Fingerprint reader compatibility for "TOD" (Touch OEM Device) compatible readers typically provided on Dell Laptops with Broadcom fingerprint readers; This project provides all the requirements to get the device working. Namely: a replacement for libfprint, the underlying libraries for the fprintd fingerprint daemon on Linux; the broadcom drivers and firmware; and an SELinux policy module.
Installation Instructions
Instructions not filled in by author.
Author knows what to do.
Everybody else should avoid this repo.
Active Releases
The following unofficial repositories are provided as-is
by owner of this project.
Contact the owner directly for bugs or issues (IE: not bugzilla).
However, it appears that the initial dnf swap already automagically installs libfprint-tod-selinux by itself, so the explicit install is not actually needed.
I didn’t get any notification of this conversation so apologies for the tardy response.
Thanks for letting me know about the typo, I’ve fixed that up. I’m really glad to get some confirmation that it’s working well for others in addition to myself - makes it worthwhile putting the effort into creating the copr.
Appreciate your work. Looks like it is functioning for many people. Do you know if it is/can be made compatible with device ID 0a5c:5865. This is the newer “ControlVault 3 Plus” (CV3+) architecture which I think differs from the current supported ones even though they have similar (same) firmware. Thank you
Hi Dan, yes there is a firmware version for CV3+ available. I actually made an experimental build for this for a colleague a while back so it wouldn’t be too hard for me to add to the copr repo. The thing that has stopped me from doing so is that my colleague didn’t test it so I never got feedback on whether it works, and in particular whether it works with SE Linux enabled. It’s entirely possible I might need to extend or create a new SE Linux policy for this firmware. If you’re willing to be a guinea pig and work with me on testing then we could make it more widely available for everyone else as an RPM.
It makes sense for me to send you a build and any subsequent fixes. If you don’t mind connecting via email (or some other method) where we can share a file or two, then we can iterate on this together. My email address is on the wiki at User:Grahamwhiteuk - Fedora Project Wiki but also happy to use any other method of contact you prefer.
Nope! Not until I just checked my junk folder anyway… thanks for following up!
I built a new CV3+ RPM this morning with the latest firmware in it so I’ll ping that across in an attachment. I’m banking on needing a few iterations and debug sessions to get this right so once you confirm it’s working then I’ll release publicly.
This worked perfectly on my Dell Precision 3561 (Broadcom Corp. BCM58200 ControlVault 3) on Fedora 43. With only the instructions provided here I got fingerprint auth fully working. Thanks Graham!
Hey Levente, you’re welcome. Just out of interest, what’s your device ID? See the output of lsusb. I’m guess it’s one of 5842, 5843, 5844 or 5845 since those are the ones supported by the repo right now and I’m working with Dan on expanding support for device IDs 5864, 5865, 5866 and 5867.
I have a 5843, looks like the sensor is detected and everything but it doesn’t see me putting my finger on the sensor and times out. Any other debugging I can do?
Mar 19 15:05:20 fedora systemd[1]: Starting fprintd.service - Fingerprint Authentication Daemon...
Mar 19 15:05:20 fedora fprintd[5528]: In cvif_IsUshThere(), cv_get_ush_ver() status: (0x0)
Mar 19 15:05:20 fedora fprintd[5528]: Control Vault getting chip type
Mar 19 15:05:20 fedora fprintd[5528]: Citadel A0 CID7 Chip Found....
Mar 19 15:05:20 fedora fprintd[5528]: Current AAI Version = 5.15.10.0
Mar 19 15:05:20 fedora fprintd[5528]: Current SBI Version = 229
Mar 19 15:05:20 fedora fprintd[5528]: AAI version available for upgrade = 5.15.10.0
Mar 19 15:05:20 fedora fprintd[5528]: SBI version available for upgrade = 229
Mar 19 15:05:20 fedora fprintd[5528]: AAI version matches - it is up do date
Mar 19 15:05:20 fedora fprintd[5528]: SBI version matches - it is up do date
Mar 19 15:05:20 fedora fprintd[5528]: Citadel A0 CID7 Chip Found....
Mar 19 15:05:20 fedora fprintd[5528]: Sensor type : 16 Sensor firmware version on device: GF5288_GM188WNC_APP_10009 length: 25
Mar 19 15:05:20 fedora fprintd[5528]: Sensor-firmware file signature verification is valid
Mar 19 15:05:20 fedora fprintd[5528]: Sensor firmware version in file(sensor 16): GF5288_GM188WNC_APP_10009 length: 25
Mar 19 15:05:20 fedora fprintd[5528]: Sensor firmware versions in file and on device match
Mar 19 15:05:20 fedora systemd[1]: Started fprintd.service - Fingerprint Authentication Daemon.
Mar 19 15:06:28 fedora fprintd[5528]: Enrollment was in progress, stopping it
^Croot@fedora:~# lsusb|grep -i finger
Bus 003 Device 003: ID 0a5c:5843 Broadcom Corp. BCM58200 ControlVault 3 (FingerPrint sensor + Contacted SmartCard)
root@fedora:~#
Your logs look good to me so I would guess that it’s all working, leaving me with 2 suggestions:
Check you also installed the SELinux RPM module (you should have libfprint-tod-selinux installed). What’s odd from your logs is that you don’t have any audit entries in there at all and I would expect to see some successful audit logs for the fprintd unit, or perhaps some unsuccessful ones if you don’t have the SELinux RPM installed - this could point to the logs coming from a system where SELinux has been completely disabled.
A hardware problem, with everything else looking OK the next suspect would be that you have some sort of hardware issue which isn’t something we’re going to be able to solve with any amount of fiddling around with the system, drivers or firmware.
I’d be happy to work with one or both of you. Dan has gone quiet on me so I hope he’s ok!
What I need is someone that has the appropriate debugging skills - so if you’re comfortable reading through your journal logs then I can help guide you to figure out whether my current build works. There are two elements of uncertainty in terms of where to place the firmware files (I’m hoping I have this correct) and whether the SELinux policy needs to be updated (which it almost certainly does but I wont be able to tell whether the current policy file I provide is sufficient for this firmware).
If you’re comfortable with the debugging work then ping me an email and I’ll send you the build. I don’t want to make it public until I’m confident it’ll work more widely for everyone else.
Thanks for putting in the work to get these working on Fedora. I’m having some issues utilizing this with my Latitude 7440. Namely, it looks like if the USH firmware gets updated past 5.12.018 that it no longer registers fingerprints properly. I’ve checked to ensure the hardware is functional both on Windows and on Ubuntu (but only if I use libfprint-2-tod1-broadcom_5.12.018-0ubuntu1~22.04.01_amd64.deb and not the 5.15.010 package. The 5.15.010 package matches the firmware from your package and exhibits the same behavior. I’m not sure if you’ve seen this elsewhere with this firmware version or if there is a better way to debug it, so looking for some pointers.
This is news to me. I’ve not experienced any problems on my machine using the 5.15.010.0 I make available in this repository. I’ve been able to register new fingerprints as well as successfully authenticate and I use it daily as my main auth mechanism. Looking back at my RPM build history, I started at 5.14.003.0 so I’ve never used a version as old as the 5.12 one that works for you. It sounds like your workaround is to stay on the older version???
