GADGETS
Immurok Brings a Wireless Fingerprint Key to Mac and Linux Desktops
Immurok is a small open-source wireless fingerprint key for Mac and Linux that handles screen unlock, sudo, SSH signing, and AI-agent gating over Bluetooth LE.
Superdog wanted fingerprint login on a Mac mini, and there was no clean way to get it. The maker’s fix arrived in the form of immurok, a keychain-sized wireless fingerprint key that handles screen unlock, sudo, and SSH signing on macOS and Linux desktops. A third-party news write-up on the device release captured the design intent in plain language: it is meant to keep you from stopping to type a long password every time sudo or SSH interrupts the flow. The project also illustrates how deep the gap has gone, with Apple’s biometric story welded to its own silicon and keyboards, and Linux’s fprintd supporting only a thin sliver of readers.
The maker, posting under the name superdog, lays out the pain in unusually blunt language on the project’s own page. Mac mini and Mac Studio ship with no fingerprint reader. Apple’s only first-party answer is a $199 Magic Keyboard with Touch ID, and even that path breaks when you plug in a mechanical keyboard or close the lid of a MacBook driving an external display. Linux desktops can do fingerprint login through fprintd, but the hardware support list is thin, setup is fiddly, and external-reader support is uneven. immurok is the maker’s attempt to fill in the leftover cases with one small device that handles all three. The Kickstarter campaign lands in August 2026.
What Immurok Is and Why It Exists
The official site opens with a one-line pitch: “One touch. Unlocked.” The device is a keychain-sized piece of aluminum, roughly 44 by 44 by 14.2 millimeters and about 40 grams, with a capacitive fingerprint sensor on the front, a USB-C port for charging, and a single physical button.
Enroll a fingerprint on the device itself, since templates live and match on the sensor. From then on, a tap sends a signed challenge over BLE, and the host verifies it before unlocking the screen, approving a sudo prompt, or signing an SSH request. There is no typing of stored passwords, no keyboard input on the user’s side, and no Internet round-trip. The macOS-side menu bar app provides status and enrollment, and the Linux-side CLI/TUI app does the same on the terminal.
superdog has posted a waitlist page on the device’s own site with hardware specifications, screenshots of the macOS menu bar app, and a list of supported Linux distributions. The Kickstarter campaign is set to launch in August 2026, and the product page says the first pilot batch of 50 units is already built and tested.
Pricing has not been released yet, and the early-bird number will be revealed when the campaign goes live. The waitlist edition ships with a CNC aluminum body in a Silver Edition finish. Past that, the design is documented openly. Schematics, board files, and firmware are all on GitHub under a Business Source License, with the conversion to Apache 2.0 timed for March 2030.

Built Around a RISC-V MCU and a Capacitive Sensor
Two silicon parts do most of the work. The microcontroller is a WCH CH592F, a 32-bit RISC-V chip running up to 60 MHz with 448 KB of flash and a Bluetooth 5.4 radio. It is paired with an R559S capacitive fingerprint sensor with 508 DPI resolution, a 208 by 80 pixel capture area, a sub-500 millisecond match time, and room for up to five enrolled fingerprints. A 110 mAh lithium-polymer cell sits behind an ME4054BM5G single-cell charger, charged through the same USB-C port used for data. The maker’s full project documentation and logs include the bill of materials, board revisions, and firmware source.
The BLE 5.4 radio carries a Bluetooth SIG Qualified listing under QDID 179771 (Receipt R078979). FCC certification is listed as in progress on the project page. SIG qualification means the design passed Bluetooth’s interoperability tests, and the FCC step is what gates actual retail sale in the United States.
The bill of materials on the project page goes well beyond the headline parts. It lists a TPNCP114ASN330T1G 300 mA LDO with an enable pin, and an XC6206P332MR-MS linear regulator for the sensor rails. Every component pulls weight on standby current, the single hardest constraint the maker highlights in the design. Standby is targeted at about 40 microamps to make a month of desk time plausible on the small cell.
