Device Information:

• Framework Laptop 13 (AMD Ryzen™ 7040 Series)
• Framework Laptop 16 (AMD Ryzen™ 7040 Series)

BIOS VERSION:

03.05/03.03

Standalone Operation:

• No

Description:

It would be a really nice feature to have, especially for businesses, for the ability to require a fingerprint on boot and/or access bios/admin/secure boot/boot selection menus. Lenovos implementation of this has been very good.

Expected behavior:

• Register some fingerprints from within your OS of chose, windows/linux.
• Reboot into bios and enable biometric requirement for boot and/or bios
  • if not already set, have the user create a strong boot and/or admin password
• Reboot and now directly after the framework boot logo it displays a screen that prompts for biometric auth
  • Should have an option to cancel/skip to password prompt
  • The very first time a fingerprint is successfully used, it should password prompt as well
  • Should allow 3-5 fingerprint read attempts before falling back to password prompt
    • Rebooting should allow more fingerprint attempts. Not sure what the max number of attempt should be before requiring a password prompt. So far I've never hit lenovos limit even after multiple restarts 🤷
  • When the fingerprint reader is not available for whatever reason fallback to password prompt
    • Maybe display a notice about it in the bios
    • When turning on standalone mode I imagine the bios should warn you about turning off biometrics?

Bonus Points:

• Seemless login
  • After successfully entering a fingerprint at boot, the fingerprint get carried into the OS environment and used to auth into the users session "seemlessly".
    • aka the user never sees the login screen
    • based on which fingerprint is used, it knows which OS user to login to
      • in windows this seems to be accomplished by tying into windows-hello
    • This is another thing that lenovo does already.
  • Usually requires some kind of driver/app installed within the OS to work
• Fingerprint registration and management from within the bios
  • List existing fingerprints
  • Allow fingerprints to be named/renamed
  • Allow new fingerprints to be registered
    • Promt user to name the new fingerprint
    • If a fingerprint being registered already exist display a notice with a shortcut to manage(rename/delete) that preexisting fingerprint.
  • Allow the deletion of fingerprints
  • Any changes to fingerprint settings also requires a password prompt?

Operating System:

• Windows 11 Pro
• Arch Linux KDE