Thinkpads are even nicer than that (if you use Windows). You can use any of your enrolled fingers for the BIOS. Collusion between the fingerprint reader and TPM means passwords are supplied to the BIOS, ATA password protected drives etc. Once arriving at the Windows login screen, your password can be obtained from earlier and used to log you in with no interaction. They even make it so you can start the machine up from a fingerprint swipe - ie it turns on power, BIOS, unlocks drives and logs you in. Also there is a system that allows administrators to provision fingerprint information amongst machines. You can also hit ESC at any point and manually enter passwords.
With Linux the BIOS/ATA unlock all happen the same. There is libfprint which will let you login with a fingerprint scan, but that means PAM doesn't ever see a textual password. If your keychain is encrypted then you end up prompted to enter your password anyway. The only way to prevent that is not encrypting the keychain!
The fingerprint hardware and software is made by authentec who didn't care about non-Windows operating systems. Apple bought them a while back.
Power management, mobile and firmware developer on Linux. Security developer at nvidia. Ex-biologist. Content here should not be interpreted as the opinion of my employer. Also on Mastodon and Bluesky.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: ThinkPad fingerprint reader?
Date: 2013-05-16 08:24 am (UTC)With Linux the BIOS/ATA unlock all happen the same. There is libfprint which will let you login with a fingerprint scan, but that means PAM doesn't ever see a textual password. If your keychain is encrypted then you end up prompted to enter your password anyway. The only way to prevent that is not encrypting the keychain!
The fingerprint hardware and software is made by authentec who didn't care about non-Windows operating systems. Apple bought them a while back.