| Component | Spec |
|---|---|
| MCU | WCH CH592F, RISC-V @ 60 MHz max, BLE 5.4, 448 KB flash |
| Sensor | R559S capacitive, 508 DPI, 208 × 80 px, sub-500 ms match, up to 5 enrolled fingerprints |
| Power | LiPo 110 mAh, USB-C charging, ~1 month active, ~3 months standby |
| Idle current | ~40 µA |
| Radio | Bluetooth SIG Qualified (QDID 179771), FCC certification in progress |
| Form factor | 44 × 44 × 14.2 mm, ~40 g |
| Recognition time | Less than 500 ms |
| Encryption | ECDH P-256 pairing, HMAC-SHA256 challenge-response |
| License | BSL 1.1, auto-converting to Apache 2.0 in March 2030 |
How the Device Speaks to macOS and Linux
The Bluetooth connection has two layers. The visible one is a standard BLE Human Interface Device profile. That is what makes the operating system keep the keychain paired and waiting, and what lets it type out the user’s stored password to defeat the lock screen. The hidden layer is a custom GATT service that carries the actual authentication traffic separately from any HID keystroke.
Pairing runs an ECDH P-256 key exchange between the device and the host, taking under two seconds on the MCU using the micro-ecc library. Every subsequent touch fires an HMAC-SHA256 signed notification as a fresh challenge-response, so nothing on the wire can be replayed or spoofed.
What actually crosses Bluetooth is a signed “this fingerprint matched” notification, signed OTA payloads, and HID keystrokes for the lock-screen path. The fingerprint template itself stays on the sensor.
The OTA firmware update path is signed with AES-128 plus HMAC, and the bootloader rejects unsigned images entirely. The signing keys live on the device, not on the host. The pairing flow keeps every paired host tied to a unique session key, so revoking access on one machine does not affect the rest.
Eight Boards and a Forty-Microamp Standby
The current design is the sixth electronics revision and the eighth board layout. Two decisions drove most of the rework. The first was switching microcontrollers after an honest battery-power verdict.
The maker’s first prototypes used the ESP32-S3 and ESP32-C3, both friendly chips with documented toolchains. Their static draw landed above 200 µA before any application firmware was written. Switching to the CH592F tightened idle current to roughly 40 µA. The change gave up convenience in tighter RAM, less polished tooling, a more obscure SDK. The standby number fell to a fifth of the previous choice, though, and unlocked the rest of the design.
The second rework was the sensor. The first working path used a ZW3021-class module that worked for enrollment and matching. The problem was decorative, since that class of module ships with built-in blue and green LED rings meant for access-control panels, and the lighting costs power and looks out of place on a desk. An interim “ping-pong paddle” form factor was rejected when the vendor could not support the production volume. The design landed on the R559S for two reasons, no built-in light and on-module matching. There is also a quirk worth knowing. After every power cycle, firmware must re-send a setup command to re-enable the touch interrupt, or the device will not wake on a finger. The maker treats that command as part of the power-on sequence rather than a feature toggle.
Authentication for sudo, SSH, and Agent Subprocesses
The single tap that approves a sudo prompt is the headline feature, but the device does more than that. The maker’s project page lines it up as a sequence of in-house capabilities rather than a list of third-party integrations.
- Screen unlock: touch the sensor to unlock macOS and Linux login, including scenarios where Touch ID is unavailable.
- sudo and PAM: the Linux side uses a CLI/TUI app plus PAM integration, replacing the typed password for privilege escalation; the macOS side runs a Swift menu bar app for admin prompts.
- Hardware SSH agent: ECDSA P-256 keys are generated and stored on the device, and the private key never touches the host’s disk.
- AI-agent gating: wrapping an agent subprocess in
imk run --agent --requires a fingerprint to authorize any sudo, SSH signing, or secret read for that session, and a rejection terminates the subprocess. - Encrypted vault: SSH keys, TOTP seeds, and API tokens are addressed as
imk://ssh/...,imk://otp/..., andimk://api/..., and only released under a live fingerprint. - Tamper self-wipe: opening the case trips a switch that wipes pairing keys and templates, and every paired machine is instantly revoked.
The AI-agent gating feature is the most novel of the lot. The host app displays the verbatim command the agent wants to run, with no paraphrase or summary, and waits for the touch before letting it proceed. Secrets are injected only into the child process, so they never enter the agent’s transcript. Walking away from the desk freezes the agent in place until someone returns.
The macOS and Linux paths overlap, with one important difference. On Linux, sudo and system authentication go through PAM, the pluggable authentication module underneath every real Linux login. On macOS, admin prompts use the menu bar app, and a separate helper covers the lock screen since the operating system does not give third parties a hook into the Secure Enclave or Touch ID itself.
Privacy by Design and What an Open Case Does
The privacy stance is the one part of the design that the maker repeats in three different places on the project page. Templates stay on the sensor. The device never transmits a fingerprint, only the result of a local match.
