For Mac, have the option to use FUSE-T #1055
Comments
|
+1 to this issue. FUSE-T markets itself as a "Drop-in replacement for osxfuse," so even though I haven't looked at the VeraCrypt code, I can't imagine that the implementation would be very difficult. Since VeraCrypt aims to be transparent, I also think that it's problematic that both MacFUSE and FUSE-T are closed-source programs, but I suppose that's a different discussion. |
|
Well, it will work with minor changes to veracrypt, the developer of Fuse-T did compile and tested it with minor changes. |
|
It is indeed becoming harder to configure macFUSE on recent macOS versions for non-technical users. This limits the userbase of VeraCrypt and supporting Fuse-T is a solution to this problem. Thank you @arifzeeshan for sharing the confirmation of Fuse-T author that minimal changes are needed to make it compatible. He didn't share these changes but I give it a try in the coming weeks and see how it goes. |
|
Looking forward to the changes and since Fuse-T runs on a userspace, hope we will also have a portable version too. |
|
Could you please provide an update on the progress made in this area? Any details on the specific changes implemented or the overall experience in integrating Fuse-T with VeraCrypt would be greatly appreciated. Thank you again for your efforts and for sharing this information! |
|
@idrassi Do you have a progress update on this feature? |
|
Seems that Fuse-t author recently posted his changes to VeraCrypt here. |
|
@idrassi What steps are necessary before macos-fuse-t/VeraCrypt can be merged into the main VeraCrypt repository? |
|
@idrassi thank you for your great work. It looks as if the PR from the Fuse-T repo is rather straight forward. Could you at least merge it into a new feature branch so that it gets some exposure and can be tested by the brave folks here? Thank you! |
|
Any update on this? Would be great to have this option, I don't want to mess with kernel extensions on my new M1 machine. |
|
@beatschubser I believe that this is being held up by #1276 right now—see this comment. |
|
I have finally merged #1276 and added some enhancements on top of it. I will implement the changes to create a fuse-t build and share it here for testing. |
|
I have added FUSE-T support to VeraCrypt in this commit: edde1d4 There was an issue that caused volumes not to mount the first time they are used, and it took time to figure out the cause and the fix. It turns out that FUSE-T is slower in making the content of the mounted volume control file available compared to MacFUSE, so I had to add a waiting loop (250 ms for each loop) in order for the mounted content to be accessible. You can see the loop here: edde1d4?diff=split&w=0#diff-c700f1c203f50e9d8f52601149b2406b97501ce983d57afa1ad5a61a22bfe3c5R303 Another issue is that FUSE-T libraries are built in such a way that they target only macOS Sonoma (14.0), while VeraCrypt targets macOS Monterey as the minimum version. I don't know if this was done on purpose and macOS Ventura and Monterey are not supported by FUSE-T. So for now, we get this warning during the linking of VeraCrypt: It would be better if FUSE-T could target Monterey or Ventura as the minimum version. Apart from this, it seems to work well and it is certainly less painful than MacFUSE which requires disabling security settings on Apple Silicon. The next step is to notarize the VeraCrypt binary for FUSE-T and share it here for testing. |
|
As promised, here is the notarized version of VeraCrypt that uses FUSE-T instead of MacFUSE: SHA256 SUM: Based my tests, it seems to work well. Feedback is welcomed. |
|
Hi @idrassi, First of all, thank you very much for your work! The new version seems to work on my M1 MacBook, but I found two (minor?) problems.
The next time it was mounted without any problems.
Best regards, Edit: typo. |
|
Thank you @pashynskykh for the quick feedback. For the first issue, it is caused by a FUSE-T issue for which I have already implemented a workaround (a waiting loop of max 1.2 seconds): VeraCrypt/src/Core/Unix/CoreUnix.cpp Line 306 in 210827d For the second issue, you certainly selected FAT as your filesystem in the wizard, and that’s why you are getting “NO NAME” in the mount point. This is hardcoded in VeraCrypt for FAT formatted volumes: VeraCrypt/src/Core/FatFormatter.cpp Line 285 in 210827d You can always change the volume name to your liking in Finder by selecting “Rename.” Once done, you will start to see this customized name when you mount the volume with VeraCrypt. |
|
@idrassi thanks for the detailed answer. Yes, for the second "problem" I used FAT. It really does make sense to avoid using any names at all, as the name could theoretically be a privacy/security issue if not chosen carefully. Thanks for the clarification. I'll have more time to play with the app tomorrow. If I find anything else, I'll post an update here. Thanks again for all your work. It's really great to see progress on this issue, as FUSE-T is a superior choice to macFUSE. Best regards, |
|
The new 1.26.11 is working well for me (M1 Max MacBook Pro/MacOS 14.5 + external USB C SSD). I haven't tested extensively but everything is good so far. Andy |
|
Thank you @tarbs for the feedback. This shows that the current workaround for the FUSE-T delay issue does work on some machines other than mine. I’m starting to like FUSE-T and I hope further tests by the community will not uncover any major issues because it is a good candidate for replacing MacFUSE as the default FUSE layer, esopecially that it is easier to deploy on Apple Silicon for non-technical users. |
