Hi everybody, With the availability of Apple Silicon hardware today, we are very excited to also provide a first experimental version of Boxcryptor with native support for Apple's new processor architecture for maximized performance and battery life. While this experimental version is available for early access, we plan to release a stable version by the end of November after we ironed out the last missing pieces and made sure that it runs smooth on the final Apple Silicon M1 chip. If you are one of the first with Apple Silicon hardware, you can download the experimental--- version v2.38.1060 here: https://www.dropbox.com/s/k4rkgxgniyqveg9/Boxcryptor_v2.38.1060_Installer.dmg?dl=0 EDIT: The latest experimental version for Apple Silicon Macs can be downloaded here: https://www.dropbox.com/s/l13a4cb4sr0wx1p/Boxcryptor_v2.38.1067_Installer.dmg?dl=0 EDIT: The latest experimental version for Apple Silicon Macs can be downloaded here: https://www.dropbox.com/s/h993aosacn0bfro/Boxcryptor_v2.39.1101_Installer.dmg?dl=0 EDIT: The latest experimental version for Apple Silicon Macs can be downloaded here: https://www.dropbox.com/s/capkjj2zf1txcmq/Boxcryptor_v2.39.1110_Installer.dmg?dl=0 EDIT: The official version for Apple Silicon Macs can be downloaded here: https://www.boxcryptor.com/l/download-macosx In order to install the required Boxcryptor kernel extension, you must first allow the loading of kernel extensions from identified developers which is disallowed by default on Apple Silicon Macs. To change this, please follow these steps: Reboot your Mac into Recovery Mode Open Utilities -> Startup Security Utility Select your system volume, unlock it if required and click the Security Policy... button Choose Reduced Security Enable Allow user management of kernel extensions from identified developers Click OK Confirm the action by entering your administrator credentials Restart your Mac You only need to perform these steps once for any kernel extension which might be part of other apps (e.g. Dropbox, Google Drive File Stream, etc.). Learn more about this change here: https://developer.apple.com/documentation/kernel/installing_a_custom_kernel_extension NOTE: Despite the dramatic name, your Mac is just as secure using Reduced Security as with Full Security. While Full Security only allows to install the very latest Apple approved version of macOS, Reduced Security also allows you to install older Apple approved versions of macOS and to load 3rd party kernel extensions from Apple identified developers. HINT: Apple changed the procedure to boot into Recovery Mode on Apple Silicon Macs. Instead of pressing & holding Cmd+R after pressing the power button, you must press & hold the power button and then choose Options As with any experimental version, we're looking forward to your feedback - either here or directly via support@boxcryptor.com . Best regards, Robert

Thankyou @Florian . Will you also be providing an experimental version for Windows 10 on ARM (i.e. Surface Pro X devices)? Support have not been very helpful in providing anything regarding ARM-based Windows support apart from "the underlying software library we reuse doesn't support it": pingudownunder The installation routine fails at the CBFS (Call-Back File System) installation phase and rolls back. Boxcryptor support have confirmed that CBFS is incompatible but have not provided a roadmap or plan for getting full compatibiality in place.

pingudownunder I'm sorry, we currently to not have plans to support Windows 10 on ARM. While the processor architecture might be same now with Apple Silicon, the operating systems are still vastly different. For the virtual Boxcryptor drive, we use kernel drivers provided by 3rd party vendors. We use a custom version of OSXFUSE ( https://osxfuse.github.io ) on macOS and CBFS Connect ( https://www.callback.com/cbfsconnect ) on Windows. As kernel drivers are a very low-level piece of software, adapting them for different CPU architectures is not an easy task but thankfully, OSXFUSE - which we're also sponsoring - was ready in time. CBFS Connect, however, is only available for x86 and the vendor does not offer a version for ARM which we could use in Boxcryptor and thus, it is simply not possible for us to provide Boxcryptor for ARM-based Windows at the moment - even if we'd like to. Best regards, Robert

