What does the UEFI Secure Boot section of your BIOS offer you? Unless it’s a fancy GUI BIOS it should look similar to most business laptops and should have a section that lets you choose between “Standard” and “Custom” Secure Boot Mode. Choose “Standard”. If there is an option where you can reset secure boot to factory key, do that.
After I got my TPM module in the mail today I tried getting TPM FDE to work on another machine, but I have the same problem as befiore with my Thinkpads. I get asked for recovery keys on first boot which I don’t have yet.
After trying a lot of settings I performed a reset of all UFEI settings. I then took screenshots, here are some of the ones with relevant settings:
While this one says SHA-1 is enabled, I disabled it after taking the screenshot and tried again, but it failed like before when I tried with this option disabled.
If Secure Boot Mode is set to Custom here I can’t enter the menu below to clear keys and install default keys like I’m used to from Thinkpads. When I set the mode the Standard, I can install with TPM FDE, if I set it to custom, the option will be greyed out in the installer.
No technical support or help questions. Do not ask for help solving a problem here. You’re told this when you’re signing up for an account, and it’s at the very top header.
Moderators will create new topics out of comments that are asking for help solving a problem in the “Support and Help” category, reply to them with instructions on how to seek support, and promptly close the topic. This is not up for debate since we, as a community, have abundant options for support and help.
Just to doublecheck: work on TPM-backed encryption in conjunction with Nvidia drivers is still ongoing and didn’t make it into 24.10? (the release notes make it sound like that, but since the example mentions only RAID, I’m not 100% sure)
I installed Ubuntu 24.04.1 with TPM-Backed option and Almost it works great. Almost because I couldn’t install Virtualbox. VB needs kernel headers and because of snap pc-kernel, there is no way to install headers. I couldn’t find VB and kernel headers as snap package.
Is there a way to install Virtualbox with snap pc-kernel or Do I have to return old way encrypted system?
To use Virtualbox, you would need to go back to classic Ubuntu.
However, virt-manager and Gnome Boxes should work on your system. I would recommend virt-manager since it feels faster than Gnome Boxes and sometimes VMs in Gnome Boxes just don’t open anymore.
I searched but I could not find about cpu microcode. There is no package in Snap store. Does snap pc-kernel have intel or amd microcode updates? Or is that a future feature?