Detect if Secure Enclave is available on current device

Question

Is there a certain way to detect if storing in Secure Enclave is available on current device?

Answer 1

Here is another solution:

Device.h

#import <Foundation/Foundation.h>

@interface Device : NSObject

+(BOOL) hasSecureEnclave;
+(BOOL) isSimulator;
+(BOOL) hasBiometrics;

@end

Device.m

#import "Device.h"
#import <LocalAuthentication/LocalAuthentication.h>

@implementation Device

//To check that device has secure enclave or not
+(BOOL) hasSecureEnclave {
    NSLog(@"IS Simulator : %d", [Device isSimulator]);
    return [Device hasBiometrics] && ![Device isSimulator] ;
}

//To Check that this is this simulator
+(BOOL) isSimulator {
    return TARGET_OS_SIMULATOR == 1;
}

//Check that this device has Biometrics features available
+(BOOL) hasBiometrics {

    //Local Authentication Context
    LAContext *localAuthContext = [[LAContext alloc] init];
    NSError *error = nil;

    /// Policies can have certain requirements which, when not satisfied, would always cause
    /// the policy evaluation to fail - e.g. a passcode set, a fingerprint
    /// enrolled with Touch ID or a face set up with Face ID. This method allows easy checking
    /// for such conditions.
    BOOL isValidPolicy = [localAuthContext canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics error:&error];

    if (isValidPolicy) {

        if (@available(ios 11.0, *)){
            if (error.code != kLAErrorBiometryNotAvailable){
                isValidPolicy = true;
            } else{
                isValidPolicy = false;
            }
        }else{
            if (error.code != kLAErrorTouchIDNotAvailable){
                isValidPolicy = true;
            }else{
                isValidPolicy = false;
            }
        }
        return isValidPolicy;
    }
    return isValidPolicy;
}

@end

If you want solution in Swift 4, then refer this link.

Solution in Swift 4

Answer 2

For a developer, there is exactly one thing the Secure Enclave can do: Create and hold private keys for elliptic curve cryptography, and encrypt or decrypt data using these keys. On iOS 9, the attributes describing elliptic curve algorithms are not there - therefore, if you are running iOS 9, then you can assume the Secure Enclave is not there, because you cannot use it.

On iOS 10 and above, there is just one way to decide guaranteed correctly if the Secure Enclave is present: Create an elliptic curve encryption key in the Secure Enclave, as described by Apple's documentation. If this fails, and the error has a code of -4 = errSecUnimplemented, then there is no Secure Enclave.

If you insist on checking a list of devices, you only need the devices that are documented as having no Secure Enclave but are able to run iOS 10, because on iOS 9 it is never available.