Hi Robert, what does "This first experimental version has known issues when renaming files..." mean. Can we at least open and read files savely? I have to say I'm underwhelmed by the state of Boxcryptor regarding Apple Silicon. The DTKs have been out for month. You are stating "Boxcryptor runs on Big Sur as well as on Macs with the new processors." when you have an unsafe experimental version? And do not get me started on the non-existant support for Spotlight... Boxcryptor should be working seamlessly in the background when it is interfering with Mac user's workflows. BR, Boris

Robert I asked them (callback.com) about their port for CBFSConnect to Win 10 ARM and they said... “ Thank you for contacting us. Probably there was some misunderstanding on the Boxcryptor side – ARM64 is fully supported by our products. You might want to contact them and ask them to contact us directly if they have any questions with such support.”

Hi everybody, We have finished a new experimental version for Apple Silicon Macs which you can download here: https://www.dropbox.com/s/l13a4cb4sr0wx1p/Boxcryptor_v2.38.1067_Installer.dmg?dl=0 In this version, the known issues with renaming files have been resolved and save operations in apps like Word, Excel or PowerPoint will succeed as expected. Nevertheless, it is still an experimental version which did not complete final QA. Please use it with caution. Best regards, Robert

Boris777 Hi Boris, Thank for very much your feedback. Yes, as the known issue was isolated to file or folder renames, files could be safely opened and read. Saving files was error prone because many applications write to temporary files which are renamed to the target file name on success file writes. With the latest experimental version (1067), this issue was resolved. Please bear in mind that adapting software to such a major hardware architecture change is not trivial. While we indeed had a DTK since a few months, it does not represent the final hardware which we also only have access to since Tuesday. Additionally, the stable version of Big Sur is only available since about a week. The DTK as well as the macOS Betas were only previews. They were under active development themselves and especially Big Sur was a moving target always subject to change in the beta. I'm sorry if we didn't meet your expectations. Best regards, Robert

scomil Thank you for the information. I will discuss it with the team and we might re-evaluate what we can do for Windows on ARM in the future.

beta 11.1 appears to mess things up again (sorry)

and 11.0.1 also - endless authorize extension/reboot loop [ticked updated]

Same here, Version 11.1 Beta (20C5048k) endless authorize extension/reboot loop

Apple Silicon

markbyrn

Same issue as above - endless authorize extension/reboot loop and the workaround listed for reducing system security in the Startup Security Utility has no effect. Two things to note; there’s still a secondary pop-up that shows the extension needs to be updated by the developer and when doing the required reboot to incorporate the extension, it auto-reboots twice. That would suggest the extension is corrupted and so the system does another reboot to load without it. I tried other workarounds such as resetting the extensions from recovery and trying to remove the legacy extensions but nothing works.

matgra

Same issue - using latest full version 2.38.1090. Even when reducing system security, can't get past the install loop of Unable to Mount Boxcryptor Drive...retry/quit

markbyrn

It's definitely the Benjamin Fleischer Extension that won't install and that extension is not maintained by Boxcryptor. I tried installing Fleischer's last MacFuse (4.0.4) and it failed in the same exact manner. Since Cryptormator can optionally be used without the Fleischer extension, maybe Boxcryptor can offer the same.

matgra

Apple shifting security model away from extensions will mean a huge change to architecture...not likely a quick fix.

markbyrn

matgra Perhaps but they’re still allowed and I’ve installed other updated extensions like Airfoil audio without a problem. The problem here is the Fleischer extension is borked. Also, if the Cryptomator app can work without the extension, I’m guessing Boxcryptor could as well although Boxcrytor Portable is pretty much unusable.

