Only authentication will not be offloaded, actual data encryption still is.
The only exception is if your driver doesn't support management frame protection (802.11w). Then, if your AP has 11w enabled or you are using WPA3, it will use software encryption.
ath9k, ath10k, ath11k, ath9k_htc, ath6kl, brcmfmac, brcmsmac, iwlwifi, iwlegacy, mt76, mwifiex, mwl8k, rtl8xxxu, all rtl8xxxe drivers support 11w, while some others: rt2xxxpci rt2xxxusb, ipw2200, carl9170 don't.
In the old days we needed a lot of tricks because firmware loading either didn't work or we didn't have the firmware binaries yet, so even (IIRC) ath9k didn't utilise on-ASIC for everything. But that was in the B (and maybe G) days.
The only exception is if your driver doesn't support management frame protection (802.11w). Then, if your AP has 11w enabled or you are using WPA3, it will use software encryption.
ath9k, ath10k, ath11k, ath9k_htc, ath6kl, brcmfmac, brcmsmac, iwlwifi, iwlegacy, mt76, mwifiex, mwl8k, rtl8xxxu, all rtl8xxxe drivers support 11w, while some others: rt2xxxpci rt2xxxusb, ipw2200, carl9170 don't.