2

I have a raw dump of an APFS partition that I've created so that I can roll back a system to an exact state for testing. This dump was created using dd, and is not created form any of the volumes inside the container, but rather the entire APFS partition from the physical disk.

I'd like to restore it back on to the physical disk using dd, and normally I would do this by simply unmounting the partition so that the system isn't accessing it anymore. But because macOS is automatically creating a synthesized device from this APFS partition that contains all of its volumes, I can't restore it without the system going nuts as the partition's data changes out from under it.

How can I stop macOS from automatically creating the synthesized disk so that I can freely modify the raw data of this partition?

For example, if this is what diskutil list reports:

/dev/disk2 (external):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                         500.3 GB   disk2
   1:                        EFI EFI                     314.6 MB   disk2s1
   2:                 Apple_APFS Container disk1         499.9 GB   disk2s2

/dev/disk3 (synthesized):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      APFS Container Scheme -                      +499.9 GB   disk3
                                 Physical Store disk2s2
   1:                APFS Volume MyDisk                  462.0 GB   disk3s1
   2:                APFS Volume Preboot                 43.9 MB    disk3s2
   3:                APFS Volume Recovery                510.5 MB   disk3s3
   4:                APFS Volume VM                      2.1 GB     disk3s4

... then I want it to stop "synthesizing" /dev/disk3 completely. Unmounting the volumes disk3s1-disk3s4 is not good enough. And diskutil won't let me unmount /dev/disk3.

So far the only solution I've found is to do this on macOS 10.12 or earlier, since that system doesn't know about APFS. But I'd much rather do it on my main system running 10.14.

edit: I found one possible way of doing this: using GPT fdisk (gdisk) to change the APFS partition's type code to something that macOS won't handle (like 8301 Linux reserved), unplug and replug the disk, write over the partition, then change the type code back to APFS. It's not a great solution. I'd much rather find something better.

Bri Bri
  • 2,436
  • How about installing a version of Linux. You could boot to Linux and use the dd command without having to worry about any APFS volumes mounting. Or, just boot to a USB flash drive Live version of a Linux and use the dd command. – David Anderson Dec 16 '20 at 14:11
  • @DavidAnderson Yup, that's one possible method, similar to using macOS 10.12 and earlier. But it'd be nice if I could find a way to do it on my main Mojave system. – Bri Bri Dec 16 '20 at 15:29
  • Personally, I like using VM's and Live OS USB to handle operations such as this. I have tried using /etc/fstab to block an occurrence of macOS Mojave on a USB drive to try and achieve the goal here, but just didn't have any luck with it. You might want to try for yourself. If you could safely script the use of gdisk to automate the process of changing the partition's type code then this may be you best bet if you don't want to use a Linux VM to handle the dd operations. (I like using Linux to use pv (pipe view) in conjunction with dd.) +1 for a good question. – user3439894 Dec 17 '20 at 19:45

0 Answers0