Enroll KEK and Signature via BIOS settings but still get the same error message (comment#31). But, I can install the test image on another x86 machine and FDE is enabled successfully.
Here are steps: 1. Remove key enrolled by mokutil 2. Re-flash uc20 test image 3. Enroll KEK and Signature via BIOS settings: [Boot Maintenance Manager Menu][Secure Boot Configuration Menu][Secure Boot Mode][Custom Mode][Custom Secure Boot Option] [KEK Option][Enroll KEK] => PkKek-1-snakeoil.der[1] [DB Option][Enroll Signature] => PkKek-1-snakeoil.der 4. Clear TPM [Intel Advanced Menu][TPM Configuration][TCG2 Configuration][TPM2 Operation] Another x86 machine has different BIOS, so it has different steps to clear TPM and enroll key. 1. Flash uc20 test image 2. Enroll KEK and Signature via BIOS settings: [Security][Secure Boot][Key Management] [Key Exchange Keys][Append] => PkKek-1-snakeoil.der [Authorized Signatures][Append] => PkKek-1-snakeoil.der 3. Clear TPM $ sudo -s $ echo 5 > /sys/class/tpm/tpm0/ppi/request --- [1] PkKek-1-snakeoil https://raw.githubusercontent.com/snapcore/pc-amd64-gadget/20/snakeoil/PkKek-1-snakeoil.key https://raw.githubusercontent.com/snapcore/pc-amd64-gadget/20/snakeoil/PkKek-1-snakeoil.pem # Convert PkKek-1-snakeoil.pem to PkKek-1-snakeoil.der $ openssl x509 -in PkKek-1-snakeoil.pem -inform PEM -outform DER -out PkKek-1-snakeoil.der -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1938678 Title: [intel] [tgl-h][iotg] [hwe-tpm] Ubuntu Core hangs during bootup on TGL-H To manage notifications about this bug go to: https://bugs.launchpad.net/intel/+bug/1938678/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
