LIbrem 11 fingerprint reader

The spec page for the Librem 11 includes a line item for a fingerprint reader:

Goodix PID 0x5750 (Not supported in fprint yet)

I believe Goodix is vendor ID 27C6
I see the product id of 0x5750 is indeed not listed as supported in the driver
When doing a lsusb on my librem11, I don’t see anything with this vendor or product ID at all. I’m not even sure where on the device the fingerprint reader is supposed to be? In the power button? Anyone know how to detect that this thing exists or anything about it? Maybe its not a usb device so I’m using the wrong command?
I doubt there has been any progress in getting it functioning as it appears development is quite slow right now while I assume Purism builds up some cash but I’m still interested in it. Would be nice if they ever get it functioning to be able to quickly unlock this thing.

2 Likes

On Ubuntu I believe the OEM kernel would have the driver support you need. You should also be able to get the necessary fprint version. This was an issue on Framework laptops but has been sorted using the OEM on LTS releases. 23.10, for example, already has all of this stuff backed in and the fingerprint scanner just works out of the box.

1 Like

You don’t see this device in lsusb?

purism@pureos:~$ lsusb | grep Goodix
Bus 001 Device 002: ID 27c6:5750 Shenzhen Goodix Technology Co.,Ltd. FingerPrint

Yes, it’s in the power button.

2 Likes

nope, I don’t:

Bus 002 Device 010: ID 0bda:8153 Realtek Semiconductor Corp. RTL8153 Gigabit Ethernet Adapter
Bus 002 Device 009: ID 2109:0822 VIA Labs, Inc. USB3.1 Hub             
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 006: ID 8087:0aaa Intel Corp. Bluetooth 9460/9560 Jefferson Peak (JfP)
Bus 001 Device 108: ID 1018:1008  
Bus 001 Device 007: ID 0c45:636b Microdia Hy-HD-Camera
Bus 001 Device 005: ID 1bcf:28c4 Sunplus Innovation Technology Inc. HK 5M CAM
Bus 001 Device 003: ID 1a40:0801 Terminus Technology Inc. USB 2.0 Hub
Bus 001 Device 105: ID 05e3:0751 Genesys Logic, Inc. microSD Card Reader
Bus 001 Device 103: ID 05e3:0751 Genesys Logic, Inc. microSD Card Reader
Bus 001 Device 106: ID 046d:c52b Logitech, Inc. Unifying Receiver
Bus 001 Device 104: ID 045e:07a5 Microsoft Corp. Wireless Receiver 1461C
Bus 001 Device 102: ID 1a40:0101 Terminus Technology Inc. Hub
Bus 001 Device 101: ID 1a40:0101 Terminus Technology Inc. Hub
Bus 001 Device 099: ID 2109:2822 VIA Labs, Inc. USB2.0 Hub             
Bus 001 Device 002: ID 05e3:0751 Genesys Logic, Inc. microSD Card Reader
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
1 Like

@lo0 You’re right, it’s not there on the bus. Please support@puri.sm to discuss options for your device.

1 Like

There are security implications to this. Most of the time, convenience and security don’t mix well together at all. It seems convenience almost always decreases security by increasing the attack surface.
It is the case with fingerprint biometrics unlock: the problem is that you still need to keep a password, because you want to have a fallback in case the fingerprint method fails in some way.
You can compare this to your home: if it has only one main entrance door (and no windows), burglars will have to break in via this only single entry point. There is a lock and you have a key you always carry with you - it is difficult for the burglar if the door/lock/key system is sophisticated enough. This is like a strong password protecting your device. The attack surface in this case is exactly one - and it is the minimal attack surface possible in any security design.
But of course, your password being strong makes it annoying and slow to unlock your device - so you would like to add another more convenient way to unlock it, say a fingerprint reader unlocking the device at the touch of your finger. And most people will think (or have been led to think) that they actually increase their device’s security by using the fingerprint unlock. But let’s see what the burglar now thinks of your home: it has a front door - not easy to crack - and it now has a backdoor. Then you have not increased security, you have considerably decreased it (at least by half) because you have doubled the attack surface: there are now two ways to break in!
We can debate whether a fingerprint reader is more secure or less secure than a password. It much depends on the strength of the password. My opinion on biometrics for security is that they are weak. Easy to bypass in number of ways, especially with fingerprint based systems: unlike PIN codes or passwords, fingerprints are not secret. Once compromised, biometrics cannot be changed (unlike passwords.) You can be coerced to use your own finger (whether by force or law.) So called “smudge attacks” are incredibly easy to do: someone steals your device and they have all the fingerprints they need right there on your touch screen!
No! Fingerprint unlock is decidebly a bad idea (from a security standpoint)

5 Likes

In additional - that happens to all biometric things. Here a 1min video how easily an iris-lock can be hacked. For fingerprint it’s similar. Everything you touch has your fingerprint. Glass of water from restaurant? Your password is in hands of strangers.

5 Likes

Oh I am aware that a fingerprint unlock technically decreases the security of the device. My security model doesn’t require concerning myself with someone able and willing to image my fingerprint off a glass at my favorite bar, break into my house and take my tablet while I’m not there, and exfiltrating my collection of ebooks :slight_smile: Convenience for the 99.999% percentile would win out in this case. Besides, if they had complete physical access to the device and the will to get into this thing, the default pin based password would fall pretty quickly as they could just hook up a scripted keyboard like device to run through all combos in pretty short time (depending on the length of the pin of course). If I am truly worried about someone getting into it while its out of my physical possession I can just power it down and be protected by luks encryption in either case :slight_smile:

2 Likes

Haha great video. I knew before even looking that it would be a Samsung phone, their “security” measures like that are always super gimicky

2 Likes

This.

In other words, sure, choose convenience if you do so with informed consent.


I won’t be using biometrics but, well, the OP should at least have that choice!

For a sanity check before badgering Purism Support … can you reproduce this with all the optional USB devices unplugged and using a PureOS Live Boot?

(I’m just assuming that you have some USB things plugged in, given that you have two wireless receivers and three µSD card readers. ???)

1 Like

Me either. I think I ordered within 24 hours of announcement and received it 3 weeks after order.

$ lsusb     
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 008: ID 8087:0aaa Intel Corp. Bluetooth 9460/9560 Jefferson Peak (JfP)
Bus 001 Device 004: ID 1018:1008  
Bus 001 Device 007: ID 0c45:636b Microdia Hy-HD-Camera
Bus 001 Device 005: ID 1bcf:28c4 Sunplus Innovation Technology Inc. HK 5M CAM
Bus 001 Device 003: ID 1a40:0801 Terminus Technology Inc. USB 2.0 Hub
Bus 001 Device 002: ID 05e3:0751 Genesys Logic, Inc. microSD Card Reader
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
1 Like

Yeah mine was a first day order too, so maybe a common problem with the first batch? I haven’t heard anything back from support yet.

1 Like