Skip to content

fix: restore lock screen U2F/fingerprint auth to working state#2052

Merged
Purian23 merged 2 commits intoAvengeMedia:masterfrom
xPathin:fix/u2f-lockscreen-regression
Mar 22, 2026
Merged

fix: restore lock screen U2F/fingerprint auth to working state#2052
Purian23 merged 2 commits intoAvengeMedia:masterfrom
xPathin:fix/u2f-lockscreen-regression

Conversation

@xPathin
Copy link
Copy Markdown
Contributor

@xPathin xPathin commented Mar 22, 2026
edited
Loading

Summary

  • Reverts breaking changes to Pam.qml introduced between 185284d4 and e86227f0 that broke FIDO2/U2F security key support on the lock screen
  • Restores Process-based availability detection for fingerprint and U2F
  • Restores correct PAM config fallback (removes /etc/pam.d/login watcher that overrides bundled U2F config)
  • Restores proper U2F message handling (message.toLowerCase().includes("touch") instead of message !== "")

Fixes #2050

Test plan

  • Enable U2F in Settings > Lock Screen
  • Test OR mode: lock screen, verify YubiKey activates and "Insert/Touch your security key" prompts appear
  • Test AND mode: lock screen, authenticate with password, verify YubiKey second factor prompt appears
  • Test fingerprint auth still works if enrolled

@Purian23
Copy link
Copy Markdown
Collaborator

Purian23 commented Mar 22, 2026

Hi there, thanks for looking into it. We'll do the same on our end as the changes that fixed yours previously, broke others which led to what we hoped would be general updates to work for everyone.

@Purian23
fix(pam): Keep SettingsData as single source of truth for auth availa…
cd6f6f4 
…bility

- Restores SettingsData for fingerprint/U2F, keeping lock screen and New Greeter Settings UI in sync
@Purian23
Copy link
Copy Markdown
Collaborator

Purian23 commented Mar 22, 2026

Hey @xPathin give the updated commit a try. Some of the settings you reverted are not on the Stable branch of DMS v1.4.4, but are in the Master branch. We have a brand New Greeter UI for settings that I want to keep in sync with the LockScreen. Otherwise I think what you updated along with the changes in place should resolve both issues.

@xPathin
Copy link
Copy Markdown
Contributor Author

xPathin commented Mar 22, 2026

Hey @xPathin give the updated commit a try. Some of the settings you reverted are not on the Stable branch of DMS v1.4.4, but are in the Master branch. We have a brand New Greeter UI for settings that I want to keep in sync with the LockScreen. Otherwise I think what you updated along with the changes in place should resolve both issues.

Thank you, all working for me!
LGTM

@Purian23 Purian23 merged commit e7ffa23 into AvengeMedia:master Mar 22, 2026
1 check passed
@xPathin xPathin deleted the fix/u2f-lockscreen-regression branch March 22, 2026 23:28
@Purian23 Purian23 mentioned this pull request Mar 22, 2026
Open
Purian23 added a commit that referenced this pull request Mar 26, 2026
@xPathin @Purian23
fix: restore lock screen U2F/fingerprint auth to working state (#2052)
8180e30 
* fix: restore lock screen U2F/fingerprint auth to working state

* fix(pam): Keep SettingsData as single source of truth for auth availability
- Restores SettingsData for fingerprint/U2F, keeping lock screen and New Greeter Settings UI in sync

---------

Co-authored-by: purian23 <purian23@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Regression: Lock screen FIDO2/U2F security key support broken after PAM auth refactor

2 participants

@xPathin @Purian23