Skip to content

Add touchid_system_config and touchid_user_config tables #110

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
robbiet480 wants to merge 10 commits into
base: main
Choose a base branch
from
Open

Add touchid_system_config and touchid_user_config tables #110

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
2d94be2
Add touchid_system_config and touchid_user_config tables
robbiet480 Jun 2, 2026
363aafa
touchid: address Copilot review feedback
robbiet480 Jun 2, 2026
9e5516b
touchid: fix unknown-vs-disabled semantics from scanner-error hardening
robbiet480 Jun 2, 2026
c385997
touchid: set each per-user flag column independently (NULL omission)
robbiet480 Jun 2, 2026
de1ce53
touchid: derive touchid_compatible from value; clarify uid bound comment
robbiet480 Jun 2, 2026
d67ba5d
Merge branch 'main' into add-touchid-tables
robbiet480 Jun 2, 2026
7b39760
Merge branch 'main' into add-touchid-tables
grahamgilbert Jun 3, 2026
50bf673
touchid: document that touchid_sensor_present is the authoritative no…
robbiet480 Jun 3, 2026
9f3cee0
touchid: return no touchid_user_config rows when no sensor is present
robbiet480 Jun 4, 2026
3bc2269
Merge branch 'main' into add-touchid-tables
robbiet480 Jun 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions BUILD.bazel
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ go_library(
"//tables/socpower",
"//tables/sofa",
"//tables/thermalthrottling",
"//tables/touchid",
"//tables/unifiedlog",
"//tables/wifi_network",
"@com_github_osquery_osquery_go//:osquery-go",
Expand Down
2 changes: 2 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ For production deployment, you should refer to the [osquery documentation](https
| `puppet_state` | State of every resource [Puppet](https://puppetlabs.com) is managing | Linux / macOS / Windows | |
| `sofa_security_release_info` | The information on the security release the device is running from [Sofa](https://sofa.macadmins.io) | macOS | Use the `url` constraint to specify a data source other than `https://sofafeed.macadmins.io/v1/macos_data_feed.json` . By default this table will return vulnerability data for the running operating system. For historical data, use the `os_version` predicate (e.g `select * from sofa_security_release_info where os_version="14.4.0";`) |
| `sofa_unpatched_cves` | The CVEs that are unpatched on the device from [Sofa](https://sofa.macadmins.io) | macOS | Use the `url` constraint to specify a data source other than `https://sofafeed.macadmins.io/v1/macos_data_feed.json`. By default this table will return all unpatched vulnerability data. For historical data, use the `os_version` predicate (e.g `select * from sofa_unpatched_cves where os_version="14.4.0";`) |
| `touchid_system_config` | Machine-wide Touch ID / Secure Enclave posture (`touchid_compatible`, `secure_enclave`, `touchid_enabled`, `touchid_unlock`) plus `touchid_builtin` (a built-in Touch ID sensor exists — laptops) and `touchid_sensor_present` (a usable sensor exists: built-in OR an attached Magic Keyboard with Touch ID). From `bioutil` and `ioreg`. | macOS | Apple Silicon only. `touchid_compatible`/`touchid_enabled` are `1` on every Apple Silicon Mac (the Secure Enclave is on-die), so use `touchid_sensor_present` to tell a Mac that can actually enroll a fingerprint from a keyboard-less Mac mini/Studio. The accessory half of `touchid_sensor_present` is a live signal — a disconnected Touch ID keyboard reads `0`. |
| `touchid_user_config` | Per-user Touch ID configuration and enrolled fingerprint count (`uid`, `fingerprints_registered`, `touchid_unlock`, `touchid_applepay`, `effective_unlock`, `effective_applepay`). From `bioutil`. | macOS | Apple Silicon only. Without a `WHERE uid =` constraint, returns a row per real local account. `fingerprints_registered` needs root (reads all users via `bioutil -c -s`); the config flags need the user logged in (`bioutil -r` via `launchctl asuser`) and are left empty (NULL) when unavailable rather than `0`. |
| `unified_log` | Results from macOS' Unified Log | macOS | Use the constraints `predicate` and `last` to limit the number of results you pull, or this will not be very performant at all. Use `level` with a value of `info` to include info level messages. Use `level` with a value of `debug` to include info and debug level messages. (`select * from unified_log where last="1h" and level="debug" and predicate='processImagePath contains "mdmclient"';`) |
| `wifi_network` | Table to get the current wifi network name since the Osquery `wifi_info` table no longer does this. Includes the rest of the working fields in `wifi_info`. | macOS | See [osquery issue #8220](https://github.com/osquery/osquery/issues/8220) |

Expand Down
2 changes: 1 addition & 1 deletion VERSION
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.4.1
1.5.0
3 changes: 3 additions & 0 deletions main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (
"github.com/macadmins/osquery-extension/tables/socpower"
"github.com/macadmins/osquery-extension/tables/sofa"
"github.com/macadmins/osquery-extension/tables/thermalthrottling"
"github.com/macadmins/osquery-extension/tables/touchid"
"github.com/macadmins/osquery-extension/tables/unifiedlog"
"github.com/macadmins/osquery-extension/tables/wifi_network"

Expand Down Expand Up @@ -127,6 +128,8 @@ func main() {
),
table.NewPlugin("macos_thermal_pressure", thermalthrottling.ThermalPressureColumns(), thermalthrottling.ThermalPressureGenerate),
table.NewPlugin("macos_soc_power", socpower.SocPowerColumns(), socpower.SocPowerGenerate),
table.NewPlugin("touchid_system_config", touchid.TouchIDSystemConfigColumns(), touchid.TouchIDSystemConfigGenerate),
table.NewPlugin("touchid_user_config", touchid.TouchIDUserConfigColumns(), touchid.TouchIDUserConfigGenerate),
}
plugins = append(plugins, darwinPlugins...)
}
Expand Down
24 changes: 24 additions & 0 deletions tables/touchid/BUILD.bazel
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")

go_library(
name = "touchid",
srcs = ["touchid.go"],
importpath = "github.com/macadmins/osquery-extension/tables/touchid",
visibility = ["//visibility:public"],
deps = [
"//pkg/utils",
"@com_github_micromdm_plist//:plist",
"@com_github_osquery_osquery_go//plugin/table",
],
)

go_test(
name = "touchid_test",
srcs = ["touchid_test.go"],
embed = [":touchid"],
deps = [
"//pkg/utils",
"@com_github_stretchr_testify//assert",
"@com_github_stretchr_testify//require",
],
)
Loading