Cannot boot on 24.04 with TPM encryption

Tested on a Maingear Vector Pro 2 I have, it is able to boot fine on the first boot but after updating and rebooting, it prompts for the recovery password again.

Tested on the Dell XPS 9530 15" and it has the same issue as my desktop where it immediately asks for recovery password on first boot.

Looks like the following GitHub issues are relevant as well:
https://github.com/canonical/ubuntu-desktop-provision/issues/577
https://github.com/canonical/ubuntu-desktop-installer/issues/2369

Also this is still happening on the daily image released today for 24.04.

Also still seeing this on the daily build 4/8 and 4/9.

Thanks for the report.
We need a capture of the logs from /var/log/installer to debug.

I have this exact issue with a Lenovo Yoga 9 laptop. It seems that the TPM goes in DA lockout mode on nearly every boot as I have always had to clear it manually before being able to install Ubuntu with TPM encryption. Lenovo's BIOS does not have any meaningful settings regarding TPM and TPM works as it should in Windows. It would be nice to be able to check the recovery password during the installation process as it is now possible to end up in a state where Ubuntu is permanently unbootable immediately after installation.

I think this should be put into the FDE specific bug reports link[1] shown in the 24.04 Release Notes[2].
As this is making TPM-backed FDE almost unusable.

[1] https://bugs.launchpad.net/bugs/+bugs?field.searchtext=&orderby=-importance&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&field.status%3Alist=TRIAGED&field.status%3Alist=INPROGRESS&field.status%3Alist=FIXCOMMITTED&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&assignee_option=any&field.assignee=&field.bug_reporter=&field.bug_commenter=&field.subscriber=&field.tag=fde&field.tags_combinator=ANY&field.status_upstream-empty-marker=1&field.has_cve.used=&field.omit_dupes.used=&field.omit_dupes=on&field.affects_me.used=&field.has_patch.used=&field.has_branches.used=&field.has_branches=on&field.has_no_branches.used=&field.has_no_branches=on&field.has_blueprints.used=&field.has_blueprints=on&field.has_no_blueprints.used=&field.has_no_blueprints=on&search=Search
[2] https://discourse.ubuntu.com/t/noble-numbat-release-notes/39890

Same on my Lenovo T14 gen 4 AMD

I attached sosreport from liveiso

Also var log from the /target OS

Seems I found workaround/solution for that. I needed to disable Absolute Persistence Module Activation in the EUFI config. See the screenshot.

After that previously install TPM based installation started to working.

I am blocked on using "Hardware Backed Encryption" installation procedure also. The repeatable experience is described best in the duplicate https://bugs.launchpad.net/ubuntu-desktop-provision/+bug/2063963

I have a Lenovo Thinkpad P1Gen6 with BIOS Version N3ZET41W (1.28). I upgraded from BIOS 1.16 which had the same problem.

Also worth noting when connected to the internet, the installer is updated to the latest with no effect.

I've disabled Absolute Persistence Module Activation without effect.

I'm using image: ubuntu-24.04-desktop-amd64.iso 2024-04-24 11:29

I retested again today on the ASUS ROG X670E Crosshair after updating BIOS to 2120 (Beta) which primarily updates AGESA firmware to 1.2.0.0, and TPM encryption works now!

Not sure if this was an AMD or ASUS specific issue but it's resolved now at least on my hardware.