According to `fwupdmgr security` I missing SPI Lock (Disabled) and SPI BIOS region (Unlocked) for HSI-1. For HSI-2 BootGuard ACM protected (Invalid) and BootGuard verified boot (Invalid) are issues. Executed on 25.04 installer image. Attached ubuntu-tpm-fde_on_Gigabyte-B660M-Gaming-X-AX-DDR4-Rev-11.txt I assume these are why with 26.04 installer TPM-FDE is not available.
What can I do about these? HSI-1 ✘ SPI lock: Disabled ✘ SPI BIOS region: Unlocked HSI-2 ✘ Intel BootGuard ACM protected: Invalid ✘ Intel BootGuard verified boot: Invalid ** Attachment added: "ubuntu-tpm-fde_on_Gigabyte-B660M-Gaming-X-AX-DDR4-Rev-11.txt" https://bugs.launchpad.net/snapd/+bug/2125409/+attachment/5942679/+files/ubuntu-tpm-fde_on_Gigabyte-B660M-Gaming-X-AX-DDR4-Rev-11.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2125409 Title: BootGuard ACM not forced → TPM FDE disabled in Ubuntu 25.10 installer To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/2125409/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
