Thanks for all the answers. My concern was about how this plays with the TPM. I assumed that only the built-in fingerprint reader would be able to store the biometric data in the TPM and that something simply externally attached by USB wouldn’t be as “deeply integrated and secure”.
Another concern is how well this would work in software (I plan on using Ubuntu) when there are multiple biometric devices to choose from depending on the situation (e.g laptop lid open or closed. Secondary unit attached or not.).
I’ll try this out once my framework arrives.
i have no idea what Windows 10 do with the TPM. I know the upgrade from Windows 10 to Windows 11 requires TPM 2.0, but you can install Windows 11 on a device without TPM 2.0 since it’s not required for important system functionality.
In fact I don’t even know what it is for. Quick searches indicate that the TPM is responsible for generating encryption keys. TPM Overview – Microsoft Docs
The fact that Windows does not store fingerprints on a special location can be revealed as the fact that Windows 10 fingerprint functions without the presence of a TPM module. My guesses are that the reason Windows Hello can work with things like USB fingerprint is that it stores the fingerprint data on the local disk (perhaps somewhere in your user folder), and retrieve the current fingerprint from a sensor. Then it compares the two and decide whether the two have a match.
Unlike Apple, which is basically building black boxes with buttons, ports and screens and removal of anything will brick (if Apple wanted to) the entire device.