For context - both of these systems should be brand new. To my knowledge, no other OS has been installed on either of them. > Is /sys/kernel/security/tpm0/binary_bios_measurements missing also on the NUC? I need to wait until later today when my colleague wakes up to check that. > Also, could you look if the tpm has a lockout? Do this and give the output. Sure - this is the output from the Star Labs System device: $ sudo snap install tpm2-tools-alexmurray tpm2-tools-alexmurray 5.3 from Alex Murray (alexmurray✪) installed $ sudo snap connect tpm2-tools-alexmurray:tpm $ sudo tpm2-tools-alexmurray.getcap properties-variable TPM2_PT_PERMANENT: ownerAuthSet: 0 endorsementAuthSet: 0 lockoutAuthSet: 0 reserved1: 0 disableClear: 0 inLockout: 0 tpmGeneratedEPS: 0 reserved2: 0 TPM2_PT_STARTUP_CLEAR: phEnable: 1 shEnable: 1 ehEnable: 1 phEnableNV: 1 reserved1: 0 orderly: 1 TPM2_PT_HR_NV_INDEX: 0x0 TPM2_PT_HR_LOADED: 0x0 TPM2_PT_HR_LOADED_AVAIL: 0x3 TPM2_PT_HR_ACTIVE: 0x0 TPM2_PT_HR_ACTIVE_AVAIL: 0x40 TPM2_PT_HR_TRANSIENT_AVAIL: 0x3 TPM2_PT_HR_PERSISTENT: 0x0 TPM2_PT_HR_PERSISTENT_AVAIL: 0x15 TPM2_PT_NV_COUNTERS: 0x0 TPM2_PT_NV_COUNTERS_AVAIL: 0x4 TPM2_PT_ALGORITHM_SET: 0x0 TPM2_PT_LOADED_CURVES: 0x4 TPM2_PT_LOCKOUT_COUNTER: 0x0 TPM2_PT_MAX_AUTH_FAIL: 0x20 TPM2_PT_LOCKOUT_INTERVAL: 0x1C20 TPM2_PT_LOCKOUT_RECOVERY: 0x15180 TPM2_PT_NV_WRITE_RECOVERY: 0x0 TPM2_PT_AUDIT_COUNTER_0: 0x0 TPM2_PT_AUDIT_COUNTER_1: 0x0 $ echo 5 | sudo tee /sys/class/tpm/tpm0/ppi/request 5 $ cat /sys/devices/virtual/dmi/id/bios_* 04/19/2024 24.2 coreboot 24.04 $ sudo snap reboot --install [wait for the device to be re-instated] $ findmnt --submounts /sys TARGET SOURCE FSTYPE OPTIONS /sys sysfs sysfs rw,nosuid,nodev,noexec,relatime ├─/sys/kernel/security securityfs securityfs rw,nosuid,nodev,noexec,relatime ├─/sys/fs/cgroup cgroup2 cgroup2 rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot ├─/sys/fs/pstore pstore pstore rw,nosuid,nodev,noexec,relatime ├─/sys/firmware/efi/efivars efivarfs efivarfs rw,nosuid,nodev,noexec,relatime ├─/sys/fs/bpf bpf bpf rw,nosuid,nodev,noexec,relatime,mode=700 ├─/sys/kernel/debug debugfs debugfs rw,nosuid,nodev,noexec,relatime ├─/sys/kernel/tracing tracefs tracefs rw,nosuid,nodev,noexec,relatime ├─/sys/fs/fuse/connections fusectl fusectl rw,nosuid,nodev,noexec,relatime └─/sys/kernel/config configfs configfs rw,nosuid,nodev,noexec,relatime $ sudo blkid /dev/loop1: TYPE="squashfs" /dev/nvme0n1p5: LABEL="ubuntu-data" UUID="4b2c84bc-d101-4876-a974-5facbb5af775" BLOCK_SIZE="4096" TYPE="ext4" PARTLABEL="ubuntu-data" PARTUUID="52025746-fc3d-c24e-b094-26f721c7cd48" /dev/nvme0n1p3: LABEL="ubuntu-boot" UUID="5a2c439c-cf62-4773-8376-2603ea7a81fe" BLOCK_SIZE="4096" TYPE="ext4" PARTLABEL="ubuntu-boot" PARTUUID="7206e296-fce4-924c-b6fd-affe319f9f1f" /dev/nvme0n1p1: PARTLABEL="BIOS Boot" PARTUUID="3a1a3e5c-6b7b-479e-9752-7cc79e4a5e46" /dev/nvme0n1p4: LABEL="ubuntu-save" UUID="83d045a3-2e33-47f9-b1e2-7c7d59d4541e" BLOCK_SIZE="1024" TYPE="ext4" PARTLABEL="ubuntu-save" PARTUUID="c967e18c-9991-0544-9316-55a0c988f7a8" /dev/nvme0n1p2: LABEL_FATBOOT="ubuntu-seed" LABEL="ubuntu-seed" UUID="2EFA-CB53" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="ubuntu-seed" PARTUUID="61cd77c3-d8c0-4382-9b03-0714bc38ffda" /dev/loop4: TYPE="squashfs" /dev/loop2: TYPE="squashfs" /dev/loop0: TYPE="squashfs" /dev/loop3: TYPE="squashfs" Updated journalctl dump: https://gist.github.com/vpetersson/3b41538b1405d55b2833b45f0fae375e