hoakley March 30, 2023 Macs, Technology

How APFS mounts an external disk: 1 Basics

Since adding the feature in Mints 1.11 to obtain log extracts looking at APFS and how disks are mounted, I’ve been busy examining extracts for several different types of mount, and other procedures involving APFS. I’ve also matched these against the limited information provided in the APFS reference (last updated nearly three years ago), and here attempt to provide better insight into how APFS mounts the containers and volumes of an external disk.

The message field of each log entry made by APFS has a standard structure:

The descriptive name of the APFS task, which might refer to a code procedure, e.g. nx_get_volume_group.
The task-specific identity number, e.g. 8051 for nx_get_volume_group. Some tasks can have more than one ID.
A description of the activity undertaken and any result.

The diagrams used here provide the first two items, and a brief summary of the third.

After the hardware subsystems have established connection with the external disk through its interface and internal drivers, Disk Arbitration creates the new disk devices. In this case, I’ll consider a plain SSD formatted with a single APFS container and unencrypted volume. This is partitioned as follows:

At the top level, disk4 is divided into two partitions, disk4s1 and disk4s2.
disk4s1 is a hidden EFI partition in MSDOS format.
disk4s2 is an APFS container, disk5.
disk5 contains a single APFS volume disk5s1.

Bootable external disks have a more complex structure within their APFS container; I’ll examine mounting them in a later article. Encrypted APFS volumes are stored in the same layout, and are mounted in a similar process, although volume operations can only take place once the user has entered their password. Again, I’ll examine those in a later article.

Partition

basicmountapfs2

Disk Arbitration probes each of the partitions on the disk, and runs fsck on them to determine the health of their file systems. For the EFI partition, that’s almost instant, but the APFS container takes longer.

While that’s in progress, APFS gets ready to handle the mount by allocating a buffer for crypto purposes, initialises the device and block information, and cache. The next and most important task is for APFS to locate the latest valid checkpoint in the APFS partition/container. This consists of the container’s superblock and checkpoint-mapping blocks that are the most recent and valid. When a disk has been unmounted cleanly, the container superblock required should be that in the first block of the partition, and provides the location of the checkpoint descriptor area. This should have the largest transaction identifier, and is checked using its magic number and checksum. This leads to the stable checkpoint indices.

If the first block of the partition has an older copy of the container superblock, that indicates the disk wasn’t last unmounted cleanly, and the latest container superblock must be located before mounting can proceed. Another variation that can be encountered at this stage is when the container has a boot volume group to be mounted, as I’ll describe in a later article.

With the latest valid checkpoint located, Disk Arbitration creates the container and volumes, and starts to probe them, running an fsck on the volume.

Container

basicmountapfs3

APFS prepares to examine the container and its volumes by initialising the container device and block information, and cache. It then performs a sanity check on the latest valid checkpoint before locating the disk metazone and allocation zones within the container. Once it has checked whether there’s anything to recover within the container, it mounts the single APFS volume within that container.

Volume

basicmountapfs4

With the volume mounted, APFS acquires the volume information and sets the block size to be used, then declares the volume name and its role. In the case of a general-purpose volume, this confirms it’s not a System or Data volume, which need special treatment to ‘stitch’ them together using their firmlinks, and has no other special role, such as Preboot, which will automatically be unmounted.

In anticipation of the requirement to handle encryption, APFS tries to initialise the volume keybag. This is a data structure to store the collection of keys required, and is only found with encrypted volumes, so fails when the volume is unencrypted. Disk Arbitration should by now have received the results of fsck on the volume, and declares the volume mounted.

Container scans

Once all the volumes in the container have been mounted, APFS scans the container for free blocks without performing any trims. At about this time, APFS sends an ‘unknown’ IO control message to the disk, normally resulting in an error; the purpose of this isn’t clear, but it appears to happen once during each volume mounting sequence. Any volume snapshots to be mounted will normally be handled at about this time, a process I’ll examine in a later article.

Finally, the container’s Space Manager scans for free blocks again, this time performing trims, and reporting the distribution of free block sizes available once the trims are complete, for example as
disk5 trim distribution 1:1461 2+:1267 4+:4121 16+:785 64+:822 256+:675
Trims appear to be performed reliably with NVMe SSDs, whether connected via Thunderbolt or USB-C, but don’t appear to happen by default with SATA SSDs.