Kyle

Robert

I have been able to get Boxcryptor working on an M1 MacMini, but only by following the instructions above and turning of System Integrity Protection. If SIP remains on, even with the reduced security policy, Boxcryptor won't work.
There's some irony that an add-on intended to provide additional security requires reducing OS security to make it work. Do you know yet if this is a temporary fix?

markbyrn

Here's a partial workaround that's more amusing than useful. Sideload the iOS version of Boxcryptor (google up iMazing M1 sideload for the process) and the Boxcryptor iOS version runs very smoothly on the M1 except the process to upload a file silently fails. When you download, you have to open it by sharing it to something like the Notes app. Also, I'm guessing Apple will soon put out an update to prevent sideloading iOS apps 😄

jpxfx

Ok, this is getting really into "issue mode" for me...

I cannot en/decrypt on my Mac anymore;
and the workaround with the iOS app is no workaround - I can open files, I can create folders, but I cannot fully decrypt the files (only open on the fly);

Also using apple's own files app, I tried to move UNencrypted folder into a newly created (in Boxcryptor iOS app) folder to encrypt them - files app gives an error saying communications with the help app impossible...

So I am stuck with not being able to grab and run with my own old files, and not being able to add new ones.

Robert

Hello everybody,

Thank you for your feedback. In macOS 11.0 Big Sur, Apple introduced a new security feature called "Signed System Volume" (SSV):

SSV features a kernel mechanism that verifies the integrity of the system content at runtime, and rejects any data — code and non-code — that doesn’t have a valid cryptographic signature from Apple." (Source).

SSV is a pretty serious internal change especially when interacting with the macOS kernel and therefore, Apple completely rewrote the kernel extension management in Big Sur - especially for Apple Silicon Macs. And as with many new things, they are not always flawless, i.e. the new kernel extension management was quite buggy during all Big Sur betas and it looks like the problems were not completely resolved in the final release. I would like to remind that Apple wanted to rewrite iCloud in macOS Catalina but reverted back to the "old" iCloud implementation after 6 or 7 Catalina betas because the "new" iCloud implementation was simply too faulty.

Yes, Apple has deprecated kernel extensions since quite some time now - but has not yet provided replacement APIs for all use cases which have used kernel extensions in the past. E.g. in macOS Catalina, Apple introduced replacement APIs for kernel extensions which were typically used in anti-virus software or network filtering applications and those apps are not allowed to use kernel extensions in Big Sur anymore. However, not all kernel extensions are equal and until today, Apple has not provided a replacement API for virtual disks like Boxcryptor, Google Drive File Stream, Box Drive, TrueCrypt, and many other apps are using. This functionality can still only be implemented using a kernel extension - even in Big Sur where such kernel extensions are still allowed. We know that Apple intends to move away from kernel extensions completely and expect that they will offer a replacement API for virtual disks in the future - but for now, we have to use a kernel extension to integrate nicely into the file system for the best user experience. I can ensure however, that we are closely watching Apple's development and will adapt Boxcryptor as required.

Boxcryptor is actually running very solid and natively on Apple Silicon Macs - if the kernel extension gets properly loaded by macOS. Installing (or updating) and loading the kernel extension is currently the biggest pain point on Apple Silicon and maybe also the one we can influence the least. Loading the kernel extension is actually not that complicated from an app perspective: We make one API call to request that macOS loads our kernel extension - and everything else is then in the hands of macOS' kernel extension management which, unfortunately, seems not be very solid yet.

Especially updating the kernel extension often fails for yet unknown reasons and macOS gets stuck in an endless "Kernel extension updated -> Approve -> Restart" loop as mentioned by users in this thread. Although the user approved the updated kernel extension, macOS fails to install the updated version and just keeps the old version installed. Directly installing the same kernel extensions without updating succeeds in most cases without problems - although we as an app perform the exact same macOS API call in both cases. This suggests that it may be caused by a bug in macOS which only Apple can resolve. We are in close contact with Benjamin, the maintainer of OSXFUSE / macFUSE (which we're using in a special version) in order to find a solution for this issue.

