I have verified using the upgrader tarball for noble-proposed.
To create a VM with Ubuntu Desktop TPM FDE, I did the following:
$ lxc storage volume import default ~/downloads/ubuntu-23.10.1-desktop-amd64.iso 23.10-desktop --type=iso $ lxc init --empty --vm lxd-mantic-fde -c limits.memory=6GiB -c limits.cpu=4 -d root,size=32GiB $ lxc config device add lxd-mantic-fde iso-volume disk pool=default source=23.10-desktop boot.priority=10 $ lxc config device add lxd-mantic-fde tpm tpm $ lxc start --console=vga lxd-mantic-fde
I went through the installer, and selected TPM FDE from advanced features. Then, after the installation, I ran the following in the VM:
ubuntu@ubuntu:~$ wget http://archive.ubuntu.com/ubuntu/dists/noble-proposed/main/dist-upgrader-all/24.04.18/noble.tar.gz --2024-05-17 11:02:12-- http://archive.ubuntu.com/ubuntu/dists/noble-proposed/main/dist-upgrader-all/24.04.18/noble.tar.gz Resolving archive.ubuntu.com (archive.ubuntu.com)... 185.125.190.39, 91.189.91.82, 185.125.190.36, ... Connecting to archive.ubuntu.com (archive.ubuntu.com)|185.125.190.39|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 1274850 (1.2M) [application/x-gzip] Saving to: \u2018noble.tar.gz\u2019
noble.tar.gz 100%[===================>] 1.21M 542KB/s in 2.3s
2024-05-17 11:02:14 (542 KB/s) - \u2018noble.tar.gz\u2019 saved [1274850/1274850]
ubuntu@ubuntu:~$ tar xf noble.tar.gz ubuntu@ubuntu:~$ sudo ./noble --frontend DistUpgradeViewText
Reading cache
Checking package manager Reading package lists... Done Building dependency tree... Done Reading state information... Done Hit http://security.ubuntu.com/ubuntu mantic-security InRelease Hit http://nl.archive.ubuntu.com/ubuntu mantic InRelease Hit http://nl.archive.ubuntu.com/ubuntu mantic-updates InRelease Hit http://nl.archive.ubuntu.com/ubuntu mantic-backports InRelease Fetched 0 B in 0s (0 B/s) Reading package lists... Done Building dependency tree... Done Reading state information... Done
Sorry, cannot upgrade this system to 24.04 LTS
Upgrades for desktop systems running TPM FDE are not currently supported. Please see https://launchpad.net/bugs/2065229 for more information.
Restoring original system state
Aborting Reading package lists... Done Building dependency tree... Done Reading state information... Done
So, the upgrade was blocked as expected.
I also tested in a container to make sure that upgrades were not prevented there:
nr@six:~$ lxc launch ubuntu-daily:mantic mantic Creating mantic Starting mantic nr@six:~$ lxc exec mantic bash root@mantic:~# wget http://archive.ubuntu.com/ubuntu/dists/noble-proposed/main/dist-upgrader-all/24.04.18/noble.tar.gz --2024-05-17 09:11:47-- http://archive.ubuntu.com/ubuntu/dists/noble-proposed/main/dist-upgrader-all/24.04.18/noble.tar.gz Resolving archive.ubuntu.com (archive.ubuntu.com)... 91.189.91.83, 91.189.91.81, 185.125.190.39, ... Connecting to archive.ubuntu.com (archive.ubuntu.com)|91.189.91.83|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 1274850 (1.2M) [application/x-gzip] Saving to: ‘noble.tar.gz’
noble.tar.gz 100%[================================================>] 1.21M 130KB/s in 9.6s
2024-05-17 09:11:58 (130 KB/s) - ‘noble.tar.gz’ saved [1274850/1274850]
root@mantic:~# tar xf noble.tar.gz root@mantic:~# ./noble [ ... ] Checking package manager Reading package lists... Done Building dependency tree... Done Reading state information... Done
Calculating the changes
Do you want to start the upgrade?
2 installed packages are no longer supported by Canonical. You can still get support from the community.
44 packages are going to be removed. 64 new packages are going to be installed. 492 packages are going to be upgraded.
You have to download a total of 194 M. This download will take about 38 seconds with a 40Mbit connection and about 5 minutes with a 5Mbit connection.
