Data Protection overview
Apple uses a technology called Data Protection to protect data stored in flash storage on the devices that feature an Apple SoC—such as iPhone, iPad, Apple Watch, Apple TV, and a Mac with Apple silicon. With Data Protection, a device can respond to common events such as incoming phone calls while at the same time providing a high level of encryption for user data. Certain system apps (such as Messages, Mail, Calendar, Contacts, Photos) and Health data values use Data Protection by default. Third-party apps receive this protection automatically.
Data Protection is implemented by constructing and managing a hierarchy of keys and builds on the hardware encryption technologies built into Apple devices. Data Protection is controlled on a per-file basis by assigning each file to a class; accessibility is determined according to whether the class keys have been unlocked. APFS (Apple File System) allows the file system to further subdivide the keys into a per-extent basis (where portions of a file can have different keys).
Every time a file on the data volume is created, Data Protection creates a new 256-bit key (the per-file key) and gives it to the hardware AES Engine, which uses the key to encrypt the file as it’s written to flash storage. On A14, A15, and M1 family devices, the encryption uses AES-256 in XTS mode, where the 256-bit per-file-key goes through a Key Derivation Function (NIST Special Publication 800-108) to derive a 256-bit tweak and a 256-bit cipher key. The hardware generations of A9 through A13, S5, S6, and S7 use AES-128 in XTS mode, where the 256-bit per file key is split to provide a 128-bit tweak and a 128-bit cipher key.
On a Mac with Apple silicon, Data Protection defaults to Class C (see Data Protection classes) but utilizes a volume key rather than a per-extent or per-file key—effectively re-creating the security model of FileVault for user data. Users must still opt in to FileVault to receive the full protection of entangling the encryption key hierarchy with their password. Developers can also opt in to a higher protection class that uses a per-file or per-extent key.