Go through the manual install process but at the "Disk Setup" step, select "Erase disk and install Ubuntu" and click "Advanced features...".
Select "Enable hardware-backed full disk encryption" then click "OK"
Once the installation is done, force the LXD VM to stop
$ lxc stop --force lxd-noble-fde
Remove the ISO
$ lxc config device remove lxd-noble-fde iso-volume
Start the VM back
$ lxc start lxd-noble-fde
Once logged in, rsyslog should eventually fail to start and the same Apparmor denials should show up in `journalctl -k`.
Here's how to reproduce this in a LXD VM:
Download Ubuntu 24.04 Desktop image into ~/Downloads
Import the ISO ubuntu- 24.04-desktop- amd64.iso 24.04-desktop --type=iso
$ lxc storage volume import default ~/Downloads/
Prepare a LXD VM 24.04-desktop boot.priority=10
$ lxc init --empty --vm lxd-noble-fde -c limits.memory=6GiB -c limits.cpu=4 -d root,size=32GiB
$ lxc config device add lxd-noble-fde iso-volume disk pool=default source=
$ lxc config device add lxd-noble-fde tpm tpm
$ lxc start --console=vga lxd-noble-fde
Go through the manual install process but at the "Disk Setup" step, select "Erase disk and install Ubuntu" and click "Advanced features...".
Select "Enable hardware-backed full disk encryption" then click "OK"
Once the installation is done, force the LXD VM to stop
$ lxc stop --force lxd-noble-fde
Remove the ISO
$ lxc config device remove lxd-noble-fde iso-volume
Start the VM back
$ lxc start lxd-noble-fde
Once logged in, rsyslog should eventually fail to start and the same Apparmor denials should show up in `journalctl -k`.