This spells out the instructions from the Arch wiki for the specific case of the Lenovo X1 Extreme 2nd Gen (and possibly more recent models).
$ lsusb | rg -i fingerprint
Bus 001 Device 007: ID 06cb:00bd Synaptics, Inc. Prometheus MIS Touch Fingerprint Reader
This Synaptics Prometheus MIS Touch Fingerprint Reader is among the devices supported by fprint.
Firmware update
First, we need to update the firmware of the reader:
$ sudo pacman -S fwupmgr
$ fwupmgr get-updates
$ fwupmgr update [UUID1] [UUID2]
where the two UUIDs are the ones corresponding to the Prometheus sensor and its configuration, as shown in the get-updates subcommand.
Enrolment
Next, we enrol our favourite finger:
$ fprintd-enroll
Swipe your finger on the sensors until it confirms enrolment.
Check that your finger is now recognized:
$ fprintd-verify
Applications setup
sudo
Add the following to /etc/pam.d/sudo:
auth sufficient pam_fprintd.so
You can now sudo with your fingerprint. Password fallback occurs after 3 failures.
blurlock/i3lock
Edit /etc/pam.d/i3lock to
auth sufficient pam_unix.so
auth sufficient pam_fprintd.so
If you use blurlock (which is just a wrapper around i3lock), remove the -e option (ignore empty password) in the invocation of i3lock.
The screen can be then unlocked with either:
- the password, or
- pressing
ENTERand touching the reader.
Entering an erroneous password will force using fingerprint authentication.
Note that the current version of i3lock has some quirks with PAM, see this issue.