Fetching and installing the upgrade can take several hours. Once the download has finished, the process cannot be canceled.
Continue [yN] Details [d]
Hence, I was allowed to complete the upgrade. Finally, I tried an upgrade from a normal (non-TPM FDE) VM:
nr@six:~$ lxc launch images:ubuntu/23.10/desktop ubuntu --vm -c limits.cpu=4 -c limits.memory=4GiB --console=vga [...]
ubuntu@ubuntu:~$ wget http://archive.ubuntu.com/ubuntu/dists/noble-proposed/main/dist-upgrader-all/24.04.18/noble.tar.gz --2024-05-17 09:54:09-- http://archive.ubuntu.com/ubuntu/dists/noble-proposed/main/dist-upgrader-all/24.04.18/noble.tar.gz Resolving archive.ubuntu.com (archive.ubuntu.com)... 91.189.91.83, 185.125.190.36, 91.189.91.81, ... Connecting to archive.ubuntu.com (archive.ubuntu.com)|91.189.91.83|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 1274850 (1.2M) [application/x-gzip] Saving to: \u2018noble.tar.gz\u2019
noble.tar.gz 100%[===================>] 1.21M 65.8KB/s in 17s
2024-05-17 09:54:27 (72.9 KB/s) - \u2018noble.tar.gz\u2019 saved [1274850/1274850]
ubuntu@ubuntu:~$ tar xf noble.tar.gz ubuntu@ubuntu:~$ sudo ./noble --frontend DistUpgradeViewText [...] Checking package manager Reading package lists... Done Building dependency tree... Done Reading state information... Done
1 installed package is no longer supported by Canonical. You can still get support from the community.
129 packages are going to be removed. 229 new packages are going to be installed. 1134 packages are going to be upgraded.
You have to download a total of 1,448 M. This download will take about 24 minutes with your connection.
Installing the upgrade can take several hours. Once the download has finished, the process cannot be canceled.
I have verified using the upgrader tarball for noble-proposed.
To create a VM with Ubuntu Desktop TPM FDE, I did the following:
$ lxc storage volume import default ~/downloads/ ubuntu- 23.10.1- desktop- amd64.iso 23.10-desktop --type=iso 23.10-desktop boot.priority=10
$ lxc init --empty --vm lxd-mantic-fde -c limits.memory=6GiB -c limits.cpu=4 -d root,size=32GiB
$ lxc config device add lxd-mantic-fde iso-volume disk pool=default source=
$ lxc config device add lxd-mantic-fde tpm tpm
$ lxc start --console=vga lxd-mantic-fde
I went through the installer, and selected TPM FDE from advanced features. Then, after the installation, I ran the following in the VM:
ubuntu@ubuntu:~$ wget http:// archive. ubuntu. com/ubuntu/ dists/noble- proposed/ main/dist- upgrader- all/24. 04.18/noble. tar.gz archive. ubuntu. com/ubuntu/ dists/noble- proposed/ main/dist- upgrader- all/24. 04.18/noble. tar.gz ubuntu. com)... 185.125.190.39, 91.189.91.82, 185.125.190.36, ... ubuntu. com)|185. 125.190. 39|:80. .. connected. x-gzip] tar.gz\ u2019
--2024-05-17 11:02:12-- http://
Resolving archive.ubuntu.com (archive.
Connecting to archive.ubuntu.com (archive.
HTTP request sent, awaiting response... 200 OK
Length: 1274850 (1.2M) [application/
Saving to: \u2018noble.
noble.tar.gz 100%[== ======= ======= ===>] 1.21M 542KB/s in 2.3s
2024-05-17 11:02:14 (542 KB/s) - \u2018noble. tar.gz\ u2019 saved [1274850/1274850]
ubuntu@ubuntu:~$ tar xf noble.tar.gz
ubuntu@ubuntu:~$ sudo ./noble --frontend DistUpgradeViewText
Reading cache
Checking package manager security. ubuntu. com/ubuntu mantic-security InRelease nl.archive. ubuntu. com/ubuntu mantic InRelease nl.archive. ubuntu. com/ubuntu mantic-updates InRelease nl.archive. ubuntu. com/ubuntu mantic-backports InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Hit http://
Hit http://
Hit http://
Hit http://
Fetched 0 B in 0s (0 B/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Sorry, cannot upgrade this system to 24.04 LTS
Upgrades for desktop systems running TPM FDE are not currently /launchpad. net/bugs/ 2065229 for more
supported. Please see https:/
information.
