Skip to main content
  1. Posts/

How to Use the Fingerprint Reader on Arch

··736 words·4 mins
Tutorial linux arch linux
bitSheriff
Author
bitSheriff
Bughunter in the Wild Wild Web
Table of Contents

A lot of modern laptops have a builtin fingerprint reader. This is a very convenient way to unlock your device without typing in a password. In this tutorial, I will show you how to set up the fingerprint reader on Arch-based systems. In my case, I am using a Framework Laptop with EndeavourOS (arch-based) Linux. Framework has an official guide1 on how to update the firmware of the fingerprint reader. I will not cover this in this tutorial because in my opinion this guide is very well written and easy to follow. It is always nice to see that companies are supporting the Linux community by choosing hardware that is compatible.

Prerequisites
#

Sadly not every fingerprint reader is supported. There is an official list of supported devices on the fprintd website. If your device is not listed there, you can try it out but it is not guaranteed that it will work.

Installing the necessary packages
#

The only system package which is needed is fprintd2 which can be installed with

1

sudo pacman -S fprintd

Scan your fingers
#

Now after the package is installed you can add your first finger with

1

fprintd-enroll

This will automatically choose which finger you probably want to add, starting with you index finger. Adding fingers this way is kind of nerve-wracking, so a wrote a simple bash-script using gum3, for that extra glamour, to add multiple fingers at once:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

#!/bin/bash

# Define a map of selections to their corresponding fprintd finger names
declare -A finger_map=(
    ["R Thumb"]="right-thumb"
    ["R Index"]="right-index-finger"
    ["R Middle"]="right-middle-finger"
    ["R Ring"]="right-ring-finger"
    ["R Little"]="right-little-finger"
    ["L Thumb"]="left-thumb"
    ["L Index"]="left-index-finger"
    ["L Middle"]="left-middle-finger"
    ["L Ring"]="left-ring-finger"
    ["L Little"]="left-little-finger"
)

# Display the options for selection using gum
selection=$(
    gum choose --no-limit \
        "${!finger_map[@]}"
)

# Convert the multi-line selection into an array
IFS=$'\n' read -rd '' -a selected_fingers <<<"$selection"

# Loop through the selected options and enroll each finger
for finger in "${selected_fingers[@]}"; do
    fprintd-enroll -f "${finger_map[$finger]}"
done

Authentication Configuration
#

To use the fingerprint reader for sudo and kde you need to add the following lines to the /etc/pam.d/sudo and /etc/pam.d/kde file4:

1
2

auth            sufficient      pam_unix.so try_first_pass likeauth nullok
auth            sufficient      pam_fprintd.so

Now you can use your fingerprint to authenticate sudo in the terminal with your fingerprint. For this you have to press enter once if the password prompt appears, then it will ask you to scan your finger. Using my finger in the terminal was my biggest improvement in my workflow because I use sudo a lot more often than logging in (which most people think of the fingerprint reader at first).

Logging in (after lock) works now too. Please note that the fingerprint reader is not working for the initial login after booting the system. This is a security feature to prevent unauthorized access to your system.

If you want to use it for any kind of system authentication, add the following line to the top of the file /etc/pam.d/system-auth

1

auth            sufficient      pam_fprintd.so

Troubleshooting
#

On my first try, I enrolled a finger with the KDE-Gui in the settings but I was not able to remove it anymore even tho it was not showing. Everytime I tried to enroll my inde-finger again, it failed with duplicate, even fprintd-delete "$USER" did not help. So I found5 a python script which successfully deleted all my finger signatures.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

#! /usr/bin/python3

import gi
gi.require_version('FPrint', '2.0')
from gi.repository import FPrint

ctx = FPrint.Context()

for dev in ctx.get_devices():
    print(dev)
    print(dev.get_driver())
    print(dev.props.device_id);

    dev.open_sync()

    dev.clear_storage_sync()
    print("All prints deleted.")

    dev.close_sync()

If you have any issues with the fingerprint reader, please check the ArchWiki for more information.

Conclusion
#

Due to the fact that almost every smartphone has a fingerprint reader or works with face recognition, we are used to the fast and secure way of unlocking our devices. I am very happy that I can use my fingerprint reader on my laptop now. It is a small feature but it makes my workflow a lot smoother.

What do I do with the time I saved by not typing in my password? I write more blog posts 😄

Sources and More
#

  1. https://knowledgebase.frame.work/en_us/updating-fingerprint-reader-firmware-on-linux-for-13th-gen-and-amd-ryzen-7040-series-laptops-HJrvxv_za ↩︎

  2. https://wiki.archlinux.org/title/Fprint ↩︎

  3. https://github.com/charmbracelet/gum ↩︎

  4. https://community.frame.work/t/guide-solved-sudo-and-login-with-fingerprint-reader-under-kde-arch-linux/37009 ↩︎

  5. https://community.frame.work/t/tracking-fingerprint-scanner-compatibility-with-linux-ubuntu-fedora-etc/1501/204 ↩︎