The fingerprint template never leaves the sensor, and the R559S matches offline, on-chip. Nothing biometric ever reaches the computer, let alone the cloud.
A tamper switch on the case senses when the enclosure is opened, and erases pairing data and stored templates on the next power-up. An attacker who takes the device apart cannot read out fingerprints or replay the pairing. Encryption is layered rather than blunted. Pairing runs ECDH P-256, and authentication events run HMAC-SHA256 challenge-response.
Two pieces of the security story remain unfinished. FCC certification listed on the project page is in progress, which is normal for a hardware project yet to ship, but it does mean buyers in the United States should wait for the certification number before assuming regulatory clearance. Bluetooth SIG qualification has already passed under QDID 179771. The BSL 1.1 license, with its reserved commercial right, means the project is source-available rather than copyleft in the GNU sense, with a competing hardware vendor unable to resell the firmware until the Apache conversion date in March 2030.
Where the Project Stands Ahead of the Kickstarter
A few numbers tell the timing story cleanly.
- August 2026: the Kickstarter launch window posted on the device’s own site.
- 50: the size of the first pilot batch listed as built and tested.
- ~40 µA: the standby current the design was built around.
- Sub-500 ms: the fingerprint match time on the R559S sensor.
- Five: the maximum number of fingerprints the sensor stores.
The hardware is at PCB revision six, and firmware 1.6.0 ships with the signed OTA update path described above. Pricing has not been disclosed publicly yet, and the waitlist page says the early-bird price will be revealed when the campaign goes live.
The waitlist edition ships with a CNC aluminum body in a Silver Edition finish. What is settled is the design, the security model, and the licensing terms. What is still open is the retail price, the exact shipping window, and whether the FCC certification lands in time for retail customers to receive a fully certified unit. The Kickstarter month will tell whether the developer community agrees that this particular sandbox was worth building.
Frequently Asked Questions
When does the immurok Kickstarter launch?
The product’s own site posts August 2026 as the Kickstarter launch window, with waitlist members receiving the early-bird link before the campaign goes public.
How does immurok compare with Apple’s Touch ID?
Touch ID lives inside Apple’s Secure Enclave and is only available on Apple laptops and on the $199 Magic Keyboard with Touch ID. immurok is a separate device, and sudo and admin prompts go through PAM, the real pluggable authentication module underneath Linux and the macOS admin stack. macOS screen unlock uses a separately documented helper since the operating system does not give third parties a hook into Touch ID itself. The two are not interchangeable, and the maker is explicit about that on the project page.
Does immurok send fingerprint data over Bluetooth?
No. Templates are stored and matched on the R559S sensor itself. What crosses Bluetooth is a signed “this fingerprint matched” notification, signed firmware payloads, and the HID keystrokes used for the lock-screen path. The fingerprint template never reaches the host computer, the network, or any cloud.
What happens if the device is lost or stolen?
Fingerprint templates cannot be read off the device in any documented way. Opening the case trips a tamper switch that wipes the pairing keys and templates, and any already-paired machine can be unpaired from the host app. A finder who reopens the box ends up holding a device with no enrolled fingerprints and no way to pair it without first being invited by an existing host.
Is the design actually open source?
The schematics, PCB Gerbers, the C firmware, the macOS menu bar app written in Swift, and the Linux daemon written in Rust are all posted on GitHub under the Business Source License 1.1, with an automatic conversion to Apache 2.0 in March 2030. The only reserved right until conversion is selling competing hardware using the code.
-
NEWS4 weeks agoGoogle Search Profiles Build a Follow Graph Inside Discover
-
GAMING3 weeks agoMicrosoft Xbox Layoffs Start in July as Sharma Slams 3% Margin
-
AI2 weeks agoGoogle DeepMind and A24 Sign $75 Million AI Partnership Deal
-
APPS3 weeks agoDGO App Brings Rs 549 Mobile Pass for FIFA World Cup 2026 in Nepal
-
AI1 week agoAnthropic Tells Senators Alibaba Ran the Largest Claude Distillation Attack
-
AI2 weeks agoOracle Cuts 21,000 Jobs in a Year, Cites AI in 10-K Filing
-
NEWS2 months agoApple Strikes Preliminary Deal For Intel To Make iPhone And Mac Chips
-
CRYPTO2 months agoAndreessen Horowitz Bets $2.2B on Crypto’s Quiet Cycle