After that, APFS normally reports transfer statistics for containers after periodic flushes, but doesn’t appear to perform any further trims. A typical transfer report might read
tx_flush:1241: disk3 xid 1312713 tx stats: # 4160 finish 4140 enter 273 wait 83 2024us close 16us flush 1159us

Summary

The full summary is shown in the diagram.

basicmountapfs1

A tear-out PDF version is available from here: basicmountapfs1p

As ever, I welcome corrections to my errors.

12Comments

Add yours

1

Enzo Vincenzo on March 30, 2023 at 7:20 am
Reply

You are great, Howard… And you are unique. Thanks to you Macs are not a mystery.
Thanks for your patience to a my question which perhaps will seem or is really silly.
So! Think you can create a viable Disk Utility alternative? After Jobs’ disappearance, in fact, Disk Utility has become little more than a toy.
I think Disks and Partitions, even if hidden, must be viewable and manageable also through the GUI in a really powerful Operating System.
But is it very difficult to create a nice GUI with all the Terminal diskutil commands?… Even (obviously) dividing the Utility into standard and advanced functions…
Do you happen to know if there is any valid alternative to Disk Utility that at least allows you to view all the hidden partitions and drives, like it used to be possible?…
I remember when I could even create RAID 0 before installing Mac OS X from scratch…
Regards

LikeLiked by 1 person
- 2
  
  hoakley on March 30, 2023 at 8:47 am
  Reply
  
  Thank you.
  There are very good reasons for making system-level containers invisible. Sadly, some folk just have to tamper with them. And there’s no surer way of making your Mac unbootable than by doing that.
  Disk Utility as it stands, with a few of the longstanding bugs fixed, is perfectly fine with me. There’s no point in trying to reinvent the wheel. Some of its features, such as working with snapshots, can’t readily be implemented in third-party software either – in the case of snapshots, it requires an entitlement granted by Apple, for example.
  Howard.
  
  LikeLiked by 1 person
  - 3
    
    Duncan on March 30, 2023 at 3:36 pm
    Reply
    
    “…such as working with snapshots, can’t readily be implemented in third-party software either – in the case of snapshots, it requires an entitlement granted by Apple, for example.”
    
    I’m guessing that Bombich Software (Carbon Copy Cloner), for example, would have such an entitlement. Who else would be on that list?
    
    LikeLiked by 2 people
    - 4
      
      hoakley on March 30, 2023 at 3:46 pm
      
      Yes. You have to apply to Apple, and it vets your intentions and implementation. I gather there are some strict rules, and I don’t see a competitor to Disk Utility being an easy approval.
      There’s a few apps that have this entitlement now – I think SuperDuper! does, and BackupLoupe too. You can see the entitlement in tools that reveal them, like Apparency (free from Mothers Ruin).
      Howard.
      
      LikeLiked by 1 person
5

Claude Binovsky on March 30, 2023 at 9:06 am
Reply

Hello Howard,
Message written in French and Apple translation! Sorry !

A question about APFS and HFS+ for formatting external disks. Usually, and especially since the recent update of the magical DiskWarrior, I continue to format all my USB-A/C or TB2/TB3 mechanical external drives in HFS+.
This seems to me essential for single disks with a single physical unit inside or for RAID 0/1 systems with 2 internal disks.

I still ask myself the question about the formatting of the Promise Pegasus 3 or 32, in TB2 or TB3 !?
For the moment I keep HFS+ even they are mounted on Mx machines (Mac Studio, Mini M1 or M2) with systems 12 or 13.
I have 7 Mac/Promise configurations that have been working perfectly for several months/years, except for one that is a problem, which I will tell you about next.

Do you have an opinion for this: APFS or not for Promise RAID towers (or others but I only work with this type of machine at the moment, waiting to test the Terra Master)?

Moreover, if I can ask you how to find the origin of a problem on a configuration that has really been giving me problems for several weeks.
It’s a Mac Studio M1 max 32/1TB under Monterey (without screen or mouse and keyboard) with a Pegasus 32 R6 (6×4) – to my knowledge the drivers are up to date – connected in TB3 which disconnects very regularly.

