# Hardware Encryption Capabilities for Apple Hardware

## **What**

From a security perspective, it is important to understand the encryption capabilities of devices.

## **When/Why**

In FileWave 14.6.0 some reporting was added to report on HardWareEncryptionCaps ( [https://developer.apple.com/documentation/devicemanagement/securityinforesponse/securityinfo?changes=latest\_minor](https://developer.apple.com/documentation/devicemanagement/securityinforesponse/securityinfo?changes=latest_minor "Follow link") ) as reported through Apple's MDM framework.

## **How**

<div id="bkmrk-hardware-encryption-"><div><div class="highlighter-context page view" data-inline-comments-target="true" data-testid="page-content-only"><div class="_1bsb1osq _19pkidpf _2hwx1wug _otyridpf _18u01wug"><div class="css-h9aozg e5xcnr80" data-test-appearance="full-page" data-testid="pageContentRendererTinyRendererTestId"><div class="page view" data-testid="TinyMCEClientRendererTestId"><div class="wiki-content" data-inline-comments-target="true">- **Hardware Encryption Capabilities** has been added as a field for iOS 4+ and tvOS 6+ devices to report the supported encryption.
- **Passcode Present** had its description updated to explain how it ties to Hardware Encryption Capabilities and also is for iOS 4+ and tvOS 6+.
- **Is Recovery Lock Enabled** was added for macOS devices to reflect if Recovery Lock is enabled on Apple Silicon running macOS 11.5+.

</div></div></div></div></div></div></div><div id="bkmrk-"><div><div class="highlighter-context page view" data-inline-comments-target="true" data-testid="page-content-only"><div class="_1bsb1osq _19pkidpf _2hwx1wug _otyridpf _18u01wug"><div class="css-h9aozg e5xcnr80" data-test-appearance="full-page" data-testid="pageContentRendererTinyRendererTestId"><div class="page view" data-testid="TinyMCEClientRendererTestId"><div class="wiki-content" data-inline-comments-target="true"><div class="panel conf-macro output-block" data-hasbody="true" data-macro-id="4eb17d73-e6c2-4362-94c2-6f740babe8cf" data-macro-name="panel"></div></div></div></div></div></div></div></div>## **Digging Deeper**

HardwareEncryptionCaps is an integer that indicates the underlying hardware encryption capabilities of the device, which is one of the following values:

<div id="bkmrk-1%3A-block-level-encry"><div><div class="highlighter-context page view" data-inline-comments-target="true" data-testid="page-content-only"><div class="_1bsb1osq _19pkidpf _2hwx1wug _otyridpf _18u01wug"><div class="css-h9aozg e5xcnr80" data-test-appearance="full-page" data-testid="pageContentRendererTinyRendererTestId"><div class="page view" data-testid="TinyMCEClientRendererTestId"><div class="wiki-content" data-inline-comments-target="true">- `1`: Block-level encryption
- `2`: File-level encryption
- `3`: Both block-level and file-level encryption

</div></div></div></div></div></div></div>This value is available in iOS 4 and later, and tvOS 6 and later.

<p class="callout info">For a device to have data protection, `HardwareEncryptionCaps` must be `3` and `PasscodePresent` must `true`.</p>