What external hardware allows a fingerprint to login/unlock a Mac?

I own a mid-2009 MBP with OS X Mavericks installed. I'm a hi-tech enthusiast who wants to use the fingerprint scanning feature made available by many scanners on the market to login into my account after boot and unlock the screen after the screensaver has started.

The scanner I'm willing to buy is a DigitalPersona U.are.U-5160 which is not only FIPS 201 PIV certified, but it's also designed to work in harsh environments and situations. See: http://www.fulcrumbiometrics.com/Digital-Persona-U-are-U-5160-p/101106.htm

Please note that I've already read this article on StackExchange (How can I enable fingerprint authentication on a Mac? What compatible scanners are available?) which talks about the same, but I've found nothing interesting in it.

In particularly, supposed that I've gotten all the Smart Card Services/CAC Libraries:

1. How do I switch from password login to fingerprint login?
2. Can I use fingerprint login with FileVault 2 too? (i.e. decrypting the HD using my fingerprint, with no passwords to type)

I think these features require dedicated API's or SDK's, and Apple stopped deploying them since it bought AuthenTec. Now, all fingerprint-scanning feature are officially unsupported by Apple except for the iPhone 5S.

I've read somewhere that LastPass does a very similar job indeed, and is used for the purposes I've listed.

How can I achieve this?

Solution 1:

I think this Mac OS Forge project might be your best bet – SmartCard Services.

My research leads me to believe Apple stopped putting 'official' efforts (documentation, etc.) after OS X 10.6.

Solution 2:

I don't think you can do what you're trying to do. Firstly, the Digital Persona fingerprint scanner you mentioned is compatible only with Windows, Linux and Android - not Mac OS X. And secondly, it is important to remember that when you boot up with a Filevault 2 encrypted laptop, the OS is not loaded. You have to provide your credentials - which causes FV2 to load the encryption key so the drive is readable. Then the OS loads and logs you in.

So any biometric authentication scheme that is Filevault 2 compatible would have to have software stored in EFI (BIOS) or one non-encrypted hidden partition - and I think that would require Apple to come up with a solution for that.

Solution 3:

After Yosemite, I don't think this will be possible with FireVault2. It could potentially work as a secondary verification but not on startup. As I understand, kexts loading is a prerequisite to non-native peripheral drivers loading.

Seems firmware passwords and FV2 would need to be disabled at least, and since Yosemite requires kext-signing as default unless it's disabled by eg. Trim Enabler. This has other issues associated. If you took this course (assuming it's possible with peripheral compatibility), it'd likely only work if login was disabled or as secondary verification.