APFS Sealed System Volume (SSV)
What the SSV is
The Sealed System Volume, introduced in macOS Big Sur (11.0), is a specific APFS snapshot of the System volume that is cryptographically signed by Apple. It is a Merkle hash tree: every file’s content is hashed, those hashes are combined up a tree, and the root hash is signed by Apple’s key. At every boot, the kernel verifies this signature before mounting the System volume.
The SSV is mounted read-only. Not “configured read-only by convention” — the mount is enforced at the kernel level. Even root, even with SIP disabled, cannot write to it. Modifying the SSV would invalidate the cryptographic seal and cause the system to refuse to boot.
Practical implications for disk usage
The SSV snapshot (com.apple.os.update-<UUID>) lives on the System volume. It consumes 12–16 GB depending on macOS version. This space is:
- Fixed — it doesn’t grow unless you update macOS
- Not shown by
tmutil—tmutilonly sees Time Machine snapshots on the Data volume - Visible via
diskutil apfs listSnapshots <system-volume-device-id> - Not deletable — deleting the SSV snapshot breaks boot
When DaisyDisk reports some space in “hidden” categories related to the System volume, the SSV is part of the explanation. It’s not wasted space — it is the OS.
Authenticating the SSV
csrutil authenticated-root status
# Output: Authenticated Root status: enabled.If you’ve modified authenticated-root (e.g., to install certain kernel extensions), the output will say disabled, meaning the SSV seal is broken.
See also
- APFS - Firmlinks and the Split Volume Design — the split volume design that the SSV enables
- macOS Security - SIP and TCC — SIP and SSV are complementary but distinct protections
- macOS Boot Modes — Recovery Mode is the only environment where you can modify SSV/SIP settings