How to check either secure enclave is available in device or not

Question

As we know that secure Enclave is a coprocessor fabricated in the Apple A7 and its available in A7 and later on but its use publicly in iOS 9 kSecAttrTokenIDSecureEnclave but how do we check either some device support secure enclave or not ? Thanks

Answer 1

I didnt find any so I made my own check:

+ (BOOL) isDeviceOkForSecureEnclave
{

    double OSVersionNumber                  = floor(NSFoundationVersionNumber);
    UIUserInterfaceIdiom deviceType         = [[UIDevice currentDevice] userInterfaceIdiom];

    BOOL isOSForSecureEnclave               = OSVersionNumber > NSFoundationVersionNumber_iOS_8_4 ? YES:NO;
    //iOS 9 and up are ready for SE


    BOOL isDeviceModelForSecureEnclave  = NO;

    switch (deviceType) {

        case UIUserInterfaceIdiomPhone:
            //iPhone
            isDeviceModelForSecureEnclave = [self isPhoneForSE];
            break;
        case UIUserInterfaceIdiomPad:
            //iPad
            isDeviceModelForSecureEnclave = [self isPadForSE];

            break;
        default:
            isDeviceModelForSecureEnclave = false;
            break;
    }

    return (isOSForSecureEnclave && isDeviceModelForSecureEnclave) ? YES:NO;
}


/**
 The arrays are models that we know not having SE in hardware, so if the current device is on the list it means it dosent have SE
 */

+ (BOOL) isPhoneForSE
{
    NSString *thisPlatform = [self platform];
    NSArray * oldModels = [NSArray arrayWithObjects:
                           @"x86_64",
                           @"iPhone1,1",
                           @"iPhone1,2",
                           @"iPhone2,1",
                           @"iPhone3,1",
                           @"iPhone3,3",
                           @"iPhone4,1",
                           @"iPhone5,1",
                           @"iPhone5,2",
                           @"iPhone5,3",
                           @"iPhone5,4", nil];

    BOOL isInList = [oldModels containsObject: thisPlatform];
    return !isInList;
}


+ (BOOL) isPadForSE
{
    //iPad Mini 2 is the earliest with SE // "iPad4,4"
    NSString *thisPlatform = [self platform];

    NSArray * oldModels = [NSArray arrayWithObjects:
                           @"x86_64",
                           @"@iPad",
                           @"@iPad1,0",
                           @"@iPad1,1",
                           @"iPad2,1",
                           @"iPad2,2",
                           @"iPad2,3",
                           @"iPad2,4",
                           @"iPad2,5",
                           @"iPad2,6",
                           @"iPad2,7",
                           @"iPad3,1",
                           @"iPad3,2",
                           @"iPad3,3",
                           @"iPad3,4",
                           @"iPad3,5",
                           @"iPad3,6",nil];

    BOOL isInList = [oldModels containsObject: thisPlatform];

    return !isInList;

}


+ (NSString *)platform
{
    size_t size;
    sysctlbyname("hw.machine", NULL, &size, NULL, 0);
    char *machine = malloc(size);
    sysctlbyname("hw.machine", machine, &size, NULL, 0);
    NSString *platform = [NSString stringWithUTF8String:machine];
    free(machine);

    return platform;

}

@end

TO Check Touch ID

- (BOOL)canAuthenticateByTouchId {
if ([LAContext class]) {
    return [[[LAContext alloc] init] canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics error:nil];
}
return YES;
}

You can also find for detecting Secure Enclave here you find

Answer 2

Above solution has no problem but it seems like hack, so I am adding another solution in Swift 4.

To check Secure Enclave availability

enum Device {

    //To check that device has secure enclave or not
    public static var hasSecureEnclave: Bool {
        return !isSimulator && hasBiometrics
    }

    //To Check that this is this simulator
    public static var isSimulator: Bool {
        return TARGET_OS_SIMULATOR == 1
    }

    //Check that this device has Biometrics features available
    private static var hasBiometrics: Bool {

        //Local Authentication Context
        let localAuthContext = LAContext()
        var error: NSError?

        /// Policies can have certain requirements which, when not satisfied, would always cause
        /// the policy evaluation to fail - e.g. a passcode set, a fingerprint
        /// enrolled with Touch ID or a face set up with Face ID. This method allows easy checking
        /// for such conditions.
        var isValidPolicy = localAuthContext.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error)

        guard isValidPolicy == true else {

            if #available(iOS 11, *) {

                if error!.code != LAError.biometryNotAvailable.rawValue {
                    isValidPolicy = true
                } else{
                    isValidPolicy = false
                }
            }
            else {
                if error!.code != LAError.touchIDNotAvailable.rawValue {
                    isValidPolicy = true
                }else{
                    isValidPolicy = false
                }
            }
            return isValidPolicy
        }
        return isValidPolicy
    }

}

To check that touch id available or not

let hasTouchID = LAContext().canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error)

if(hasTouchID || (error?.code != LAError.touchIDNotAvailable.rawValue)) {
     print("Touch Id Available in device")
}

If you want solution in Objective C, then refer this link. Solution in Objective C.