Hey everyone, I recently got an AMD Framework laptop 13, and I have Arch Linux + GNOME running. I’m running into a few issues that I’d like to get resolved.
The main thing is the fingerprint sensor. I followed the Framework guide to get it updated, and I’ve installed fprintd to enable it for user login. However, each time I login and attempt to open a Chromium browser, I am asked to enter my password, as the keyring wasn’t initialized. Additionally, I’m not able to use the fingerprint in the Terminal. I tested Fedora on this laptop and didn’t have this issue, and would like to replicate Fedora’s fingerprint behavior in my current Arch + GNOME install. I’ve already tried to make some /etc/pam.d changes, but was unsuccessful and had to reinstall the OS, as I had locked myself out.
The other issue is with the ambient light sensor. My auto-brightness works, but it adjusts the brightness in large, noticeable steps, and it’s unpleasant to use. Does anyone know how to implement a smoother, less obvious auto-brightness feature?
Thanks for taking the time to read this, looking forward to hearing some potential fixes.
TLDR: How to get fingerprint to unlock keyring upon login + how to use in terminal? How to get smoother auto brightness?
Thank you so much! That did the trick for enabling it in the terminal, but upon login, I’m still having the keyring not being initialized, so chromium browsers ask for my password.
AFAIK you need to have your keyring password set to empty if you want it unlocked after fingerprint login. The fingerprint sensor does not read something that can be used as a decryption “password”. It just tells whoever asks if the presented finger matches one of the already stored ones well enough. In the case of linux login it is probably PAM asking. Empty keyring password of course has security implications since the keyring effectively is unencrypted.
My current solution is using my password for first login after boot, that unlocks my keyring. After the system is up, the automatic screen lock can be disabled by fingerprint. Essentially I have now three states my laptop can be in when not in use:
- Off, disks encrypted, RAM empty
- Booted, not logged in: RAM contains disk encryption key
- Logged in, session locked: Only fingerprint sensor between attacker and everything on my system
Obviously 1 is the most secure and needs the most time and effort to get to using the device. States 2 and 3 mean probably full compromise when the attacker has physical access, while 1 is a bit better.
Hmm okay. I’m still relatively new to Linux so I don’t want to mess around with the keyring just yet. I’m just confused since Fedora seemed to handle authenticating the keyring with fingerprint, and if my password can serve as authentication for the keyring, there has to be a way for my fingerprint to do so as well right? I messed with pam.d before but I ended up breaking a lot of things. Thanks for the info though, definitely have options to consider now!