Is there a certain way to detect if storing in Secure Enclave is available on current device?
By the end of 2020, secure enclaves will be supported by nearly every server and cloud platform, including Intel, AMD, Amazon AWS (with their new Nitro Enclaves)7, Microsoft Azure8, VMware, Google, Docker, and Red Hat.
The Secure Enclave is a hardware feature of most versions of iPhone, iPad, Mac, Apple TV, Apple Watch, and HomePod—namely: iPhone 5s or later. iPad Air or later. MacBook Pro computers with Touch Bar (2016 and 2017) that contain the Apple T1 Chip.
Here is another solution:
Device.h
#import <Foundation/Foundation.h>
@interface Device : NSObject
+(BOOL) hasSecureEnclave;
+(BOOL) isSimulator;
+(BOOL) hasBiometrics;
@end
Device.m
#import "Device.h"
#import <LocalAuthentication/LocalAuthentication.h>
@implementation Device
//To check that device has secure enclave or not
+(BOOL) hasSecureEnclave {
NSLog(@"IS Simulator : %d", [Device isSimulator]);
return [Device hasBiometrics] && ![Device isSimulator] ;
}
//To Check that this is this simulator
+(BOOL) isSimulator {
return TARGET_OS_SIMULATOR == 1;
}
//Check that this device has Biometrics features available
+(BOOL) hasBiometrics {
//Local Authentication Context
LAContext *localAuthContext = [[LAContext alloc] init];
NSError *error = nil;
/// Policies can have certain requirements which, when not satisfied, would always cause
/// the policy evaluation to fail - e.g. a passcode set, a fingerprint
/// enrolled with Touch ID or a face set up with Face ID. This method allows easy checking
/// for such conditions.
BOOL isValidPolicy = [localAuthContext canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics error:&error];
if (isValidPolicy) {
if (@available(ios 11.0, *)){
if (error.code != kLAErrorBiometryNotAvailable){
isValidPolicy = true;
} else{
isValidPolicy = false;
}
}else{
if (error.code != kLAErrorTouchIDNotAvailable){
isValidPolicy = true;
}else{
isValidPolicy = false;
}
}
return isValidPolicy;
}
return isValidPolicy;
}
@end
If you want solution in Swift 4, then refer this link.
Solution in Swift 4
For a developer, there is exactly one thing the Secure Enclave can do: Create and hold private keys for elliptic curve cryptography, and encrypt or decrypt data using these keys. On iOS 9, the attributes describing elliptic curve algorithms are not there - therefore, if you are running iOS 9, then you can assume the Secure Enclave is not there, because you cannot use it.
On iOS 10 and above, there is just one way to decide guaranteed correctly if the Secure Enclave is present: Create an elliptic curve encryption key in the Secure Enclave, as described by Apple's documentation. If this fails, and the error has a code of -4 = errSecUnimplemented
, then there is no Secure Enclave.
If you insist on checking a list of devices, you only need the devices that are documented as having no Secure Enclave but are able to run iOS 10, because on iOS 9 it is never available.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With