Skip to main content

Hardware Encryption Capabilities for Apple Hardware

What

From a security perspective, it is important to understand the encryption capabilities of devices. 

When/Why

In FileWave 14.6.0 some reporting was added to report on HardWareEncryptionCaps ( https://developer.apple.com/documentation/devicemanagement/securityinforesponse/securityinfo?changes=latest_minor ) as reported through Apple's MDM framework. 

How

  • Hardware Encryption Capabilities has been added as a field for iOS 4+ and tvOS 6+ devices to report the supported encryption.
  • Passcode Present had its description updated to explain how it ties to Hardware Encryption Capabilities and also is for iOS 4+ and tvOS 6+.
  • Is Recovery Lock Enabled was added for macOS devices to reflect if Recovery Lock is enabled on Apple Silicon running macOS 11.5+.

Digging Deeper

HardwareEncryptionCaps is an integer that indicates the underlying hardware encryption capabilities of the device, which is one of the following values:

  • 1: Block-level encryption

  • 2: File-level encryption

  • 3: Both block-level and file-level encryption

This value is available in iOS 4 and later, and tvOS 6 and later.

For a device to have data protection, HardwareEncryptionCaps must be 3 and PasscodePresent must true.

Back to top