| tomengland | hi everyone, does anyone know if there is a way to enable the TPM after you install ubuntu? For whatever reason I couldn't enable it during install. | 04:55 |
|---|---|---|
| tomreyn | what would you like tpm to do? | 05:08 |
| tomengland | googling it doesn't seem possible. full disk encryption. | 05:08 |
| tomreyn | indeed, i don't think the tpm bound block device encryption is available after installation. you could possibly set it up manually but it's not that easy. | 05:10 |
| tomreyn | so better do it during installation | 05:11 |
| tomengland | agh I tried, kept saying DA was in lockout. | 05:11 |
| tomengland | thank you | 05:11 |
| tomreyn | i don't know whether the tpm bound approach is supported for standard / non LTS releases | 05:11 |
| tomreyn | "DA"? | 05:12 |
| tomengland | not sure under the install options, it was greyed out and stated TPM was in lockout and I believe it had the letters DA in there | 05:12 |
| tomengland | might have been a beta issue. either way not too worried | 05:17 |
| tomreyn | actually, based on what i read at https://discourse.ubuntu.com/t/tpm-backed-full-disk-encryption-is-coming-to-ubuntu-discussion/38507 , non LTS releases should also provide TPM backed FDE | 05:17 |
| tomengland | yeah it was an option just greyed out due to some tpm error | 05:18 |
| tomreyn | "The TPM is in DA lockout mode" would have been the error message you spotted | 05:18 |
| tomreyn | i don't even know what this means. | 05:18 |
| tomreyn | i'm guessing it is disabled in bios, or does not support the TPM version the ubuntu installer requires | 05:19 |
| tomreyn | if ubuntu is tth eonly operating system you have installed, then you should be able to reset the tpm using echo 5 | sudo tee /sys/class/tpm/tpm0/ppi/request and rebooting | 05:21 |
| tomreyn | don't do this isf you have another operating system installed, such as windows | 05:22 |
| tomreyn | isf -> IF | 05:22 |
| tomreyn | alternatively, your bios may also offer an option to reset the tpm. if it doesn't, you may achieve the same effect by just disabling tpm in bios, rebooting, enabling tpm in bios, and rebooting again | 05:23 |
| tomengland | thanks, yeah I tried the echo thing, that didn't seem to work, resetting my bios settings. not sure what happened. | 05:27 |
| tomengland | other than that, ubuntu runs great on this laptop, every function works out of the box. also not sure how but all the snap apps look great on my 200% scaled screen, i had issues on fedora 40 and 41 with electron apps working with wayland | 05:29 |
| tomreyn | DA lockout mode is mentioned here https://bugs.launchpad.net/ubuntu-desktop-provision/+bug/2058147 | 05:30 |
| -ubottu:#ubuntu-next- Launchpad bug 2058147 in ubuntu-desktop-provision "Cannot boot on 24.04 with TPM encryption" [Undecided, Confirmed] | 05:30 | |
| tomreyn | but this bug is really a different issue. you should likely file a new one, even though your ubuntu version is not supported, yet. but the installer should clearly provide a (GUI) method for resetting the TPM | 05:32 |
| tomreyn | which deserves its own bug report | 05:32 |
| tomreyn | !bug | 05:32 |
| ubottu | If you find a bug in Ubuntu or any of its official !flavors, please report it using the command « ubuntu-bug <package> » - See https://help.ubuntu.com/community/ReportingBugs for other ways to report bugs. | 05:32 |
| tomreyn | a bug report on this should be filed against package ubuntu-desktop-provision | 05:33 |
| tomreyn | "The TPM is in DA lockout mode" should be mnetioned when discussing the issue. | 05:34 |
| tomengland | ooo thank you | 05:35 |
| tomreyn | it also seems (my impression based on what i read) that the recovery keys are not displayed (and the user is not prompted to persist them outside the computer in a secure way) after successful installation with tpm backed disk encryption. this would be another bug, if so. | 05:37 |
| tomreyn | there should also be a GUI means for users to access the recovery keys on demand at a later time. | 05:38 |
| tomreyn | if no such means exist, yet, that'd be yet another bug IMO | 05:38 |
| tomreyn | so it looks the design is still somewhat rudimentary | 05:39 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!