In fact it simply disappears and not visible by DiskUtility. It takes a re-start, sometimes two or three, and even more rarely, I have to turn off and on the Mac Studio for the Pegasus want to re-appear.
It can then remain functional for several days, accessible by several people on shared folders (ACL lists managed via TinkerTool System).

Note that the Promise TB3 cable has been changed by a TB3 OWC. That the Mac Studio has undergone an almost complete change of components (motherboard, 10 Gb Ethernet, Thunderbolt Bar) and that the system has been reinstalled.

Another problem on this machine (related to the Promise?) is that the Finder become inaccessible. I use either ARD, AnyDesk or JumpDesktop and sometimes none of the three work anymore, only SSH to make a reboot!
In addition, CCC tasks and data sharing continue to work, of course as long as the Promise is present.

Where to start and how to look? Thank you if you can give me an indication. You can also answer with my mail if you prefer.

Claude

LikeLiked by 1 person
- 6
  
  hoakley on March 30, 2023 at 10:49 am
  Reply
  
  I’m sorry, I haven’t used a Promise Pegasus for 4 years now, and stopped using hard disks around then.
  At that time, Pegasus arrays were dependent on kernel extensions. If they still are, that may explain problems with Apple silicon Macs, which really don’t like kernel extensions, particularly older ones. I’ve not come across a modern device like an external SSD that has ever had problems maintaining its TB3 connection like that, and that makes me suspect it’s either a problem with the kext, or the hardware.
  Although I have experience with a TerraMaster NAS, I’ve never tried one of their arrays. Again, if it relies on a kext, I wouldn’t touch it, as it will only be trouble with Apple silicon Macs.
  Have you contacted Promise support? I’m afraid that’s my best suggestion. Debugging fractious TB3 devices isn’t straightforward.
  Howard.
  
  LikeLike
7

Simon on March 30, 2023 at 2:01 pm
Reply

I have two external TM baclup SSDs – different SATA models, different SUB bridge cases. One of those disks is attached directly to an M1 Pro MBP and the other to the same MBP via a TB4 hub. On either setup, I occasionally (~ every 5th connection) observe that the SDSD will not automount when the USB/TB connection to the Mac is made. Disk Utility will see the SSD just fine, but I will manually have to mount it. Then it mounts fine though. I cannot recognize any pattern to this failure or workaround to get the drive to always automount like it should. Any ideas?

LikeLiked by 1 person
- 8
  
  dominikushoffmann on March 30, 2023 at 3:02 pm
  Reply
  
  I have seen behavior like this on one of my Intel Macs ever since upgrading to Ventura 13.3. I haven’t done much to investigate it and thus don’t know anything about the level of intermittency or frequency of this occurrence.
  
  LikeLiked by 1 person
- 9
  
  hoakley on March 30, 2023 at 3:41 pm
  Reply
  
  I’m sorry to hear that.
  I’ve switched almost completely to TB3 enclosures now, although I’ve not experienced this with relatively cheap USB-C enclosures. All I can suggest is trying a different enclosure and a branded TB4 cable.
  Howard.
  
  LikeLike
  - 10
    
    Simon on March 30, 2023 at 4:01 pm
    Reply
    
    Thank you. Cables are already legit TB4 and since it’s affecting two different hubs and 2 different cables and cases already, I’m assuming this problem is related to the Mac. The hardware checks out in AHT and otherwise no complaints so my money is presently on macOS. Perhaps an issue with the USB3 driver. Since another comment indicates this also happens on Intel, it’s probably safe to assume it’s not just an AS bug.
    
    LikeLiked by 1 person
    - 11
      
      hoakley on March 30, 2023 at 4:03 pm
      
      In which case it’s time to contact Apple to arrange a full diagnostic test of your Mac.
      Howard.
      
      LikeLike
12

Michael Tsai - Blog - Apple’s Big Gamble: the 6th Birthday of APFS on March 30, 2023 at 8:29 pm
Reply

[…] take unpredictably long amounts of time or not succeed at all. I don’t know whether this is related to APFS, though it seems not to occur with my few remaining HFS+ […]

LikeLike