Restoring original system state
Aborting
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
So, the upgrade was blocked as expected.
I also tested in a container to make sure that upgrades were not prevented there:
nr@six:~$ lxc launch ubuntu-daily:mantic mantic archive. ubuntu. com/ubuntu/ dists/noble- proposed/ main/dist- upgrader- all/24. 04.18/noble. tar.gz archive. ubuntu. com/ubuntu/ dists/noble- proposed/ main/dist- upgrader- all/24. 04.18/noble. tar.gz ubuntu. com)... 91.189.91.83, 91.189.91.81, 185.125.190.39, ... ubuntu. com)|91. 189.91. 83|:80. .. connected. x-gzip]
Creating mantic
Starting mantic
nr@six:~$ lxc exec mantic bash
root@mantic:~# wget http://
--2024-05-17 09:11:47-- http://
Resolving archive.ubuntu.com (archive.
Connecting to archive.ubuntu.com (archive.
HTTP request sent, awaiting response... 200 OK
Length: 1274850 (1.2M) [application/
Saving to: ‘noble.tar.gz’
noble.tar.gz 100%[== ======= ======= ======= ======= ======= ======= ====>] 1.21M 130KB/s in 9.6s
2024-05-17 09:11:58 (130 KB/s) - ‘noble.tar.gz’ saved [1274850/1274850]
root@mantic:~# tar xf noble.tar.gz
root@mantic:~# ./noble
[ ... ]
Checking package manager
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating the changes
Calculating the changes
Do you want to start the upgrade?
2 installed packages are no longer supported by Canonical. You can
still get support from the community.
44 packages are going to be removed. 64 new packages are going to be
installed. 492 packages are going to be upgraded.
You have to download a total of 194 M. This download will take about
38 seconds with a 40Mbit connection and about 5 minutes with a 5Mbit
connection.
Fetching and installing the upgrade can take several hours. Once the
download has finished, the process cannot be canceled.
Continue [yN] Details [d]
Hence, I was allowed to complete the upgrade. Finally, I tried an upgrade from a normal (non-TPM FDE) VM:
nr@six:~$ lxc launch images: ubuntu/ 23.10/desktop ubuntu --vm -c limits.cpu=4 -c limits.memory=4GiB --console=vga
[...]
ubuntu@ubuntu:~$ wget http:// archive. ubuntu. com/ubuntu/ dists/noble- proposed/ main/dist- upgrader- all/24. 04.18/noble. tar.gz archive. ubuntu. com/ubuntu/ dists/noble- proposed/ main/dist- upgrader- all/24. 04.18/noble. tar.gz ubuntu. com)... 91.189.91.83, 185.125.190.36, 91.189.91.81, ... ubuntu. com)|91. 189.91. 83|:80. .. connected. x-gzip] tar.gz\ u2019
--2024-05-17 09:54:09-- http://
Resolving archive.ubuntu.com (archive.
Connecting to archive.ubuntu.com (archive.
HTTP request sent, awaiting response... 200 OK
Length: 1274850 (1.2M) [application/
Saving to: \u2018noble.
noble.tar.gz 100%[== ======= ======= ===>] 1.21M 65.8KB/s in 17s
2024-05-17 09:54:27 (72.9 KB/s) - \u2018noble. tar.gz\ u2019 saved [1274850/1274850]
ubuntu@ubuntu:~$ tar xf noble.tar.gz
ubuntu@ubuntu:~$ sudo ./noble --frontend DistUpgradeViewText
[...]
Checking package manager
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating the changes
Calculating the changes
Do you want to start the upgrade?
1 installed package is no longer supported by Canonical. You can
still get support from the community.
129 packages are going to be removed. 229 new packages are going to
be installed. 1134 packages are going to be upgraded.
You have to download a total of 1,448 M. This download will take
about 24 minutes with your connection.
Installing the upgrade can take several hours. Once the download has
finished, the process cannot be canceled.
Continue [yN] Details [d]