TPM-backed Full Disk Encryption is coming to Ubuntu - Discussion

New question. Is the recovery key supposed to act like a normal LUKS passphrase? I have entered the recovery key manually when prompted at startup and it works fine.

But if I boot into a live session and attempt to open the LUKS encrypted volume, the recovery key is rejected.

How are we supposed to get our data back if the boot process fails?

On certified devices that ship with Ubuntu these features are usually turned off by default, RAID is a more general issue, but when Absolute is on it affects the boot process which can modify the expected hashes and cause the signatures to be rejected. It’s partly a feature in that we cannot accommodate external impacts on the boot process across devices, but partly a bug in that we need to provide better user feedback to detect whether these features are on and message that they need to be turned off. We’re also investigating if we can do something to switch some of these off automatically when enabling TPM-backed encryption.

With regards your other question, attempting to access data via an external device (in this case the live session) is an example of the attack vector this feature is designed to address. :slight_smile: however there is some tooling that could support a recovery flow through this route we are exploring.

Are there any plans to add FIDO2 to the installer?

We’re keen to support FIDO2 use-cases more in Ubuntu (example), this is something we will definitely consider for a future cycle.

1 Like

All great info. Thanks for explaining.

Overall I’m really excited to try this out in production. Hopefully will be in a stable state for 24.04 LTS
I can see this being the tipping point for a lot of developers at our company switching the Ubuntu for their daily driver.

1 Like

This thread was closed but I though it raised a valid question: Ubuntu 23.10 asking for TPM recovery key on every boot after firmware update

If the auto-unlock fails, how do you restore that functionality? We solved this by simply refreshing the pc-kernel snap, but is there an easier way to achieve this?

I’m having a similar issue here with the Intel MIPI camera in my thinkpad x1c11, the IPU6 modules aren’t part of the normal kernel package. I’m curious what the approach that y’all are looking at here, it strikes me that being able to install modules as snaps would be ideal, but I can imagine that’s probably not trivial functionality.

Is anyone with TPM-FDE experiencing their device restart when trying to wake from suspend?
It doesn’t happen every time though

There are no logs after the device suspends. It just performs a fresh boot as though it was shutdown instead.

Jan 09 16:24:10 ubu-n-b5c04f594433 systemd[1]: Reached target sleep.target - Sleep.
Jan 09 16:24:11 ubu-n-b5c04f594433 systemd[1]: Starting systemd-suspend.service - System Suspend...
Jan 09 16:24:11 ubu-n-b5c04f594433 systemd-sleep[377987]: Entering sleep state 'suspend'...
Jan 09 16:24:11 ubu-n-b5c04f594433 kernel: PM: suspend entry (s2idle)

Jan 10 08:20:10 localhost kernel: microcode: updated early: 0xa4 -> 0xac, date = 2023-02-27
Jan 10 08:20:10 localhost kernel: Linux version 6.5.0-14-generic (buildd@lcy02-amd64-031) (x86_64-linux-gnu-gcc-13 (Ubuntu 13.2.0-4ubuntu3) >
Jan 10 08:20:10 localhost kernel: Command line: snapd_recovery_mode=run console=ttyS0,115200n8 console=tty1 panic=-1 quiet splash

As far as I remember the test device I’m using (Latitude 7420) didn’t have this issue before. I will test a newer kernel image and see if that has an effect.

@local-optimum with 24.04 coming out, can you let us know if there have been any updates on kernel module support?

Howdy :slight_smile: there has been significant progress in the architecture and implementation of support for kernel modules and third party drivers, however at launch they will not be supported. Our plan however is to have these foundational elements in the image so we can expand HW compatibility within the lifecycle of 24.04. Our first priority will be to land NVIDIA driver support which is one of the most complex use-cases.

2 Likes

Thanks! Since it looks like its gonna be at least 6.10 until the IPU6 patches make it into the upstream kernel, I’ll continue to watch this with interest.

On a unrelated note, is anyone else having issues updating firmware? I get “User has configured their system in a broken way” from firmware-updater (which seems a bit judgey to me ;)) and
“Secure boot is enabled, but shim isn’t installed to EFI/ubuntu/shimx64.efi” if I try to run fwupdmgr.

1 Like

I’ve seen the same issue with TPM FDE builds. There’s an open bug report for this: Conflict with TPM-backed Full Disk Encryption · Issue #236 · canonical/firmware-updater · GitHub

Okay. Glad to know its not just me. It looks like its possible to disable secureboot, boot a live image, and queue the updates there, followed by rebooting and letting them install, followed by turning secure boot back on works.

What is the status on this? I just downloaded the 24.04.0 Desktop ISO and wanted to check out this feature after is has been announced for a while. The new installer looks great, but the TPM backed option was always in disabled state.

What I checked an tried:

  • Made sure that TPM Security Chip is enabled
  • Started the Ubuntu ISO from Ventoy
  • Used Rufus to create Bootable Media
  • Used Fedora Media Writer to create Bootable Media
  • Cleared TPM through UEFI settings and with this command:
    echo 5 | sudo tee /sys/class/tpm/tpm0/ppi/request
    
  • Rebooted several times in the process and confirmed, that I do want to clear the TPM.

