Since the introduction of the T2 Security Chip in 2018 and continuing through every generation of Apple Silicon (M1, M2, M3, M4), the SSD storage in a Mac is no longer a simple, swappable part. It's NAND flash soldered to or paired with the logic board, and every bit written to it is encrypted using keys generated and held by the Secure Enclave. That's a fundamental shift from older Macs, where you could often pull the drive and image it directly on another machine. It's also the single biggest reason modern Mac data recovery has to be approached differently.
What actually changed
On pre-T2 Macs, the internal drive was frequently a standard SATA or early NVMe device with no mandatory hardware encryption. If the logic board failed, a technician could often remove the drive and read it elsewhere. On T2 and Apple Silicon Macs, that option is largely gone:
- Storage is paired to the machine. The flash chips are tied to the Secure Enclave on that specific logic board, not treated as an independent, portable drive.
- Encryption is always on. Every byte written to the storage is encrypted at the hardware level, whether or not the user ever turns on FileVault.
- Keys never leave the silicon. The encryption keys are generated and sealed inside the Secure Enclave. They are not stored anywhere a technician can simply extract and copy.
Why chip-off doesn't help here
Chip-off recovery — physically removing NAND flash and reading it on a specialized programmer — is a well-established technique for damaged flash storage. It can work well on many unencrypted or software-encrypted devices. It generally does not work on T2 or Apple Silicon Macs, because the data on those chips is meaningless without the keys, and the keys never leave the Secure Enclave. Reading the raw NAND produces ciphertext, not your files. This is precisely what Apple designed the system to do.
FileVault adds a second layer
FileVault is Apple's optional full-disk encryption feature, and it's a separate layer on top of the T2 or Secure Enclave hardware encryption. FileVault ties access to your login password or a 24-character recovery key. Even in a scenario where the hardware layer were somehow not an obstacle, FileVault would still need to be unlocked with the correct password or recovery key before the file system is readable.
What is still often recoverable
None of this means modern Macs are unrecoverable — quite the opposite, in most cases we see. Encryption is rarely the actual obstacle:
- If the Mac still boots, or can reach Recovery Mode or Target Disk Mode, and you know the login password or FileVault key, the data is generally accessible normally.
- Most real-world failures we're asked to recover from involve a logical issue, a failing component, or a damaged logic board — not the encryption itself.
- The hard case is specific: a dead or damaged logic board combined with an unknown password or recovery key. That combination is where encryption becomes a genuine, often insurmountable barrier.
What you can do ahead of time
A little preparation now avoids a much harder situation later:
- Know your Apple ID and login password. Write it down somewhere secure, or store it in a password manager you can access from another device.
- If you use FileVault, save your recovery key. Whether that's through iCloud key escrow, an Apple Watch pairing, or a physical written copy, make sure the 24-character key is retrievable without the Mac itself.
- Back up before something fails, not after. See our backup guide for straightforward ways to keep a current copy of anything irreplaceable.
When to bring in a professional
If your T2 or Apple Silicon Mac won't boot, or a volume won't mount, the first step is figuring out whether the fault is logical, hardware, or something else — encryption status included. That's the same evaluation we describe in our guide to Mac won't boot / APFS won't mount issues, and it applies to broader Apple and Mac data recovery generally. Self-encrypting drives outside the Apple ecosystem raise similar questions — see our page on SED and locked hard drives — and if you want the bigger picture on what does and doesn't respond well to recovery, our data recovery challenges page covers it. An honest evaluation tells you what's actually wrong before anything is attempted.
Not sure whether encryption or hardware is the real issue on your Mac? We'll evaluate it honestly. Start with a free evaluation.
Request free evaluation →