Hello!!!
I am very happy; I receive today my new MacBook Pro with M1 Max processor.
I also purchased an external keyboard with a Touch ID sensor.
I cannot figure out how to set up the Touch ID from the external keyboard. Already it has my finger print configured in the Macbook but it does not work with the external keyboard. The keyboard is working perfectly for typing but not Touch ID.
FYI: M1 processors do not have the option to allow “External devices to wake up Macbook”. This only applies to Intel.
Can anyone give me an orientation on how to do it?
You need to add the fingerprint to the external keyboard still - I don’t believe it automatically copies the existing fingerprint data across from the laptop.
I spoke with Apple Support.
Touch ID works on external keyboard ONLY if they are not connected via bluetooth. As long as you have it connected with the lighting cable, it works. Not what I expected
Well that is interesting and explains why mine wasn’t working until I plugged it in. I had plugged it in to charge it, and did not link that with TouchID working again.
I am not really surprised about this limitation. If there is one thing Bluetooth doesn’t deliver, it is full-blown security. And a secure enclave in the M1 chip in combination with data input of raw fingerprint data via Bluetooth just does not sound right.
More an that:
NIST Special Publication 800-121 Revision 2
Guide to Bluetooth Security
Ummm, my Mac mini m1 is using an external apple keyboard that’s connected by Bluetooth, and the fingerprint security works fine.
Is it possible that you can only set up the keyboard fingerprints when the keyboard is connected to the MacBook by lightning cable, but you can use the scanner when it’s connected using Bluetooth?
I am in no way a security expert… So, I did the Duck.com - thing and found something that explains why it works wirelessly and securely:
And yes, it works wirelessly. But not out of the box if you buy the keyboard separately from the mac:
The Touch ID sensor in the Magic Keyboard with Touch ID must be securely paired to the Secure Enclave on the Mac before it can be used, and then the Secure Enclave performs the enrollment and matching operations and enforces security policies in the same way it would for a built-in Touch ID sensor. Apple performs the pairing process in the factory for a Magic Keyboard with Touch ID that is shipped with a Mac. Pairing can also be performed by the user if needed.
And:
Before a Magic Keyboard with Touch ID can be used for Touch ID operations, it needs to be securely paired to the Mac. To pair, the Secure Enclave on the Mac and the PKA block in the Magic Keyboard with Touch ID exchange public keys, rooted in the trusted Apple CA, and they use hardware-held attestation keys and ephemeral ECDH to securely attest to their identity. On the Mac, this data is protected by the Secure Enclave; on the Magic Keyboard with Touch ID, this data is protected by the PKA block. After secure pairing, all communication between the Mac and the Magic Keyboard with Touch ID is encrypted by AES-GCM, with ephemeral ECDH keys based on the stored identities.
Secure intent to pair
To perform some Touch ID operations for the first time, such as enrolling a new fingerprint, the user must physically confirm their intent to use a Magic Keyboard with Touch ID with the Mac. Physical intent is confirmed by pressing twice on the Mac power button when indicated by the user interface, or by successfully matching a fingerprint that had previously been enrolled with the Mac. For more information, see Secure intent and connections to the Secure Enclave.
So, Apple does a lot on top of Bluetooth to secure the communication. But that has to be set up by the user first, if keyboard and Mac are being bought separately from each other.
I have a macbook pro m1, also bought a magic keyboard with touchid. At first it is possible to make touchid work from an external keyboard, but after the keyboard shuts down after inactivity, touchid does not work again. You have to unlock it from the built-in keyboard.
To make touchid work (temporary), you need to clear all the fingerprints that were previously configured, then when you adding a new fingerprint, you need to press the TouchID/power button on the MBP twice, it will establish a connection with the protected enclave.
But the problem is that after inactivity - the external keyboard is not able to unlock the MBP by fingerprint.
Another feature. If the external keyboard is turned off by inactivity or by using the power button - and you need to enter a password to log in - then touch id from the external keyboard does not work. However, if you do not use the built-in keyboard’s touch id, but enter the account password to log in (I enter it from an external keyboard), then touch id will start working again until the external keyboard is turned off again.
but I’m not sure, sometimes you have to reconnect the external keyboard by wire to enable TouchID
