Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Conflict with TPM-backed Full Disk Encryption #236

Open
jbicha opened this issue Nov 29, 2023 · 2 comments
Open

Conflict with TPM-backed Full Disk Encryption #236

jbicha opened this issue Nov 29, 2023 · 2 comments
Labels
jira Sync to JIRA

Comments

@jbicha
Copy link
Member

jbicha commented Nov 29, 2023

See this report:
https://discourse.ubuntu.com/t/ubuntu-23-10-asking-for-tpm-recovery-key-on-every-boot-after-firmware-update/40656
@tim-hm tim-hm added the jira Sync to JIRA label Dec 6, 2023
@tim-hm
Copy link
Contributor

tim-hm commented Dec 6, 2023

Ideally our firmware-updater GUI would disable itself if TPM backed FDE is detected and firmware updates are not supported. But given the the firmware-updater is a strictly confined snap I'm unaware of a mechanism for it to tell if TPM backed FDE is in use. Additionally, fwdup is also on the system so a user can still attempt an update from the CLI.

I think a complete solution here is to support firmware updates with TPM-backed FDE and if there's a straightforward mechanism, then disable updates on tpm backed fde machines.

@superm1
Copy link

superm1 commented Dec 21, 2023

Related is this issue with deb fwupd: canonical/ubuntu-desktop-installer#2371 and this one with snap fwupd: fwupd/fwupd#6264

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
jira Sync to JIRA
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@superm1 @jbicha @tim-hm