Hi team,
I’d like to propose an improvement to the ChromiumOS/FydeOS biometric stack that would significantly expand hardware compatibility, especially for modern Dell, HP, Lenovo, and other enterprise‑class laptops.
This proposal focuses on adding libfprint‑tod to the base system image and distributing proprietary fingerprint plugins as modular, hardware‑specific add‑ons.
Why this is needed
FydeOS already includes libfprint, which works well for older or fully open‑source fingerprint sensors. However, many modern business‑class laptops use sensors that require:
- proprietary firmware
- proprietary matching algorithms
- secure enclave communication
Examples include Goodix TOD sensors, Synaptics TOD sensors, and Broadcom Secure Enclave‑based readers.
These devices cannot be supported by libfprint alone.
What libfprint‑tod provides
libfprint‑tod is an open‑source framework (a fork of libfprint) designed specifically to support modern fingerprint readers that rely on proprietary components.
The framework itself is open‑source and safe to ship in the main OS image. The plugins (drivers) are the parts that may be proprietary.
This separation is important.
Proposed architecture
1. Base System Image (read‑only)
Include:
- libfprint
- libfprint‑tod framework
- PAM integration
- ChromeOS/FydeOS biometric hooks
This keeps the OS clean, unified, and future‑proof.
2. Hardware‑Specific Biometric Add‑On Images
Delivered as DLC/OEM modules and only downloaded when needed.
Each module would contain:
- proprietary TOD plugin (Goodix/Synaptics/Broadcom/etc.)
- required firmware blobs
- device‑specific configuration
This avoids bloating the main OS image and respects licensing requirements.
Broadcom Secure Enclave firmware
A large number of enterprise laptops (Dell Precision/Latitude, HP EliteBook, Lenovo ThinkPad, etc.) use Broadcom Secure Enclave fingerprint readers.
To support these devices, FydeOS would need to obtain redistribution rights for Broadcom’s firmware and driver blobs. These could then be packaged as a Broadcom‑specific biometric add‑on module.
This would unlock biometric support on a huge portion of modern business‑class hardware.
Benefits
For FydeOS
- Much wider hardware compatibility
- Stronger enterprise and education appeal
- Cleaner separation between open and proprietary components
- No unnecessary image bloat
For users
- Fingerprint login on many more devices
- Legal and clean firmware distribution
- Better experience on Dell/HP/Lenovo laptops
For managed deployments
- Immutable base OS
- Optional, policy‑controlled biometric modules
- Compliance‑friendly firmware handling
Summary
- Add libfprint‑tod to the main system image
- Keep the base image clean and open‑source
- Package proprietary TOD plugins + firmware as modular add‑on images
- Only deliver these modules when matching hardware is detected
- Seek redistribution rights for Broadcom Secure Enclave firmware and driver
This approach aligns with ChromiumOS’s design philosophy and would greatly improve FydeOS’s hardware support, especially for enterprise‑class devices.
Happy to discuss further or help test if needed.