The response object for the security info command.
- iOS 4.0+
- macOS 10.7+
- tvOS 9.0+
true, machine has FDE enabled.
_Has Institutional Recovery Key
true, FDE has an institutional recovery key.
_Has Personal Recovery Key
If true, FDE has a personal recovery key.
_Personal Recovery Key CMS
If FileVault Personal Recovery Key (PRK) escrow is enabled and a recovery key was configured, this key will contain the PRK, encrypted with the certificate from the FDERecoveryKeyEscrow profile and wrapped as CMS data.
_Personal Recovery Key Device Key
If FileVault PRK escrow is enabled and a recovery key was configured, this key contains a short sting (the device serial number) that will be displayed to the user at EFI loginwindow, as part of the help message if they enter their password incorrectly three times. The server can use this string as an index when saving the device PRK. This replaces the
record that was returned by the server in the previous escrow mechanism.
The current firewall settings.
The state of the EFI firmware password.
This integer describes the underlying hardware encryption capabilities of the device.
1: Block-level encryption
2: File-level encryption
3: Both block-level and file-level encryption
For a device to be protected with Data Protection,
Hardware must be
Passcode must be
This dictionary contains information about the MDM enrollment.
true, the user's passcode is compliant with all requirements on the device, including Exchange and other accounts.
Compliant With Profiles
true, the user's passcode is compliant with requirements from profiles.
Lock Grace Period
The user preference for the amount of time, in seconds, the device must be locked before unlock will require the device passcode.
Lock Grace Period Enforced
The current enforced value for the amount of time, in seconds, the device must be locked before unlock will require the device passcode.
true, the device is protected by a passcode.
Integrity Protection Enabled
If true, System Integrity Protection (SIP) is enabled.
The current Secure Boot settings of the device. This information is returned for both T2-enabled and non-T2-enabled devices. The values of the dictionary keys will always be set to "not supported" on a device that is not T2-enabled.
true, remote desktop is enabled.