Synaptics 06cb:00c9 fails to init on boot again
Description
In attempting to set up fingerprint authentication in GNOME, I was not seeing anything in the Users section of the GNOME Settings app. Enrolling a finger with fprint-enroll
/fprint-verify
works, and on reboot GDM prompts that I can swipe my finger. Doing so results in a failure, and after logging in with password the GNOME Settings app still shows nothing about fingerprint authentication. The journal showed an error 789, and searching the web I found #292 (closed). In it was mentioned that preboot authentication could be a factor, so I rebooted into UEFI and ensured that setting was off (it was). I also applied all firmware updates that were available via LVFS.
Potentially a continuation of #207 (closed) and #292 (closed), previously marked resolved.
System Information
- Machine: Thinkpad P1 Gen 3
- Distro: Arch Linux
- Desktop Environment: GNOME 41
uname -a
:
Linux sazabi 5.16.16-arch1-1 #1 SMP PREEMPT Mon, 21 Mar 2022 22:59:40 +0000 x86_64 GNU/Linux
lsusb
:
Bus 001 Device 005: ID 06cb:00bd Synaptics, Inc. Prometheus MIS Touch Fingerprint Reader
pacman -Qi fprintd
:
Name : fprintd
Version : 1.94.2-1
Description : D-Bus service to access fingerprint readers
Architecture : x86_64
URL : https://fprint.freedesktop.org/
Licenses : GPL
Groups : fprint
Provides : None
Depends On : glib2 libfprint polkit dbus dbus-glib systemd libfprint-2.so=2-64
Optional Deps : None
Required By : None
Optional For : gdm
Conflicts With : None
Replaces : None
Installed Size : 866.77 KiB
Packager : Jan Alexander Steffens (heftig)
Build Date : Sat 26 Feb 2022 10:09:28 AM EST
Install Date : Wed 23 Mar 2022 03:12:52 PM EDT
Install Reason : Explicitly installed
Install Script : No
Validated By : Signature
systemctl cat fprintd.service
# /usr/lib/systemd/system/fprintd.service
[Unit]
Description=Fingerprint Authentication Daemon
Documentation=man:fprintd(1)
[Service]
Type=dbus
BusName=net.reactivated.Fprint
ExecStart=/usr/lib/fprintd
Filesystem lockdown
ProtectSystem=strict
ProtectKernelTunables=true
ProtectKernelLogs=true
ProtectControlGroups=true
This always corresponds to /var/lib/fprint
StateDirectory=fprint
StateDirectoryMode=0700
ProtectHome=true
PrivateTmp=true
SystemCallFilter=@system-service
Network
RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK
Execute Mappings
MemoryDenyWriteExecute=true
Modules
ProtectKernelModules=true
Real-time
RestrictRealtime=true
Privilege escalation
NoNewPrivileges=true
Protect clock, allow USB and SPI device access
ProtectClock=yes
DeviceAllow=char-usb_device rw
DeviceAllow=char-spi rw
DeviceAllow=char-hidraw rw
Allow tuning USB parameters (wakeup and persist)
ReadWritePaths=/sys/devices
/etc/systemd/system/fprintd.service.d/override.conf
[Service]
Environment=G_MESSAGES_DEBUG=all
fwupdmgr get-devices
├─Prometheus:
│ │ Device ID: d432baa2162a32c1554ef24bd8281953b9d07c11
│ │ Summary: Fingerprint reader
│ │ Current version: 10.01.3478575
│ │ Vendor: Synaptics (USB:0x06CB)
│ │ Install Duration: 2 seconds
│ │ GUIDs: 09e8bf16-3e69-50f5-bb66-c7a040248352
│ │ 8088f861-6318-5b1e-9ce4-fbddbedb09ac
│ │ Device Flags: • Updatable
│ │ • Supported on remote server
│ │ • Cryptographic hash verification is available
│ │ • Signed Payload
│ │
│ └─Prometheus IOTA Config:
│ Device ID: 8dcffb5d059857368caa2b7b22371ebd831b0c0c
│ Summary: Fingerprint reader config
│ Current version: 0031
│ Minimum Version: 0031
│ Vendor: Synaptics (USB:0x06CB)
│ GUIDs: 7c5a1e62-38fa-5859-9337-09dbac6377e4
│ 8177bb07-fa98-5bdb-a55d-bdc0fa95535b
│ Device Flags: • Updatable
│ • Supported on remote server
│ • Only version upgrades are allowed
│ • Signed Payload
Debug Output
This attached log file was captured on a reboot after all steps described above were applied (firmware updates, verifying preboot authentication off, etc). Flow was GDM -> attempt finger swipe -> receive error -> attempt again -> no feedback -> regular password
Potential Complicating Factors
My user account was created with systemd-homed, as a btrfs subvolume with no separate encryption. I understand systemd-homed has separate support for authentication methods like FIDO. It's possible GNOME doesn't understand how to run fprint when the user is managed with systemd-homed. I haven't been able to find anything about it via search however, as it appears this usage is still quite niche.