Hi,
I have a couple of Ubuntu 24.04 LTS installation which are both on TPM FDE disks for compliance reasons. I’ve tried to upgrade to the current version but the system won’t let me as ‘Upgrades for desktop systems running TPM FDE are not currently supported. Please see Bug #2065229 “Upgrades to 24.04 LTS should be temporarily preven...” : Bugs : ubuntu-release-upgrader package : Ubuntu’ which I’ve done so I can see this is a conscious decision.
Can I ask what the expected plan is for the future of this please, and given this is intentionally stopped at the moment, will upgrades be allowed in the future or is TPM FDE a dead-end requiring a reinstallation for each new release whether intermediate or LTS?
Many thanks,
Scott…
Welcome to Ubuntu Discourse 
I have moved your post to Support and Help.
Please note the Project Discussion category is for conversations not technical support.
Thanks.
Hi Scott,
You’ve run into a safety brake Canonical put in place at the last minute:
Why it’s blocked
Early tests showed that the 22.04 - 24.04 upgrader could leave a disk in a half-migrated state if anything changed PCR values (Secure-Boot, dbx, firmware updates, etc.). That could make the new system un-bootable and lock users out of their data. Rather than risk data loss, the team set an explicit guard: if the root volume has a TPM2 token, do-release-upgrade aborts.
What happens next
Engineers are re-working the upgrade steps so the installer/upgrader can:
detect existing TPM2 tokens,
re-seal them to the new kernel/initramfs during the upgrade, and
roll back cleanly if anything goes wrong.
The target is to lift the block in a 24.04 point release (likely 24.04.2). The bug you mentioned (LP #2065229) will be closed and the safeguard removed once automated tests and a slice of real-world upgrades pass.
What to do in the meantime
Stay on 22.04 you still get security updates until 2027, so there’s no urgency.
If you must jump to 24.04 now, the only supported path is a fresh install and a restore from backup. (Or temporarily remove the TPM token, upgrade, then re-enrol it by hand—but that’s manual and unsupported.)
Keep an eye on the bug report or sudo do-release-upgrade -c. When the upgrader is fixed you’ll see “A new LTS release is available”.
So TPM-backed FDE is not a dead end; it just needs a more robust upgrade path. Waiting a few months is all that’s required no per-release reinstall will be needed after the fix lands.
Hope that clarifies things!
1 Like
Hi @thingizkhan ,
thank you for your response and although I’m already on 24.04 and looking to go forwards from that, I understand the issue and am just relieved that there will be a way forward without needing a rebuild.
I’m in no rush so let’s see where we are when 26.04 comes around.
Many thanks,
Scott…
1 Like
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.