How to check whether a secure enclave is available on the device or not

Question

How to check whether a secure enclave is available on the device or not

As we know, secure Enclave is a coprocessor made in Apple A7 and available in A7 and later, but its use is public in iOS 9 kSecAttrTokenIDSecureEnclave, but how can we check any protected device support enclave or not? Thanks

+4

security ios

Aleem Dec 19 '16 at 5:44

source share

3 answers

The solution above has no problems, but it seems to be hacked, so I am adding another solution in Swift 4 .

To check the availability of Secure Enclave

enum Device {

    //To check that device has secure enclave or not
    public static var hasSecureEnclave: Bool {
        return !isSimulator && hasBiometrics
    }

    //To Check that this is this simulator
    public static var isSimulator: Bool {
        return TARGET_OS_SIMULATOR == 1
    }

    //Check that this device has Biometrics features available
    private static var hasBiometrics: Bool {

        //Local Authentication Context
        let localAuthContext = LAContext()
        var error: NSError?

        /// Policies can have certain requirements which, when not satisfied, would always cause
        /// the policy evaluation to fail - e.g. a passcode set, a fingerprint
        /// enrolled with Touch ID or a face set up with Face ID. This method allows easy checking
        /// for such conditions.
        var isValidPolicy = localAuthContext.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error)

        guard isValidPolicy == true else {

            if #available(iOS 11, *) {

                if error!.code != LAError.biometryNotAvailable.rawValue {
                    isValidPolicy = true
                } else{
                    isValidPolicy = false
                }
            }
            else {
                if error!.code != LAError.touchIDNotAvailable.rawValue {
                    isValidPolicy = true
                }else{
                    isValidPolicy = false
                }
            }
            return isValidPolicy
        }
        return isValidPolicy
    }

}

let hasTouchID = LAContext().canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error)

if(hasTouchID || (error?.code != LAError.touchIDNotAvailable.rawValue)) {
     print("Touch Id Available in device")
}

Objective C, . Objective C.

0

technerd 16 . '18 10:28

I created a class, due to this it is discovered that Secure Enclave is available on the device or not, and there are others about which you can get information. Please download from the Github link

0

Aleem Mar 30 '18 at 12:08

source share

kragekjaer · Accepted Answer · 2017-04-27T11:05:38+0000

I did not find any, so I did my own check:

+ (BOOL) isDeviceOkForSecureEnclave
{

    double OSVersionNumber                  = floor(NSFoundationVersionNumber);
    UIUserInterfaceIdiom deviceType         = [[UIDevice currentDevice] userInterfaceIdiom];

    BOOL isOSForSecureEnclave               = OSVersionNumber > NSFoundationVersionNumber_iOS_8_4 ? YES:NO;
    //iOS 9 and up are ready for SE


    BOOL isDeviceModelForSecureEnclave  = NO;

    switch (deviceType) {

        case UIUserInterfaceIdiomPhone:
            //iPhone
            isDeviceModelForSecureEnclave = [self isPhoneForSE];
            break;
        case UIUserInterfaceIdiomPad:
            //iPad
            isDeviceModelForSecureEnclave = [self isPadForSE];

            break;
        default:
            isDeviceModelForSecureEnclave = false;
            break;
    }

    return (isOSForSecureEnclave && isDeviceModelForSecureEnclave) ? YES:NO;
}


/**
 The arrays are models that we know not having SE in hardware, so if the current device is on the list it means it dosent have SE
 */

+ (BOOL) isPhoneForSE
{
    NSString *thisPlatform = [self platform];
    NSArray * oldModels = [NSArray arrayWithObjects:
                           @"x86_64",
                           @"iPhone1,1",
                           @"iPhone1,2",
                           @"iPhone2,1",
                           @"iPhone3,1",
                           @"iPhone3,3",
                           @"iPhone4,1",
                           @"iPhone5,1",
                           @"iPhone5,2",
                           @"iPhone5,3",
                           @"iPhone5,4", nil];

    BOOL isInList = [oldModels containsObject: thisPlatform];
    return !isInList;
}


+ (BOOL) isPadForSE
{
    //iPad Mini 2 is the earliest with SE // "iPad4,4"
    NSString *thisPlatform = [self platform];

    NSArray * oldModels = [NSArray arrayWithObjects:
                           @"x86_64",
                           @"@iPad",
                           @"@iPad1,0",
                           @"@iPad1,1",
                           @"iPad2,1",
                           @"iPad2,2",
                           @"iPad2,3",
                           @"iPad2,4",
                           @"iPad2,5",
                           @"iPad2,6",
                           @"iPad2,7",
                           @"iPad3,1",
                           @"iPad3,2",
                           @"iPad3,3",
                           @"iPad3,4",
                           @"iPad3,5",
                           @"iPad3,6",nil];

    BOOL isInList = [oldModels containsObject: thisPlatform];

    return !isInList;

}


+ (NSString *)platform
{
    size_t size;
    sysctlbyname("hw.machine", NULL, &size, NULL, 0);
    char *machine = malloc(size);
    sysctlbyname("hw.machine", machine, &size, NULL, 0);
    NSString *platform = [NSString stringWithUTF8String:machine];
    free(machine);

    return platform;

}

@end

Check Touch ID

- (BOOL)canAuthenticateByTouchId {
if ([LAContext class]) {
    return [[[LAContext alloc] init] canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics error:nil];
}
return YES;
}

How to check whether a secure enclave is available on the device or not

More articles: