@NullVoxPopuli I saw both of those errors at one point.
#1 I think what fixed the libfprint-2 problem for me was sudo apt install libfprint-2-dev
#2 If you are certain that you installed all dependencies (in particular check for pip install gobject and pip install PyGObject), a hacky workaround would be to comment out the line in meson.build that says 'gi.repository.Fprint': true and then try again.
Hi all - an apologies for my lack of technical skills. Loving my Framework laptop and Ubuntu so far working SUPER well. I cannot seem to install the needed updates for the fingerprint reader - I am definitely NOT more the techy type and the chain of discussion is a bit hard for me. Any suggestions (other than the obvious: learn more about all this - hehe…) for a concise set of instructions for a total newbie? Or maybe the best recommendation is ‘wait til it gets rolled into Ubuntu itself…’
1 Like
@Atul_Ingle you can edit /etc/pam.d/sudo to include the following lines in order to use fingerprint sensor first, and a password as fallback. Make sure that top line is at the top, as PAM reads sequentially line-by-line.
#%PAM-1.0
auth sufficient pam_fprintd.so try first_pass likeauth nullok
auth include system-auth
account include system-auth
session include system-auth
3 Likes
Thank you Anthony1, but I don’t know how to do what you are indicating. I am thinking the best answer for me it to just wait until its supported by Ubuntu. I know it seems very easy (and crazy that I don’t know how to edit using terminal, but it just seem to elude me without detailed instructions)
Is the fingerprint sensor’s backlight supposed to be always on?
(I’m on Ubuntu 21.04)
@Atul_Ingle thanks tons for your help - I don’t understand/know how to edit at step 3 of ian’s instructions. how do I get it to save and exit the editor window?
I am getting there - now I have this?:
meson.build:209:12: ERROR: Problem encountered: pixman is required for aes3500 and possibly others
@ari it’s always on for me. I don’t mind it because I think of it like a “power on” indicator instead of “fingerprint sensor backlight”. I don’t think there’s a way to change that behavior through your OS settings.
1 Like
@Atul_Ingle that’s a good way to think of it. I was curious because of this gif from the framework blog: Framework | The Touchpad and Fingerprint Reader
The fingerprint issue some people were having with “finger is too similar to another” seems like it’s an issue that affects other laptops too. I found this post where what sounds like the exact same issue was resolved by replacing the motherboard (!!!). I have a Dell Inspiron 5515 (the id of the Goodix reader it uses is 27c6:639c) with this issue too, it seems that Vaelatern was on the right path, that the reader has its own storage somewhere that causes issues. I suspect the reader isn’t playing well with fprintd. I tried with version 1.94.0, which supports clearing the chip’s storage as of fprintd 1.92.0 but no dice. I’ve cleared TPM, cleared CMOS, tried clean installs of different distros and the problem is still there. However, in Windows, it works, even with the finger that’s problematic on Linux. Since it works on Windows, I’ve also tried enrolling and removing the problematic fingerprint, but that does not remove it from wherever it’s saved on the board, and I end up with the same issue when I boot back into Linux, even a clean install. Since you mentioned you’ve been in contact with Goodix, are there any updates on the situation that you could share @nrp? Perhaps you could forward the above information as well since it may help with finding a solution for the Framework Laptop (and hopefully other laptops as well). Sorry for the wall of text about other laptops, but since the issues sound identical and that there were multiple people with this issue here, I thought it may be helpful to post about it here.
edit: this issue - fprintd-enroll fails immediately with "enroll-disconnected" for supported device (#404) · Issues · libfprint / libfprint · GitLab also sounds very similar
3 Likes
We haven’t found a resolution with the Goodix team yet, but are in discussion with them on the issue.
8 Likes
For anyone else using Ubuntu and wondering how to activate fingerprint for sudo authentication, @ant’s suggestion above worked like a charm.
I added only the first line
auth sufficient pam_fprintd.so try first_pass likeauth nullok
at the beginning of my /etc/pam.d/sudo file.
Now I get 3 attempts of fingerprint when running a sudo command, and it falls back to password entry after 3 failed attempts. I can press Ctrl-C and go straight to password entry (which, apparently, was introduced as a new feature in fprintd v1.92!)
5 Likes
I’m still trying to get it on Pop!_OS (seems like someone else got it working though) and would like something similar. I really liked in MacOS how I could use my fingerprint or double click the side button on my watch to authenticate across the system.
@nitrousgranola - once you have things built and installed, make sure to follow the pam authentication steps per this link: https://www.tec4tric.com/linux/enable-fingerprint-login-in-ubuntu
I am running Pop!_OS and have the fingerprint reader working for sudo and other authentication. Good luck, hopefully this allows you to get it working.
2 Likes
With regard specifically to the Framework laptop, if you want to use a USB key in your authentication chain, you already can. The pam.d man page is a good reference to customize your authentication chain. There’s tons of other pam modules available in various repos as well, like facial recognition. You can pretty much have fully conditional, context dependent, n factor authentication chains.
My point being, pam is pretty ubiquitous and incredibly powerful. Am I missing something that this does?
1 Like
I’ll admit, this would be super cool. Reminds me of the Google Pixelbook from 2017. Its power button could be set up to serve as a U2F key. This was kind of dangerous to enable because an attacker always had the physical key wherever the laptop was. But being able to process and authenticate fingerprint before acting as a U2F key could be cool.
Still not the most secure, because you merge something you are and something you have into one system. I’d prefer to keep these two, along with something you know, separate. But for the less security-minded, it could be interesting.
So if we don’t want to compile the source for the files necessary for the fingerprint scanner, is there a repo we can use that we can just sudo apt install them with?
@2disbetter I don’t see an updated libfprint in Ubuntu’s package list, it still shows v1.90, even in the upcoming 21.10 (impish). So I’m not aptimistic.
3 Likes
I got the fingerprint reader to work to sign in and on sudo. One thing I noticed was after a restart and I use the fingerprint to sign in it doesn’t unlock the keyring. I looked arround and this seems to be intended for security reasons. From what I read it seems your keyring is encrypted using your password and so your fingerprint can’t decrypt it without having your password stored as plain text which is not secure. Did I understand this right? If not anybody know how to get your fingerprint to unlock the keyring securely.
2 Likes
Has anyone succeeded in using fingerprint login with Linux + Windows dual boot environment? Any gotchas? If I enroll (or remove) fingerprints in one OS, does it affect the other OS?