Snapd failed to do FDE with TPM when Ubuntu Core OS isn't the 1st boot entry
Bug #2048959 reported by
Laider Lai
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| snapd |
New
|
Undecided
|
Unassigned | ||
Bug Description
On x86 devices, if Ubuntu Core OS isn't the 1st boot entry from BIOS (redirect by BIOS bootmgr), then snapd failed to do FDE with TPM and showed some error messages as below.
“failed: cannot make system runnable: cannot seal the encryption keys: cannot add EFI secure boot policy profile: cannot computer secure boot policy profile: the current boot was preceeded by a boot attempt to an EFI application that returned to the boot manager, without a reboot in between.”
Is it an expected design for security? Or a bug?
Could you help to check this scenario?
A cover method is to move Ubuntu Core OS to 1st boot entry in BIOS.
BTW, the error messages regarding the root cause and how to fix it are unclear. Is it possible to refine the error messages?
| tags: | added: oem-priority |
Revision history for this message
| Tony Espy (awe) wrote | #1 |
Revision history for this message
| Laider Lai (laiderlai) wrote | #2 |
To post a comment you must log in.
What is the first boot entry?