Prevent encrypted APFS volume on partition to automount / ask for password on login – Catalina

automountcatalinafindermount

I know similar questions have been asked before but I just can't believe this can't be solved, so I am going to ask again with specific details.

I have two partitions that are bootable on the internal drive of my Mac running macOS Catalina 10.15.7. Both are encrypted APFS volumes.

Whenever I log in to one of them, I am getting a promt, asking me for the password of the other. I do not want to store the password in the keychain to work around the prompt (for security reasons), in fact I do not want the other volume to be automatically mounted at all.
All I want is to be able to choose the boot volume on startup (via the [Opt] key).

I tried

adding this line to my /etc/fstab using vifs:

UUID=<UUID of the volume> none apfs rw,noauto

but this does not prevent the prompt from appearing.

changing the volume role via

diskutil ap changeVolumeRole <diskId> D

but this returns the error: Error setting APFS Volume role: Unable to set the APFS Volume Role (-69599)

Is there seriously no way of preventing disks from being automounted?
Can the Finder be at leat taught to not ask for the password?

Best Answer

Starting with MacOS BigSur 11.1. the /etc/fstab/ solution works (again):

find the volume label from the volume name:
diskutil list | grep <volume name>
the last entry (e.g. disk2s2) is the volume label.
find out the volume UUID from the volume label
diskutil info <volume label> | grep "Volume UUID"
open /etc/fstab for editing:
sudo vifs
add a line preventing the auto-mount of the volume:
UUID=<volume uuid> none auto noauto

Here's a complete example:

> diskutil list | grep "Macintosh HD2 - Data"
2:                APFS Volume Macintosh HD2 - Data⁩       341.8 GB   disk2s2

> diskutil info disk2s2 | grep "Volume UUID"
Volume UUID:               C58A1BDC-593C-4854-B954-702A73ABD67C

> sudo vifs
# add the following line:
UUID=C58A1BDC-593C-4854-B954-702A73ABD67C none auto noauto

On the next reboot the popup asking for the password will no longer appear.

Related Solutions

Stop prompting to unlock disk

Instead of using UUID try using LABEL. This will help to rule out UUID problems.

The following line in /private/etc/fstab stops the drive named SpareSSHD from mounting on OS X 10.10:

LABEL=SpareSSHD none    hfs rw,noauto

My drives are encrypted with FileVault2 and this works.

The following links provide more detail:

/private/etc/fstab and /etc/fstab are the same file. As @forquare confirms, they are symlinked. You can edit either.

MacOS – How to prevent automount of a partition in El Capitan

It appears that the syntax must use single spaces, not tabs, to be recognised by the system.

This would fall in line with many command line processes; the only exception that springs to mind is the hosts file, which can use any amount of whitespace.

That would make the correct syntax

UUID=uuid_of_partition2 none hfs rw,noauto

rather than

UUID=uuid_of_partition2       none    hfs     rw,noauto

... subtle but important difference.

Best Answer

Related Solutions

Stop prompting to unlock disk

MacOS – How to prevent automount of a partition in El Capitan

Related Question