How can you check the integrity of Time Machine backups in Sonoma?

One of the most common questions I get asked about Time Machine backups is how you can check and verify them. The answer to that has changed in recent years, and depends on whether you’re still using legacy backups to HFS+ backup storage, or have switched to APFS. This article assesses the options available for those backing up using Time Machine in Sonoma to APFS volumes.

File system integrity checking

The best place for integrity checking to occur is in the file system itself, but APFS doesn’t currently provide any option to do that. It does store and check Fletcher 64 checksums of objects in the file system metadata, but those don’t include file data, so should protect the structure of Time Machine backups, not their contents.

Consistency scan

In previous versions of Time Machine, there has been an option to perform a consistency scan. To do that, you had to Control-Shift-Click the backup volume in the Time Machine pane in System Preferences.

tmconsistencyscan1

That’s no longer available in Sonoma, when backup storage is in APFS format at least. Whether this is an omission on the part of System Settings isn’t clear, but as none of Apple’s documentation for Time Machine refers to this option, it appears that it no longer exists.

Verify checksums

The command line option to verify checksums is documented in tmutil‘s man page and its usage info. This can be performed using a command of the form
sudo tmutil verifychecksums /Volumes/.timemachine/[UUID]/[datestamp].backup/[datestamp].backup
where the simplest way to insert the full path to a backup is to drag and drop it from the hidden .timemachine pseudo-volume.

Running that command results in a pause, followed by the command prompt, without eliciting any report of the success or failure of the verification. Neither is there any indication in the log that anything by way of checksum verification has taken place over that period. Even if this command does something, it’s unclear what it does, and how that might have checked the integrity of backups.

The last time that I looked at this option, the results were similarly unhelpful, although checksums did appear to be attached to backed up files as extended attributes. I can find no trace of those extended attributes in backups made here by Sonoma to APFS, which suggests that whatever verifying checksums might do, it’s not verifying file data in the backup.

Verify integrity

Currently, the only form of backup verification described by Apple in its user documentation is an option that appears aimed at those making Time Machine backups to network storage such as NAS systems. Open the Time Machine menu with the Option key held down, and the Back Up Now command changes to Verify Backups, as described in Apple’s article.

That article is ambiguous, in that it refers to backing up to “a network disk”, not local storage.

If your Mac’s backups are being made to local storage, the command is still available, and results in a fresh manual backup being made. Time Machine’s entries in the log also refer to what it terms a “manual health check”. However, apart from initial log entries that report the option, there’s no evidence from the log that anything other than a normal automatic backup is performed, and Time Machine doesn’t record any results of this verification in the log.

Altered entries in the log include:
Requested a manual health check Backup verification requested for last destination in rotation. specifiedOptions: TMBackupOptions(rawValue: 20) Starting backup with mode "manual health check" Backing up 1 volumes to OWCenvoyProSX2tb (/dev/disk7s2,TMBackupOptions(rawValue: 20)): /Volumes/OWCenvoyProSX2tb

Reference in the documentation to routine automatic integrity verification when backing up to network storage might imply that this option runs fsck_apfs on the virtual APFS file system in the sparse bundle containing backups, but Apple doesn’t make that explicit, nor does it document the manual health check mode, or offer it as an option in tmutil.

Third party integrity checks

There are at least two systems for making file data integrity checks on files prior to their being backed up. My own offering, Fintch, Ditch and cintch, is available free from here. The only caution when using this on backups is that the files must be tagged before they’re backed up by Time Machine, as its backups are read-only, making it impossible to tag files in an existing backup.

Summary

While APFS checks the integrity of file system metadata, it has no intrinsic means of checking the integrity of file data.
Consistency scans aren’t available.
Verifying checksums doesn’t appear to verify file data.
Verifying integrity does run a backup in manual health check mode, but there’s no evidence that verifies file data.
Third party integrity checks currently appear to be the only way to check and verify the data in Time Machine backups.
Documentation for Time Machine and tmutil is unhelpful at best.

7Comments

Add yours

1

Alan B on November 6, 2023 at 8:48 am

Carbon Copy Cloner offers verification features:
https://bombich.com/kb/ccc6/how-verify-or-test-your-backup#:~:text=CCC%20will%20then%20read%20every,and%2For%20checksum%20differences).
Thankfully I always keep both TM and CCC backups.

LikeLiked by 1 person
- 2
  
  hoakley on November 6, 2023 at 8:49 am
  
  Thank you. I’m well aware of that.
  Howard
  
  LikeLiked by 1 person
3

Rob on November 6, 2023 at 1:04 pm

Howard,
you bring up a great point. Time Machine, given its automated nature, lulls the user into feeling the backups will be there when needed. Seems like Apple could embed an integrity check into the regular backup process.

LikeLiked by 2 people
- 4
  
  kapitainsky on November 6, 2023 at 4:10 pm
  
  Interestingly they did at some stage (do not remember now which macOS version it was) and TM stored files’ checksums. This was the only time when `tmutil verifychecksums` actually worked. But then all functionality disappeared in subsequent OS releases – Only verifychecksums command remains:) but it does nothing nowadays.
  This is IMO the biggest shortcoming of TM. It is backup solution which does not have means to verify if backup is intact.
  
  LikeLiked by 1 person
  - 5
    
    hoakley on November 6, 2023 at 5:34 pm
    
    Yes: we discussed it here a few years ago, but I think that was before APFS backups, and may have been confined to HFS+.
    Howard.
    
    LikeLike
    - 6
      
      kapitainsky on November 6, 2023 at 6:27 pm
      
      Yeap. And thank you for very good summary of the state of TM backups integrity check options. With Apple we are only users and have to take it or leave it.
      
      LikeLiked by 1 person
    - 7
      
      hoakley on November 6, 2023 at 10:08 pm
      
      Thank you.
      Howard.
      
      LikeLike