Prevent encrypted APFS volume on partition to automount / ask for password on login - Catalina

Question

I know similar questions have been asked before but I just can't believe this can't be solved, so I am going to ask again with specific details.

I have two partitions that are bootable on the internal drive of my Mac running macOS Catalina 10.15.7. Both are encrypted APFS volumes.

Whenever I log in to one of them, I am getting a promt, asking me for the password of the other. I do not want to store the password in the keychain to work around the prompt (for security reasons), in fact I do not want the other volume to be automatically mounted at all. All I want is to be able to choose the boot volume on startup (via the [Opt] key).

I tried

adding this line to my /etc/fstab using vifs:

UUID=<UUID of the volume> none apfs rw,noauto

but this does not prevent the prompt from appearing.

changing the volume role via

diskutil ap changeVolumeRole <diskId> D

but this returns the error: Error setting APFS Volume role: Unable to set the APFS Volume Role (-69599)

Is there seriously no way of preventing disks from being automounted? Can the Finder be at leat taught to not ask for the password?

idk the exact syntax rules for fstab, but I keep drives unmounted at boot with UUID=[UUID] none auto noauto — Tetsujin, Oct 24 '20 at 07:30
I don't have any Mac with Catalina to test. Try it, it will take 5 minutes. — Tetsujin, Oct 24 '20 at 15:26
@Tetsujin this does not work, unfortunately. The prompt keeps popping up. — Alexander Presber, Oct 24 '20 at 21:27
The /etc/fstab UUID=[UUID] none auto noauto trick now works in Big Sur 11.2. — PlinkPanther, Feb 02 '21 at 05:40
Thanks @PlinkPanther, you are right! I added an answer for people looking for an clear description. — Alexander Presber, Feb 03 '21 at 10:33

Alexander Presber · Accepted Answer · 2021-02-05T08:35:43.273

Starting with MacOS BigSur 11.1. the /etc/fstab/ solution works (again):

find the volume label from the volume name:
diskutil list | grep <volume name>
the last entry (e.g. disk2s2) is the volume label.
find out the volume UUID from the volume label
diskutil info <volume label> | grep "Volume UUID"
open /etc/fstab for editing:
sudo vifs
add a line preventing the auto-mount of the volume:
UUID=<volume uuid> none auto noauto

Here's a complete example:

> diskutil list | grep "Macintosh HD2 - Data"
2:                APFS Volume Macintosh HD2 - Data⁩       341.8 GB   disk2s2
> diskutil info disk2s2 | grep "Volume UUID"
Volume UUID:               C58A1BDC-593C-4854-B954-702A73ABD67C
> sudo vifs
add the following line:
UUID=C58A1BDC-593C-4854-B954-702A73ABD67C none auto noauto

On the next reboot the popup asking for the password will no longer appear.

Prevent encrypted APFS volume on partition to automount / ask for password on login - Catalina

1 Answers1

add the following line:

Linked