in the structure of macOS Catalina. That includes volume roles, firm links, and read-only System files. I’ll break out the articles by groups for easy reference.
1. Apple’s own short description of macOS Catalina security.
macOS Catalina runs in a dedicated, read-only system volume — which means it is completely separate from all other data, and nothing can overwrite your critical operating system files.
2. Apple’s description of System Integrity Protection (SIP).
3. A primer: “macOS Catalina Protects the OS in its Own Read-only Volume.”
4. Developer Mike Bombich is still working on a new version of Carbon Copy Cloner for macOS Catalina. Here’s some preliminary documentation that explains Volume Groups, Volume roles, and firmlinks. “Working with APFS Volume Groups.” Below is his stellar graphic.
5. For additional color and details on the above documentation, I interviewed Mike Bombich on my Background Mode podcast. “Founder, Bombich Software, Mike Bombich (#2) – TMO Background Mode Interview.” Mike is a great explainer, and in this podcast he does an excellent job.
Relevant macOS Security
6. This article has excellent details on why Apple made the change to a read-only System volume. “Why Catalina has got a read-only system volume.”
7. Some details on macOS Catalina’s Gatekeeper. Apple is making the default behavior of Catalina more secure for everyday users while preserving essential UNIX functionality for the pros. “macOS Security Will Never Stop Us From Running Software of Our Choice.”
APFS (Apple File System)
8. APFS, which replaces HFS+, has opened the door to new ways of securing macOS. Here’s some nomenclature for starters. “An APFS FAQ: Partitions, Volumes, and AFPS Containers.”
9. If you held off on APFS in the High Sierra install, here’s a helpful tip. “How to Upgrade to APFS if Not Done in macOS High Sierra Installer.”
10. This FAQ by developer Mike Bombich is in the context of his backup app, Carbon Copy Cloner, but it’s a gold mine of info about file systems and APFS. “Everything you need to know about Carbon Copy Cloner and APFS.”
11. Thanks to APFS, you can have multiple versions of macOS in an APFS Container, say, a production version and a beta, all on the same internal SSD. From Apple: “Installing macOS on a separate APFS volume.”
That’s it for now. If you’ve found something relevant, let me know and I’ll update this reference article.