wording updated to more reflect macOS 11

rules/supplemental/supplemental_filevault.yaml

@@ -4,10 +4,11 @@ discussion: |
   The supplemental guidance found in this section is applicable for the following rules:
     * sysprefs_filevault_enforce
 
-  In macOS 11 the internal Apple File System (APFS) volume (including both system and data storage) can be protected by FileVault.
-  NOTE: On non-T2 hardware, FileVault uses an AES-XTS data encryption algorithm to protect full volumes of internal and external storage. Macs with the T2 chip utilize the hardware security features of the chip.
+  In macOS 11 the internal Apple File System (APFS) data volume can be protected by FileVault. The system volume is always cryptographically protected (T2 and Apple Silicon) and is a read-only volume.
+  
+  NOTE: FileVault uses an AES-XTS data encryption algorithm to protect full volumes of internal and external storage. Macs with a secure enclave (T2 and Apple Silicon) utilize the hardware security features of the architecture.
 
-  FileVault is described in detail here: link:https://support.apple.com/guide/security/when-filevault-is-turned-on-sec4c6dc1b6e/1/web/1[].
+  FileVault is described in detail here: link:https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web[].
 
   FileVault can be enabled in two ways within the macOS. It can be managed using the fdesetup command or by a Configuration Profile. When enabling FileVault via either of the aforementioned methods, you will be required to enter a username and password, which must be a local OpenDirectory account with a valid SecureToken password.