42 comments

[ 2.6 ms ] story [ 92.0 ms ] thread
(comment deleted)
I assume these packages/libs have been pulled from a laptop shipped by Dell?

At a superficial glance, it looks like it's based on libfprint, which is LGPL licensed. I wonder if you'd be able to ask Dell for the sources?

https://github.com/tcsenpai/goodix-debian-linux-drivers-fing...

https://gitlab.freedesktop.org/libfprint/libfprint/-/blob/ma...

How does copyleft license work in this case? Aren't they legally required to open-source their sources and publish it publicly or can they hide that behind a request system?
Unlike the full GPL, the LGPL doesn't require applications of the library be licensed under the same. It would apply only to improvements to the library itself.
If you ship the library, the requirements for the library itself are very similar to the GPL.

The difference you describe mostly applies to system libraries (those libraries that are not distributed alongside applications).

IMHO a request system is sufficient. Remember GPL comes from a time where Internet was not granted and magazines with floppy disks were a thing.
No, the main requirement is that they link to libfprint dynamically or provide object files such that effectively you can replace libfprint with a different version of libfprint of your choosing, but there's no requirement to open source the work that makes use of libfprint.
Goodix fingerprint is used in Framework Laptop. This might come from that corner.
The fingerprint sensors in the Framework laptops already have open source drivers. This is for the sensors used in some older but still recent laptops from other manufacturers. I have a Dell XPS 13 from 2018 with an unsupported Goodix fingerprint sensor; I expect this would work with that.
Yes exactly it’s also the driver for my 2018 Dell XPS 15 and I think it was the last one missing for full linux support.
Actually, I have a Lenovo IdeaPad3 Slim and I had no idea of the Framework thing. Might be worth looking deeper for more devices support!
Some packages were collected from a very painful night of research and gathering, with a good amount of filtering out for bad / incompatible modules.

I don't even remember how I managed to find an obscure reddit post ( I think) with the other ones.

I packaged the .deb manually ( If i recall correctly ) and mashed up a bunch of methods until things finally worked in a stable way.

Unfortunately nobody ever replied me about the sources (no support whatsoever tbh). I own a Lenovo IdeaPad3 Slim which has one of the goodix fingerprint sensors and that's why I began this quest indeed

Thanks for the effort.
Ah too bad, mine (27c6:55b4) isn't supported...
Unless you already did, you could try loading the module manually and see what happens. Then do a pull request to the archive to add your device to the udev rule if it works.
Hmm, isnt there some upstream support for goodix fingerprint readers in linux?
Not all of them. There are a few Goodix chipsets with no open source drivers.
Unfortunately, not for the models I listed (according to https://linux-hardware.org). Would be way better, I agree. This is just sharing a night of painful research :)
Only (MOC) Match-On-Chip devices are supported. Other ones will match on host and need a different driver.
Unfortunately in the US, the police can coerce you into unlocking your electronic devices using biometric authentication methods. So I could care less if there is a fingerprint reader on my laptop.
Use someone else's finger. Only an amateur uses their own!
Where do you keep someone else's finger?
On their hands. If you need more than ten, just get another person. This scheme scales linearly.
lookup resin finger on youtube (tbh on invidious) and hack the world
I have also seen a recent case where they forced someone to give up their password. So I'm not sure you are safe either way.
Riley v. California says police need to get a warrant to search a cellphone. The 9th Circuit ruled that forcing a subject to unlock a cellphone using biometrics authorized under a general search condition of his parole wasn't a 5th Amendment violation.

A police officer on the side of the road can't compel someone to unlock their phone to perform a warrantless search.

They can compel you by throwing you in jail until you do. Ask me how I know.
I've been watching a ton of youtube bodycam videos on bad police arrests so...

That being said, they can't legally do this.

Well is still way faster than typing a reasonable secure password but I mean, if someone cares these are the drivers lol
This means nothing. A password is protected under the constitution until it isn't. As laws like the Patriot Act show, the bill of rights is just a suggestion.

If what you might have on your laptop is incriminating enough, they'll force you to give up your password, or just hold you in jail until you do.

> or just hold you in jail until you do.

Which may be your preference, and an option you wouldn't have with biometrics. What if you only need to hold out for a month, a week, or just a day?

If you're not running Debian/something Debian-based, do you just dump the .so files in the listed directories and hope for the best? Or is there something more you should do to get these to work on, say, Fedora?

The fingerprint reader on my Dell XPS 13 9370 is the only thing Linux never supported because Goodix.

Can someone do a clean room reverse engineering effort from these ?