I am pretty sure that this is connected to https://bugs.launchpad.net/ubuntu/+source/subiquity/+bug/2049999
In my case I think it is about TPM PCR bank capabilities (SHA-512 VS SHA-1). It is an other question whether this is handled gracefully or checked against. I see no problem allowing SHA-1 banks to be used as long as the user is notified about possible security risks. Also, for disk encryption, maybe add a PIN as well, systemd-cryptenroll supports it. I think this is a developer oversight. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2031896 Title: [canary] installation failed with "cannot seal the encryption keys" To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/2031896/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs