logo标签列表

如何检查设备是否具有安全区域功能

iossecuritysecure-element
9
我们知道,安全区域是一个与Apple A7一起制造的协处理器,并且在A7及以后的设备上可用,但在iOS 9中公开使用kSecAttrTokenIDSecureEnclave。但是,我们如何检查某个设备是否支持安全区域呢?谢谢。
2个回答
7

我没有找到任何相关的内容,因此我自己进行了检查:

+ (BOOL) isDeviceOkForSecureEnclave
{

    double OSVersionNumber                  = floor(NSFoundationVersionNumber);
    UIUserInterfaceIdiom deviceType         = [[UIDevice currentDevice] userInterfaceIdiom];

    BOOL isOSForSecureEnclave               = OSVersionNumber > NSFoundationVersionNumber_iOS_8_4 ? YES:NO;
    //iOS 9 and up are ready for SE


    BOOL isDeviceModelForSecureEnclave  = NO;

    switch (deviceType) {

        case UIUserInterfaceIdiomPhone:
            //iPhone
            isDeviceModelForSecureEnclave = [self isPhoneForSE];
            break;
        case UIUserInterfaceIdiomPad:
            //iPad
            isDeviceModelForSecureEnclave = [self isPadForSE];

            break;
        default:
            isDeviceModelForSecureEnclave = false;
            break;
    }

    return (isOSForSecureEnclave && isDeviceModelForSecureEnclave) ? YES:NO;
}


/**
 The arrays are models that we know not having SE in hardware, so if the current device is on the list it means it dosent have SE
 */

+ (BOOL) isPhoneForSE
{
    NSString *thisPlatform = [self platform];
    NSArray * oldModels = [NSArray arrayWithObjects:
                           @"x86_64",
                           @"iPhone1,1",
                           @"iPhone1,2",
                           @"iPhone2,1",
                           @"iPhone3,1",
                           @"iPhone3,3",
                           @"iPhone4,1",
                           @"iPhone5,1",
                           @"iPhone5,2",
                           @"iPhone5,3",
                           @"iPhone5,4", nil];

    BOOL isInList = [oldModels containsObject: thisPlatform];
    return !isInList;
}


+ (BOOL) isPadForSE
{
    //iPad Mini 2 is the earliest with SE // "iPad4,4"
    NSString *thisPlatform = [self platform];

    NSArray * oldModels = [NSArray arrayWithObjects:
                           @"x86_64",
                           @"@iPad",
                           @"@iPad1,0",
                           @"@iPad1,1",
                           @"iPad2,1",
                           @"iPad2,2",
                           @"iPad2,3",
                           @"iPad2,4",
                           @"iPad2,5",
                           @"iPad2,6",
                           @"iPad2,7",
                           @"iPad3,1",
                           @"iPad3,2",
                           @"iPad3,3",
                           @"iPad3,4",
                           @"iPad3,5",
                           @"iPad3,6",nil];

    BOOL isInList = [oldModels containsObject: thisPlatform];

    return !isInList;

}


+ (NSString *)platform
{
    size_t size;
    sysctlbyname("hw.machine", NULL, &size, NULL, 0);
    char *machine = malloc(size);
    sysctlbyname("hw.machine", machine, &size, NULL, 0);
    NSString *platform = [NSString stringWithUTF8String:machine];
    free(machine);

    return platform;

}

@end

检查触控 ID

- (BOOL)canAuthenticateByTouchId {
if ([LAContext class]) {
    return [[[LAContext alloc] init] canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics error:nil];
}
return YES;
}

您还可以在此处找到检测安全隔离区的工具

是的,我也处理过这个问题,首先检查iOS版本,然后再检查设备是否支持Touch ID。接受回答是因为尝试得很好。 - Aleem
谢谢。你是如何检查TouchID的? - kragekjaer
你为什么要按iPhone/iPad分割它? - thelaws
为了更好的概览,进行了拆分。请注意列表中可能会缺少一些手机型号。 - kragekjaer
你写道iPad Mini 2是带有SE的第一台设备,但iPad Air也不是装有A7吗?无论如何,你的数组“oldModels”没有包含其可能的标识符(iPad4,[1,2,3])。两者都于2013年10月22日推出。因此,你的评论至少应该提到这两个设备 ;) - David Artmann
是的,正如我上面所写的,您需要确保列表是最新的。在这个过程中,我发现了一些原始帖子中没有列出的模型。您需要自己完成它。 - kragekjaer
4

上述解决方案没有问题,但似乎有些取巧。因此,我在Swift 4中添加另一个解决方案。

检查安全区域的可用性

enum Device {

    //To check that device has secure enclave or not
    public static var hasSecureEnclave: Bool {
        return !isSimulator && hasBiometrics
    }

    //To Check that this is this simulator
    public static var isSimulator: Bool {
        return TARGET_OS_SIMULATOR == 1
    }

    //Check that this device has Biometrics features available
    private static var hasBiometrics: Bool {

        //Local Authentication Context
        let localAuthContext = LAContext()
        var error: NSError?

        /// Policies can have certain requirements which, when not satisfied, would always cause
        /// the policy evaluation to fail - e.g. a passcode set, a fingerprint
        /// enrolled with Touch ID or a face set up with Face ID. This method allows easy checking
        /// for such conditions.
        var isValidPolicy = localAuthContext.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error)

        guard isValidPolicy == true else {

            if #available(iOS 11, *) {

                if error!.code != LAError.biometryNotAvailable.rawValue {
                    isValidPolicy = true
                } else{
                    isValidPolicy = false
                }
            }
            else {
                if error!.code != LAError.touchIDNotAvailable.rawValue {
                    isValidPolicy = true
                }else{
                    isValidPolicy = false
                }
            }
            return isValidPolicy
        }
        return isValidPolicy
    }

}

检查 Touch ID 是否可用

let hasTouchID = LAContext().canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error)

if(hasTouchID || (error?.code != LAError.touchIDNotAvailable.rawValue)) {
     print("Touch Id Available in device")
}

如果您需要Objective C的解决方案,请参考此链接。 Objective C的解决方案
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接