If you experience problems to install or update the kernel extension, you can try if resetting the kernel extension management resolves it:

Boot to macOS Recovery by pressing & holding the power button for startup
If you have FileVault enabled, you might have to unlock and mount your system volume, see https://derflounder.wordpress.com/2019/01/18/unlock-your-filevault-encrypted-boot-drive-using-disk-utility-on-macos-mojave/
Run Terminal
Enter the command: kmutil trigger-panic-medic --volume-root /Volumes/Macintosh\ HD
(If your boot volume has a different name than "Macintosh HD", replace it in the command)
Restart your Mac
Start Boxcryptor and re-approve the kernel extension by "Benjamin Fleischer" in the Security Preferences
Restart your Mac (again)

If you are interested, outputs of the following commands can be useful to gather more information about the problem.

Print the current state of installed 3rd party kernel extensions:

kmutil inspect -B /Library/KernelCollections/AuxiliaryKernelExtensions.kc

Verbosevily load the BCFS kernel extension:

sudo kextutil -v 6 "/Applications/Boxcryptor.app/Contents/Frameworks/BoxcryptorFoundation.framework/Versions/A/Filesystems/bcfs.fs/Contents/Resources/mount_bcfs.app/Contents/Extensions/11/bcfs.kext/"

Best regards,
Robert

PS: If you experience the Approve -> Reboot loop, which macOS Big Sur version are you running? The stable 11.0.1 or the 11.1 Beta 2?

Robert

Hi everybody,

We have finished a new experimental version for Apple Silicon Macs which you can download here:
https://www.dropbox.com/s/h993aosacn0bfro/Boxcryptor_v2.39.1101_Installer.dmg?dl=0

This version has known issues with installing/updating and loading the required BCFS kernel extension which fail with an endless "Approve -> Reboot" loop. See https://boxcryptor.community/d/17031-apple-silicon/22

Best regards,
Robert

NBruns

Version V2.39.1101 does not work on 11.1 Beta (20C5061b) -> Not able to enable the system extension

NBruns

NBruns
I also tried 11.1 RC, but had no luck. Removing the kernel extension also did not work.

Robert

NBruns Thank you for your feedback. The kernel extension loading is very likely caused by a confusion of the macOS kernel management which version to load. Boxcryptor comes with different versions of the kernel extension for the different macOS versions (e.g. 10.14, 10.15, 11.0) and macOS sometimes seems to try to load the wrong version for an older macOS version which obviously fails on Big Sur.

Can you try to manually delete the non-Big Sur kernel extension versions and see if this improves the situation? To delete them, please execute the following command in the Terminal app:

sudo rm -rf /Applications/Boxcryptor.app/Contents/Frameworks/BoxcryptorFoundation.framework/Versions/A/Filesystems/bcfs.fs/Contents/Resources/mount_bcfs.app/Contents/Extensions/10*

Robert

Hi everybody,

We're pretty confident that the kernel extension loading problem is caused by the kernel extension manager being confused which version of the kernel extension to load and trying to load one for a different, wrong macOS version. While we're continuing our efforts to provide a single app for all supported macOS versions, here's an experimental version which contains only the kernel extension for macOS 11 Big Sur:

https://www.dropbox.com/s/capkjj2zf1txcmq/Boxcryptor_v2.39.1110_Installer.dmg?dl=0

If you experience any problem loading the kernel extension (and thus mounting the Boxcryptor disk) with Apple Silicon Macs, please use this version and I'd be happy to hear your feedback.