|
@pashynskykh, I have increased the waiting time for FUSE-T to 5 seconds and prepared a new build with this change. Please let me know if this solves the problem of mounting newly created volumes. VeraCrypt_FUSE-T_1.26.12.dmg.zip SHA256SUM: |
|
@idrassi just checked: created a new volume and mounted it. I didn't get any errors this time. Thank you very much! |
|
Just tested on a corp machine with kernel extensions locked down, and thank you! This works perfectly! |
|
I have been playing more with 1.26.12 today and have not seen any problems. I am happy that it can finally be used on my Macbook with FUSE-T. Thanks a lot @idrassi! |
|
Thank you all for the testing, specially @pashynskykh. Things look good for FUSE-T support. It will be the recommended version of VeraCrypt for Apple Silicon. |
|
It works in regards to using fuse-t - fantastic news. But I have noticed that it has missing "TrueCrypt Mode" when mounting. Any particular reason to remove it? I have still some old TrueCrypt disks I mount from time to time. EDIT: I missed that it is no longer supported. I have my answer then. |
|
@kapitainsky Thank you for the feedback. Concerning TrueCrypt support, it was indeed dropped in version 1.26.7 in order to simplify the code base and add room for new Blake2s algorithm. For users like you that have old TrueCrypt volume, it is possible to convert them to VeraCrypt format without loosing any data as indicated in the documentation: https://veracrypt.fr/en/Converting%20TrueCrypt%20volumes%20and%20partitions.html |
|
Maybe good excuse to convert these old volumes:) BTW. I am testing VC and FUSE-T on Intel mac - so far all works perfectly. |
|
Installed in a fresh env (first VC installation), Sonoma (24.5) Mac Book Air M3. FUSE-T 1.0.38 (sshfs: 1.0.2). First tests OK. Will test on a old volume as soon as possible.
|
|
@idrassi Thank you for updating VeraCrypt to work with fuse-t. |
|
you can grab the latest code from master, the fuse-t changes will be there. |
|
PSA: fuse-t is NOT open source. I wrongly assumed that fuse-t’s GitHub had code in it. See for yourself how the fuse-t author responds to requests to open source the project. |
|
I misunderstood your query:I thought you were asking about VeraCrypt changes related to fuse-t. Regarding fuse-t not publishing its source code, the same applies to MacFUSE, which VeraCrypt has always used (although it was open source at some point in the past). I wish MacFUSE and fuse-t were open source but I also understand why their authors have chosen not to do so. Many people simply copy their source code to create products without donating to the projects or funding the authors. These two projects are amazing and each is developed by a single person who needs some revenue to sustain their work. By not publishing the source code, they can sell commercial licenses and provide professional support, which is a good way to balance offering a free product with maintaining a decent revenue stream. I can personally relate to this: the lack of revenue from VeraCrypt prevents me from working on it full-time. I often have to pause development to focus on my personal life and day job. |
|
I cant get this to work. Not sure what i am doing wrong, but it it says can't mount volume. Then it displays as if its there, but cant access it. Can't dismount it as it says Resource Busy. I have Veracrypt Fuse-t 1.26.14, MacOs Sequoia 15.0. Intel based iMac. Any help would be greatly appreciated. |
|
@ron4976 You didn’t share the error message you encountered but I suspect it might be the "hdiutil: attach failed - no mountable file systems" error. Can you confirm? If so, this is related to the exFAT issue affecting macOS Sequoia, for which there is already an open issue: #1422. In short, this is a macOS issue, and currently, the only workaround is to create a new exFAT volume on Sequoia and copy the data from the old volume to the new one. Users have shared more information about this in the linked issue. |
|
@idrassi I did read this before, and used your advice to use Fuse-T veracrypt. But still have the same issue. So, what you say here is a i need to create a new exFAT volume. |
|
@ron4976 Yes, because Sequoia introduced an incompatibility issue with the exFAT filesystem, which requires creating a new exFAT volume on Sequoia. Apple should be looking into this, as Sequoia is the only operating system experiencing this issue, unlike previous versions of macOS or other operating systems (Windows, Linux..). However, I have no way to report this to Apple and I'm not sure if they would even care since they have their own filesystem, and exFAT is just a third-party filesystem for them. |
|
@ron4976 Confirmed: Apple really doesn't care: https://discussions.apple.com/thread/255188289?sortBy=rank. This issue has been reported to them since last year, and there's still no fix from their side. |
Desired behavior
Please add, as an option for macOS, the ability to use FUSE-T. FUSE-T is similar to FUSE, but instead of presenting volumes directly to the OS, it presents them as loopback mounted NFS v4 volumes. Since FUSE-T requires no kernel extensions, it is easier to maintain for MacOS's constantly changing kernel space, and that one has to go into recovery mode to select a lower security option for FUSE, while FUSE-T doesn't require this.
Additional information
FUSE-T's website: https://www.fuse-t.org/
Your Environment
Please tell us more about your environment
VeraCrypt version: VeraCrypt 1.25.9
Operating system and version: macOS 13.3.1
System type: arm64
The text was updated successfully, but these errors were encountered: