Can't update firmware on TPM-backed FDE systems
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| snapd |
New
|
Undecided
|
Unassigned | ||
| ubuntu-desktop-provision |
New
|
Undecided
|
Unassigned | ||
| fwupd (Ubuntu) |
Triaged
|
Undecided
|
Unassigned | ||
Bug Description
This was previously reported here: https:/
But I think that bug report and those posted in other projects don't seem to be getting attention.
With the new TPM-backed FDE storage layout for Ubuntu 24.04, it is seemingly impossible to perform firmware updates using fwupd.
Attempting to upgrade the firmware with `fwupdmgr upgrade XXXXXX` gives the attached error message.
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: fwupd 1.9.16-1
ProcVersionSign
Uname: Linux 6.8.0-31-generic x86_64
ApportVersion: 2.28.1-0ubuntu3
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: ubuntu:GNOME
Date: Thu May 16 11:25:24 2024
ProcEnviron:
LANG=en_GB.UTF-8
PATH=(custom, no user)
SHELL=
TERM=xterm-
XDG_RUNTIME_
SourcePackage: fwupd
UpgradeStatus: No upgrade log present (probably fresh install)
modified.
| James Paton-Smith (jamesps) wrote | #1 |
| Mario Limonciello (superm1) wrote | #2 |
| Changed in fwupd (Ubuntu): | |
| status: | New → Triaged |
This is the original bug for deb fwupd: https:/
This is the original bug for snap fwupd: https:/
The problem is that fwupd (both deb and snap) don't understand the layout that TPM FDE uses.
As mentioned in https:/
> fwupd is not aware of this layout.
In order for a firmware update to work, fwupd expects to be able to create a new NVRAM boot entry using shim to chainload fwupdx64.efi.
As mentioned in https:/
> My take on this issue is that it's because the Ubuntu 23.10 FDE mounts stuff in a weird location. The ESP is at /run/mnt which isn't something that the fwupd snap interface understands. It fully expects it to be in /boot/efi.