#AppleCryptoUpdate The resources of the secure boot chain, system security, and apps help ensure that only trusted code is executed on a device. Apple devices have additional encryption features to safeguard user data, even if other parts of the security infrastructure have been compromised (for example, if a device is lost or running untrusted code). All these features benefit both users and IT administrators, protecting personal and corporate information, and providing methods for complete and immediate remote erasure in case of theft or loss of the device.

The iPhone, iPad, and Apple Vision Pro use a file encryption methodology called Data Protection, while data on Intel-based Mac computers is protected with a volume encryption technology called FileVault. A Mac with Apple Silicon uses a hybrid model that supports Data Protection, with two exceptions: the lowest protection level Class (D) is not supported, and the default level (Class C) uses a volume key and behaves the same way as FileVault on an Intel-based Mac. In all cases, the key management hierarchies have their roots in the dedicated silicon of the Secure Enclave, and a dedicated AES Engine supports in-line speed encryption and helps ensure that long-lived encryption keys are not exposed to the kernel operating system or CPU (where they could be compromised). (An Intel-based Mac with a T1 or without a Secure Enclave does not use dedicated silicon to protect its FileVault encryption keys.)