TPM backed FDE does not re-enroll the key upon recovery
Bug #2052601 reported by
Michał Sawicz
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd |
New
|
Undecided
|
Unassigned |
Bug Description
Following a mainboard replacement, I installed daily Noble with TPM FDE and stored the recovery key from `snap recovery --show-keys`.
I then proceeded to clear the TPM to check that I would be able to recover, and while the system booted after prompting for the key, it didn't re-enroll it into the TPM, which means I have to re-enter it every time.
The documentation [1] states this should not be the case:
> Ubuntu Core will decrypt the device, proceed with the boot, and restore the TPM from the recovered key.
Attached is the output from the debug script.
[1] https:/
To post a comment you must log in.