Thinkpad is an awesome line of laptops for Windows users. Despite the fact that Lenovo already joined Linux Vendor Firmware Service, many drivers for many Thinkpad laptops are lack of Linux support. This post is a painful guide to use fingerprint on Thinkpad T470 for Ubuntu 16.04 users (Gnome3).

Note: Before go through this post, check this link as Lenovo may upload drivers in the future. Also use lsusb to check your Sensor ID, only 138a:0097 and 138a:0090 are supported now.


  1. Install official driver from Lenovo on a Windows 10 64-bit Virtual Machine.
  2. Use Windows 10 Hello Fingerprint to store fingerprint data in Sensor Memory.
  3. Check out with prototype from to make sure Ubuntu can now detect Fingerprint Sensor.
  4. If ok, install (tested with Gnome 3) as:
  5. Register fingerprint (again) with fprint-enroll using the same one as Step 2.
  6. Add into PAM configuration files (/etc/pam.d/): login, su, sudo,…


  1. Install Lenovo official driver on a Windows 10 64-bit VM.

Download Windows 10 ISO from:

This guide using Virtual Box to create VM. Before creating VM, you have to check some requirements:

  • To share your fingerprint device with VM, you have to ensure VirtualBox extensions (required to support USB 2.0 & 3.0) installed.

Go to File > Preferences > Extensions to check if it was installed, if not check your Virtual Box version (Help > About Virtualbox), then download & install suitable extension version via:

  • Also, add your user to group vboxusers:

sudo usermod -a -G vboxusers your_username

Then now you can create VM with PAE & USB 3.0 enabled.

After setup VM, download & install Lenovo driver via:

Use Device Management to make sure driver installed.


2. Use Windows Hello Fingerprint to store your fingerprint data in sensor memory.

Open Start Menu, search for Sign-in Options, then click Windows Hello Fingerprint

After setup fingerprint data, you can now shutdown VM.


3. Check out with nmikhailov’s prototype:

Install requirement:

Clone prototype from:

Then, run prototype:

If everything ok, you will receive something like this:

Choose 1 and scan your registered fingerprint. If match, it will result like this:

If you get permission denied error, do


4. Create

  • 138a:0090:

  • 138a:0097:


5. Register fingerprint (again) with fprind using fprint-enroll


Remember using same finger as previous step.

Verify by fprintd-verify, example:


6. Edit PAM configuration files:

Note: backup original version before you make any changes.

  • /etc/pam.d/sudo, /etc/pam.d/su & /etc/pam.d/login: add the following line at top of each files

  • /etc/pam.d/common-auth:

Remember to enable Fingerprint Login in Account Setting.

Next time you start your laptop, you will have the screen like my first image.


Known problem:

  • Fingerprint still can not bypass gnome-keyring:

Issues at: Gnome-keyring is a “collection of components in GNOME that store secrets, passwords, keys, certificates and make them available to applications”. After successful login or su, you still have to enter gnome-keyring password to unlock some applications. Workaround is setting gnome-keyring as blank.

  • Sometime Gnome fails to display after successful authentication:

You will stuck at a blank screen after input your fingerprint. Don’t worry, just open another console using Alt+F1, Alt+F2,… (one of them). Then, login, install ubuntu-gnome-desktop (apt-get install ubuntu-gnome-desktop) again to install missing dependencies. Next time, you may login normally.



Many thanks for our MVPs:

Rate this post


Please enter your comment!
Please enter your name here