Setting up fingerprint scanner on Framework 16
I'm using Debian 12 which is not officially supported but appears to work more or less out of the box
Check which fingerprint device you have
Check which device you have with lsusb
~> lsusb
Bus 008 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 007 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 006 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 005 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 002: ID 0bda:5634 Realtek Semiconductor Corp. Laptop Camera
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 002: ID 05e3:0625 Genesys Logic, Inc. USB3.2 Hub
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 008: ID 0e8d:e616 MediaTek Inc. Wireless_Device
Bus 001 Device 010: ID 32ac:0018 Framework Laptop 16 Keyboard Module - ISO
Bus 001 Device 009: ID 27c6:609c Shenzhen Goodix Technology Co.,Ltd. Goodix USB2.0 MISC
Bus 001 Device 006: ID 05e3:0610 Genesys Logic, Inc. Hub
Bus 001 Device 007: ID 32ac:0014 Framework Laptop 16 Numpad Module
Bus 001 Device 004: ID 05e3:0610 Genesys Logic, Inc. Hub
Bus 001 Device 005: ID 32ac:0002 Framework HDMI Expansion Card
Bus 001 Device 003: ID 05e3:0610 Genesys Logic, Inc. Hub
Bus 001 Device 002: ID 32ac:0003 Framework DisplayPort Expansion Card
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
The fingerprint device on the Framework 16 is this line:
Bus 001 Device 009: ID 27c6:609c Shenzhen Goodix Technology Co.,Ltd. Goodix USB2.0 MISC
You can check which devices are supported by fprintd from their compatibility table
Install fprintd
fprintd is a daemon and tools which allow interacting with fingerprint devices
Install with apt:
~> sudo apt update -y
~> sudo apt install fprintd libpam-fprintd
Configure PAM to allow fingerprint logins
There is a TUI tool called pam-auth-update which edits the necessary files for us
~> sudo pam-auth-update
Use the arrow keys and spacebar to select [*] Fingerprint authentication, then tab and enter to click
Configure Polkit to allow us to register fingerprints
I had an issue where Polkit was preventing the registration of new fingerprints.
~> fprintd-enroll
Using device /net/reactivated/Fprint/Device/0
Enrolling right-index-finger finger.
EnrollStart failed: GDBus.Error:net.reactivated.Fprint.Error.PermissionDenied: Not Authorized: net.reactivated.fprint.device.enroll
I had to create a file /etc/polkit-1/rules.d/50-allow-fprintd.rules (the filename doesn't matter, polkit reads all files in that directory) with the following contents
~> cat /etc/polkit-1/rules.d/50-allow-fprintd.rules
polkit.addRule(function (action, subject) {
if (action.id == "net.reactivated.fprint.device.enroll")
{
return polkit.Result.YES;
}
})
This file tells polkit to allow anyone to register fingerprints on the device
Now we can enroll fingerprints, place your finger on the scanner in multiple positions, so it can pick up your fingerprint more easily when verifying.
~> fprintd-enroll
Using device /net/reactivated/Fprint/Device/0
Enrolling right-index-finger finger.
Enroll result: enroll-stage-passed
Enroll result: enroll-stage-passed
Enroll result: enroll-stage-passed
Enroll result: enroll-stage-passed
Enroll result: enroll-stage-passed
Enroll result: enroll-stage-passed
Enroll result: enroll-stage-passed
Enroll result: enroll-stage-passed
Enroll result: enroll-retry-scan
Enroll result: enroll-retry-scan
Enroll result: enroll-stage-passed
Enroll result: enroll-stage-passed
Enroll result: enroll-stage-passed
Enroll result: enroll-stage-passed
Enroll result: enroll-completed
Now when logging in via the tty or to sudo, it will prompt for fingerprint after entering your username
~> sudo -i
Place your right index finger on the fingerprint reader
root:~#
If it doesn't recognise your finger, it will prompt for password instead.
~> sudo -i
Place your right index finger on the fingerprint reader
Failed to match fingerprint
[sudo] password for matthew:
root:~#