I've just figured out what the issue is here - this device has a debugging endpoint built into the firmware which is indicated in PCR7
7 a62bd67b2cc295976651b354468c0047f8d1547d25056ded5952aaf5991762a3 EV_EFI_ACTION UEFI Debug Mode This causes us to silently mis-predict the PCR7 value today. This will eventually be detected here and will prevent FDE from being enabled: https://github.com/canonical/secboot/blob/2972449df0baab78eee8f5d99e01d479673651b0/efi/preinstall/check_host_security.go#L67 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2107457 Title: Can't boot after installation with TPM backed FDE on xps9320 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/subiquity/+bug/2107457/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
