[TRACKING] Fingerprint scanner compatibility with linux (ubuntu, fedora, etc)

Is the fingerprint sensor’s backlight supposed to be always on?

(I’m on Ubuntu 21.04)

@Atul_Ingle thanks tons for your help - I don’t understand/know how to edit at step 3 of ian’s instructions. how do I get it to save and exit the editor window?

I am getting there - now I have this?:
meson.build:209:12: ERROR: Problem encountered: pixman is required for aes3500 and possibly others

@ari it’s always on for me. I don’t mind it because I think of it like a “power on” indicator instead of “fingerprint sensor backlight”. I don’t think there’s a way to change that behavior through your OS settings.

1 Like

@Atul_Ingle that’s a good way to think of it. I was curious because of this gif from the framework blog: Framework | The Touchpad and Fingerprint Reader

The fingerprint issue some people were having with “finger is too similar to another” seems like it’s an issue that affects other laptops too. I found this post where what sounds like the exact same issue was resolved by replacing the motherboard (!!!). I have a Dell Inspiron 5515 (the id of the Goodix reader it uses is 27c6:639c) with this issue too, it seems that Vaelatern was on the right path, that the reader has its own storage somewhere that causes issues. I suspect the reader isn’t playing well with fprintd. I tried with version 1.94.0, which supports clearing the chip’s storage as of fprintd 1.92.0 but no dice. I’ve cleared TPM, cleared CMOS, tried clean installs of different distros and the problem is still there. However, in Windows, it works, even with the finger that’s problematic on Linux. Since it works on Windows, I’ve also tried enrolling and removing the problematic fingerprint, but that does not remove it from wherever it’s saved on the board, and I end up with the same issue when I boot back into Linux, even a clean install. Since you mentioned you’ve been in contact with Goodix, are there any updates on the situation that you could share @nrp? Perhaps you could forward the above information as well since it may help with finding a solution for the Framework Laptop (and hopefully other laptops as well). Sorry for the wall of text about other laptops, but since the issues sound identical and that there were multiple people with this issue here, I thought it may be helpful to post about it here.

edit: this issue - fprintd-enroll fails immediately with "enroll-disconnected" for supported device (#404) · Issues · libfprint / libfprint · GitLab also sounds very similar

3 Likes

We haven’t found a resolution with the Goodix team yet, but are in discussion with them on the issue.

8 Likes

For anyone else using Ubuntu and wondering how to activate fingerprint for sudo authentication, @ant’s suggestion above worked like a charm.
I added only the first line
auth sufficient pam_fprintd.so try first_pass likeauth nullok
at the beginning of my /etc/pam.d/sudo file.

Now I get 3 attempts of fingerprint when running a sudo command, and it falls back to password entry after 3 failed attempts. I can press Ctrl-C and go straight to password entry (which, apparently, was introduced as a new feature in fprintd v1.92!)

5 Likes

I’m still trying to get it on Pop!_OS (seems like someone else got it working though) and would like something similar. I really liked in MacOS how I could use my fingerprint or double click the side button on my watch to authenticate across the system.

@nitrousgranola - once you have things built and installed, make sure to follow the pam authentication steps per this link: https://www.tec4tric.com/linux/enable-fingerprint-login-in-ubuntu

I am running Pop!_OS and have the fingerprint reader working for sudo and other authentication. Good luck, hopefully this allows you to get it working.

2 Likes

@lbkNhubert thanks for taking the time to post a solution. :nerd_face: :+1:

1 Like

With regard specifically to the Framework laptop, if you want to use a USB key in your authentication chain, you already can. The pam.d man page is a good reference to customize your authentication chain. There’s tons of other pam modules available in various repos as well, like facial recognition. You can pretty much have fully conditional, context dependent, n factor authentication chains.

My point being, pam is pretty ubiquitous and incredibly powerful. Am I missing something that this does?

1 Like

I’ll admit, this would be super cool. Reminds me of the Google Pixelbook from 2017. Its power button could be set up to serve as a U2F key. This was kind of dangerous to enable because an attacker always had the physical key wherever the laptop was. But being able to process and authenticate fingerprint before acting as a U2F key could be cool.

Still not the most secure, because you merge something you are and something you have into one system. I’d prefer to keep these two, along with something you know, separate. But for the less security-minded, it could be interesting.

So if we don’t want to compile the source for the files necessary for the fingerprint scanner, is there a repo we can use that we can just sudo apt install them with?

@2disbetter I don’t see an updated libfprint in Ubuntu’s package list, it still shows v1.90, even in the upcoming 21.10 (impish). So I’m not aptimistic.

3 Likes

I got the fingerprint reader to work to sign in and on sudo. One thing I noticed was after a restart and I use the fingerprint to sign in it doesn’t unlock the keyring. I looked arround and this seems to be intended for security reasons. From what I read it seems your keyring is encrypted using your password and so your fingerprint can’t decrypt it without having your password stored as plain text which is not secure. Did I understand this right? If not anybody know how to get your fingerprint to unlock the keyring securely.

2 Likes

Has anyone succeeded in using fingerprint login with Linux + Windows dual boot environment? Any gotchas? If I enroll (or remove) fingerprints in one OS, does it affect the other OS?

I use the same finger for w10, and Ubuntu 21.04 after getting it working

3 Likes

I have fingerprint login working for both Linux and Windows. Unfortunately, I had to set fingerprint twice – was not able to reuse fingerprint set in Ubunty on Windows login. Fortunately, when I set it in Win10 as well – it hasn’t overrided my Ubunty fingerprint.

1 Like

I’m on Ubuntu 20.04.3 and while I have the fingerprint scanner showing up, I get a device error or a failure to connect.

I get a failure to connect if I try to register a finger that I have used for Windows login. And then device error if I use a finger I haven’t registered.

The scanner works under Windows though.

I’m wondering if it is just because I am on LTS?

That seems unlikely (most of the fingerprint driver is in userspace, to the kernel it’s just another USB device), but it’d probably be easy enough to test a live USB containing 21.04 with libfprint 1.92.1 and fprintd 1.92.0 copied into the image from your root partition after it’s done loading.