Support fingerprint unlocking for full-disk-encrypted configurations

Question

Support fingerprint unlocking for full-disk-encrypted configurations

Opened this issue 3 years ago · 1 comments

Some laptops (e.g. Lenovo Thinkpad) have fingerprint sensors. It would be great to integrate it with booster.

This issue depends on anatol/clevis.go#2

Answer 1 · 2023-09-21T19:03:03.000Z

I agree this would be a great and sensible feature to have as virtually all modern laptops come with TPM2 chips and fingerprint sensors nowadays. However, there doesn't seem to be a pure Go library for this. Therefore, whether in Clevis or in Booster, we'd have to wrap libfprint which circles back to requiring Go plugins or linking to it.

Edit: Also, to be clear, I think it'd make more sense for this feature to depend on the TPM2 chip and not only the users' fingerprint itself. Concretely, instead of TPM2+PIN for unlocking, the setup would be TPM2+fingerprint

See #101