Integrated Fingerprint Reader

From ThinkWiki
Revision as of 16:44, 24 October 2005 by 137.226.181.248 (Talk)
Jump to: navigation, search
IBM Integrated Fingerprint Reader

Integrated Fingerprint Reader

IBM released a second generation of T42 models in autumn 2004 featuring Intel Pentium M 765 processors and an integrated fingerprint reader.

The fingerprint reader is produced by a company called UPEK, which is specialized to fingerprint readers.

It seems to be integrated as a USB device.

Furthermore, IBM states that there's an interface with the Embedded Security Subsystem.

Linux Support

A closed source driver is expected from the vendor in September 2005. Details on the driver are unknown at this time. See links below for more information.

Upek released the second beta-version of their driver for the BioAPI 1.10 framework. www.qrivy.net/~michael/blua/upek-bsp.html

HowTo

Disclaimer: This is how I got the fingerprint reader on my T43 to work. It can _NOT_ yet be used to log me into the system. Working on that,

This is on ubuntu breezy.

get all required devel libs and tools (gcc, g++, pam-dev, etc.) I could not compile bioapi with the graphical Qt tools

wget http://www.qrivy.net/~michael/blua/bioapi/bioapi-1.2.2.tar.bz2
tar xjf bioapi-1.2.2.tar.bz2
cd bioapi-1.2.2
wget http://badcode.de/downloads/fingerprint.patch

if you want, review the patch. in general you should review all code you download and compile, if possible the patch comes from this thread on linuxbiometrics.com: http://linuxbiometrics.com/modules/newbb/viewtopic.php?viewmode=flat&topic_id=80&forum=1

patch -p0 < fingerprint.patch
./configure --with-Qt-dr=no
make

then as root

make install

beware that checkinstall will not work! go to http://www.qrivy.net/~michael/blua/upek-bsp.html and download TFMESS_BSP_LIN_1.0beta2.zip unzip it into a seperate folder, as it will not create one

as root

sh install.sh
chmod 777 -R /usr/local/var/bioapi/

actually this depends on where you installed, if you did as i wrote, it should work otherwise you probably know what you're doing anyways :)

touch /var/log/BSP.log && chmod 666 /var/log/BSP.log 
chmod 666 /proc/bus/usb/`lsusb | grep "0483:2016" | sed -e "s/Bus\ \(.*\)\ Device\ \(.*\):\ .*/\1\/\2/"`

It might be nessecary to put the above line into a startup script somewhere.

now go to the folder where you extracted TFMESS_BSP_LIN_1.0beta2.zip

cd NonGUI_Sample
./Sample

Now i hope it works, otherwise mail me: t43fingerprint (at) badcode.de

Another thing i got to work: gdm login with pam_bioapi *freu*

what i did:

wget http://www.qrivy.net/~michael/blua/pam_bioapi/pam_bioapi-0.2.1.tar.bz2
tar xjf pam_bioapi-0.2.1.tar.bz2
./configure && make

as root

make install

now use the sample tool from the fingerprint reader to create <username>.bir <username> _must_ be the username you want to login with, gdm broke for me for any login name that had no .bir file

try:

BioAPITest | grep -A2 Fingerprint | tail -n1 | cut -b 12-

it should print something like

{5550454b2054464d2f45535320425350}

if it does:

mkdir /etc/bioapi1.10/pam`BioAPITest | grep -A2 Fingerprint | tail -n1 | cut -b 12-`
cp <username>.bir /etc/bioapi1.10/pam`BioAPITest | grep -A2 Fingerprint | tail -n1 | cut -b 12-`

now comes a distribution specific part. on ubuntu i can modify /etc/pam.d/common-auth to look like this:

#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
#
auth    sufficient      pam_bioapi.so {5550454b-2054-464d-2f45-535320425350} /etc/bioapi1.10/pam
auth    required        pam_unix.so nullok_secure

and pam immediatelly starts to use the fingerprint reader to do local authorization (e.g. sudo/gdm use the fingerprint reader) I found this out by try and success, if this is plain wrong, wikorrect me :) Now my gdm pops up a (ugly) image to swipe my finger and... magic I can login without a password

I'd be glad to help out if you have questions. t43fingerprint (at) badcode.de

Related Links

Models featuring this Technology