Note: If you already upgraded to Big Sur 11.1, you might have to reset the kernel extension management so that any wrong kernel extension is properly removed from the system after you updated Boxcryptor:

Uninstall Boxcryptor (Move it to the Trash and empty it)
Boot to macOS Recovery by pressing & holding the power button for startup
Open Utilities -> Terminal
Enter the command:
kmutil trigger-panic-medic --volume-root /Volumes/Macintosh\ HD
(If your boot volume has a different name than "Macintosh HD", replace it in the command)
Verify that the command output includes the following content:
All third party kexts have been unapproved and uninstalled from /Volumes/Macintosh HD
Restart your Mac
Verify that macOS shows the "Panic Medic Boot" alert as shown below
Install the latest Boxcryptor version and run it
Allow the Boxcryptor system extension in System Preferences -> Security & Privacy
Restart your Mac

Best regards,
Robert

Johndavidson9

Robert thank you for providing useful information

NBruns

You will get feedback ASAP, on Friday I will be back in home office.

SAL

Did get Boxcryptor to work with Big Sur 11.0.1 with M1, but after update to 11.1, and trying your advice from yesterday, the restart problem occurred again.

flakingbiscuit

I'm also experiencing the same issue as SAL with the most recent update. Let me know if there are any logs or information I can send along to help.

Robert

flakingbiscuit SAL

Thank you for the feedback. I'd have two questions:

a) Is it correct that you upgraded from macOS 11.0.1 with Boxcryptor pre-2.39.1110 (e.g. 2.39.1101) to macOS 11.1 with Boxcryptor 2.39.1110 ?
b) Did you try the kmutil trigger-panic-medic command in Recovery Mode?

Additionally, the following steps would be very helpful:
1) Open Console app and start streaming (Start button in the toolbar)
2) Open Terminal app and execute the following commands:

sudo kextutil -v 6 /Applications/Boxcryptor.app/Contents/Frameworks/BoxcryptorFoundation.framework/Versions/A/Filesystems/bcfs.fs/Contents/Resources/mount_bcfs.app/Contents/Extensions/11/bcfs.kext
kmutil diagnose

3) Stop Console streaming, search for kernelmanagerd and export the output (Select all -> Copy -> Paste in TextEdit)
4) Send the Console and Terminal outputs to support@boxcryptor.com

Thank you for your help,
Robert

Robert

FYI: Based on current feedback (maybe not so much here, but in direct contact in our support), the latest experimental version 2.39.1110 seems to work great on macOS 11.1.

The only source for problems is when a user updated macOS from 11.0.1 to 11.1 and did not already have 2.39.1110 installed. In this case, macOS fails to unload the old kernel extension. Resetting the kernel extension management using kmutil trigger-panic-medic as described above resolves this issue.

Kyle

Robert I'm one of those folks who upgraded to 11.1 (yesterday) without the latest version of Boxcryptor., which I've now installed.

I've tried the kmutil trigger-panic-medic fix, but no success. I also tried the manual delete extension terminal command above, but that didn't work. Just an error saying the sudo command wasn't recognised or something similar.

Robert

Kyle All cases we saw could be resolved using kmutil trigger-panic-medic. If you'd like, please contact us via support@boxcryptor.com and we'll try to resolve the issue with you.

aknight Thanks for the update. The current macOS and Boxcryptor build numbers definitely have to many ones ("1") and that's a crazy coincidence. 🤷‍♂️

Robert

Hi everybody,

Thank you all for your feedback and assistance on our way to stable Apple Silicon support. It sometimes was a little bit rough, but we finally have been able to resolve the kernel extension loading problem. As a result, we have released the first stable version of Boxcryptor with Apple Silicon support yesterday and you can download version 2.39.1119 here:

https://www.boxcryptor.com/l/download-macosx

If you did have an experimental version (or a version without Apple Silicon support) installed on your M1 Mac before, you might have to reset the kernel extension management as described here:

https://boxcryptor.community/d/17031-apple-silicon/27

In all known cases, resetting the kernel extension management and then installing the new stable version resolved the issues. If you still experience them, please double check the you executed the kmutil trigger-panic-medic command correctly (double dashes prefix for --volume-root and space between --volume-root and /Volumes/Macintosh\ HD) and maybe try it again.

Thanks again and best regards,
Robert