How to detect if OS supports secure enclave?

By far the easiest way to do this is with the isAvailable property in Apple CryptoKit.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Awesome! Thank you Quinn!

Is there another approach for Objective-C without using CryptoKit which is Swift only framework and is available from iOS 13?

If you can’t use Apple CryptoKit then you’re pretty much back to what antonl1 suggested at the start of this thread: Create a key protected by the SE and see if that works.

The other alternative is to assume that the SE is tied to something else, like biometric security, and it’s better not to make assumptions like that IMO.

If you go down this path I encourage you to use Apple CryptoKit where it’s available. That is, create a small Swift class that uses returns the isAvailable property and call that from your Objective-C code. That way you’ll only need to run your compatibility code on older devices.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Unfortunately, I cannot use Apple CryptoKit as the project I'm working on is still supporting iOS 10. Try to use SE and fallback to non-SE seem to be the best option for now. Thanks for the suggestion.

I cannot use Apple CryptoKit as the project I'm working on is still supporting iOS 10.

Understood. However, my suggestion was that you write conditional code that uses the new API on new OS releases and falls back to your legacy code path if it’s not available. For example:

func hasSecureEnclave() -> Bool {
    if #available(iOS 13.0, *) {
        return SecureEnclave.isAvailable
    } else {
        … fall back to your compatibility code …
    }
}

That way you’re always using the best option that’s available on the current device’s OS version.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"