How to setup two completely separate partitions on one SSD
I have a MacBook with 1TB SSD.
I want to have two separate partitions with two independent macOS installations.
I want to make sure that none of the partitions have any kind of possibility to interact with the other, I want them to be as separated as if they were physically separate.
Is this achievable with, for example, FileVault for each of them?
Edit: My question is neither "how can I install two different macOS versions on two different partitions on one SDD", neither "how do I use FileVault", etc. I know how to do all of that.
I want to make sure that there is no interaction between the partitions possible. Can this be made sure with the above approach? Is it sufficient?
No, since Apple designs the OS to be able to erase itself and undo any logical partition you make - anyone with moderate amount of time or technical ability can access the drive.
Your only play with shared storage is to trust encryption and separation of secrets. But that is flimsy protection if system B can always read, erase and modify system A storage. You don’t gain any data or interaction protection with two OS, you only gain complexity and two code bases and less protection overall.
The OS is always aware of the entire storage chain for all attached drives. You need external drives, two of them, to guarantee your “there is no interaction between the partitions possible” clause.
But, as long as you are on Catalina or higher, there’s never been a better time to dual boot two macOS systems on the same SSD. You can try it out and see if you can live with two OS and experiment if spotlight will find files and apps on the other system based on how you set things up. But this won’t make things more secure, it makes things less secure in several ways.
The answer is no. Assume I install some software with admin rights on partition B. It can not be made sure, that the program installed on B has no possibility to ask the diskutil to remove entirely partition A.
Update
Maybe this explanation will make more sense to you. Originally with OS X, many problems could be fixed by booting to the OS X installation DVD. Security existed by storing the DVD somewhere safe. After Snow Leopard, Apple stopped issuing DVDs and instead opted for software downloads. A recovery volume was added to take the place of using the DVD to fix problems. The recovery volume contain limited functionality compared to a full OS X operating system. However, when booted to the recovery volume, changes could be made that are not normally possible when booted to OS X. This concept of recovery has been refined with each new release up to and including the release of macOS Big Sur. Along the way, Apple has taken many steps to prevent booting to recovery without first requiring user validation.
Installing a second macOS in a different partition creates in effect an extremely powerful version of recovery. So when booted to the second macOS, you are going to be able to mess with the first macOS, just as if you had booted to recovery. For example, SIP only applies to the partition of the currently booted macOS. The files in the other macOS are no longer protected by SIP. The same is true, if you were to install, then boot to Windows or Linux on your Mac.
The best way to protect your Mac is to only have one operation system installed. Once you install a second operating system, you open up security vulnerabilities that Apple has not begun to address.