I checked the Arch Wiki and it said I should check with the following command and provide its output:

ubuntu@ubuntu:~$ journalctl -k --grep=tpm --no-pager 
Apr 25 18:48:31 ubuntu kernel: efi: ACPI=0xcc3fd000 ACPI 2.0=0xcc3fd014 TPMFinalLog=0xcc22d000 SMBIOS=0xbf71c000 SMBIOS 3.0=0xbf70f000 MEMATTR=0xb9ce3018 ESRT=0xbe468000 MOKvar=0xbf74c000 INITRD=0xa47dbb98 RNG=0xcc3fc018 TPMEventLog=0xa28a4018 
Apr 25 18:48:31 ubuntu kernel: ACPI: SSDT 0x00000000BF6EE000 000632 (v02 LENOVO Tpm2Tabl 00001000 INTL 20180313)
Apr 25 18:48:31 ubuntu kernel: ACPI: TPM2 0x00000000BF6ED000 000034 (v03 LENOVO TP-R1B   000013A0 PTEC 00000002)
Apr 25 18:48:31 ubuntu kernel: ACPI: Reserving TPM2 table memory at [mem 0xbf6ed000-0xbf6ed033]
Apr 25 18:48:31 ubuntu kernel: tpm_tis STM0125:00: 2.0 TPM (device-id 0x0, rev-id 78)
Apr 25 18:48:31 ubuntu systemd[1]: systemd 255.4-1ubuntu8 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
Apr 25 18:48:31 ubuntu systemd[1]: systemd-pcrextend.socket - TPM2 PCR Extension (Varlink) was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
Apr 25 18:48:31 ubuntu systemd[1]: systemd-pcrmachine.service - TPM2 PCR Machine ID Measurement was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
Apr 25 18:48:31 ubuntu systemd[1]: systemd-tpm2-setup-early.service - TPM2 SRK Setup (Early) was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
Apr 25 18:48:31 ubuntu systemd[1]: systemd-tpm2-setup.service - TPM2 SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).

My device is a Thinkpad P14s Gen 1 with an AMD processor.

Edit: looks like a few more users are having this issue: Ubuntu 24.04 LTS Beta Testing - #25 by bambus89

Make sure you have done these steps:

  • Enable Secure Boot
  • Disable “Absolute” security if your BIOS supports it
  • If your TPM supports both sha-1 and sha-256 modes, try switching to sha-256

Checked, it says it is enabled in the overview.

I don’t have that option. When I go the the “Manage Keys” section I see a lot of SHA-265 hashes in the deny list.

Okay, that was it. I was certain it was disabled, bu I confused it with the line below which said not activated.

After I disabled “Absolute” I can now select TPM-backed encryption in the installer. Sorry that I didn’t check thoroughly. So many options.


Should I enable TSME?


Edit: And I need to disable 3rd party drivers to see the option. There is currently no explanation in the installer that one option excludes the other at this point in time.

I’m wondering, has anyone tested this installation option with the 24.04 images?

My few attempts resulted in unbootable systems. No UEFI boot entry is created and when I select the SSD in the boot menu I’m prompted to enter the recovery keys, which I don’t have yet.

I tried running sudo snap recovery --show-keys to get the recovery keys, but it returned that it is not running an encrypted system. Do I have to do some kind of chroot trickery with /target?


Edit: I just tried installing on my older T580 (Intel processor). And it worked. What was different? I didn’t care about network connectitivity and updates, so I installed offline to check. Back to my P14s, installing offline also works! But it feels “not right” without the boot entry. I mean I can adjust the boot priority, that’s not a big deal. I will test some more to write a good bug report.

No trickery should be required if your device supports TPM FDE and you’ll only be able to run that command post install, if you can’t get that far something has gone wrong. Could you please file a bug against the project with your system info and setup and we’ll look into why it might not work for you. You’ve done a lot of testing and it would be good to bank those learnings. I appreciate you exploring all the options.

As I said we plan to expand hardware support significanlty within the lifecycle of the LTS, currently we are prioritising NVIDIA driver support. I think we can improve some of the messaging in the installer as well, I’ll add that to our backlog.

Here is the ticket for that issue.

Okay I just filed the following bug report:

I don’t know if this has been brought up before, but I’d like to access the encrypted partition when I boot another operating system like the Ubuntu ISO or Fedora. With standard LUKS partitions you can just add another key / passphrase to a slot in LUKS. But I failed getting this to work today on a test system.

# Add another key while running from /dev/nvme0n1p4
sudo cryptsetup luksAddKey --token-type systemd-tpm2 /dev/nvme0n1p4

# Attempt to unlock from Ubuntu Installation Media
sudo cryptsetup open /dev/nvme0n1p4 test

It didn’t accept the key I set before. With this being a test system and to rule out any mistyping I set the additional passphrase to 123456 and it didn’t work. Of course I also tried it in Gnome Disks and it didn’t work there either.


Side note: After all my struggles I can now install TPM-backed encryption on my laptops without hassle. I just reset the security chip and set secure boot keys to factory defaults. I have no idea why it was so difficult before.

H

The recovery key you get from snapd doesn’t directly function as a luks key to unlock the drive. There is some format wizardry which converts it on-the-fly when you type it in at the prompt.

However, there is a way to get a working key-file to unlock your drives.
A user online wrote a GO script which can convert the recovery-key string to a working luks key-file: https://lemmy.world/post/7029429

I have since written a comparable python script which can do the same: GitHub - jps-help/python-snap2luks: A simple python script to convert Ubuntu TPM-backed FDE snap recovery keys to a working LUKS key-file

Using the generated key-file, you should be able to add an extra passphrase using cryptsetup

1 Like