Public bug reported:
IN BRIEF
According to the documentation, snap-tpmctl unlocks and mounts a device,
and can unmount the device.
I have been using this from a Live USB to unlock and mount the data
partition, created by installing Ubuntu 26.04 with TPM-backed full-disk
encryption (FDE).
———
TO REPLICATE — PART 1
1. Boot into the computer using an Ubuntu 26.04 Live USB.
2. Enter the following commands. I have included their responses to show
that while snap-tpmctl unlocks the device successfully, it doesn't mount
it.
ubuntu@ubuntu:~$ lsblk --fs | grep -Ev '^loop|sr0'
NAME FSTYPE FSVER LABEL
sda
├─sda1
├─sda2 vfat FAT32 ubuntu-seed
├─sda3 ext4 1.0 ubuntu-boot
├─sda4 crypto_LUKS 2 ubuntu-save-enc
└─sda5 crypto_LUKS 2 ubuntu-data-enc
ubuntu@ubuntu:~$ sudo snap install snap-tpmctl
snap-tpmctl 0.2.2 from Canonical✓ installed
ubuntu@ubuntu:~$ sudo mkdir /mnt/data
ubuntu@ubuntu:~$ sudo snap-tpmctl mount-volume /dev/sda5 /mnt/data
Enter recovery key: *****-*****-*****-*****-*****-*****-*****-*****
ubuntu@ubuntu:~$ lsblk --fs | grep -Ev '^loop|sr0'
NAME FSTYPE FSVER LABEL
sda
├─sda1
├─sda2 vfat FAT32 ubuntu-seed
├─sda3 ext4 1.0 ubuntu-boot
├─sda4 crypto_LUKS 2 ubuntu-save-enc
└─sda5 crypto_LUKS 2 ubuntu-data-enc
└─dev-sda5 ext4 1.0 ubuntu-data
ubuntu@ubuntu:~$ mount | grep -E 'sda|data'
3. You can mount it using mount.
ubuntu@ubuntu:~$ sudo mount /dev/mapper/dev-sda5 /mnt/data
ubuntu@ubuntu:~$ mount | grep -E 'sda|data'
/dev/mapper/dev-sda5 on /mnt/data type ext4 (rw,relatime)
———
TO REPLICATE — PART 2
1. Try to unmount and lock the device using snap-tpmctl:
ubuntu@ubuntu:~$ sudo snap-tpmctl unmount-volume /mnt/data
ERROR: unable to remove mount point: open /mnt: permission denied
ubuntu@ubuntu:~$ sudo snap-tpmctl unmount-volume /dev/mapper/dev-sda5
ERROR: path not found in /proc/mounts
2. You can unmount using umount:
ubuntu@ubuntu:~$ sudo umount /mnt/data
3. Try to lock the device using snap-tpmctl:
ubuntu@ubuntu:~$ sudo snap-tpmctl unmount-volume /dev/mapper/dev-sda5
ERROR: path not found in /proc/mounts
ubuntu@ubuntu:~$ sudo snap-tpmctl unmount-volume /dev/sda5
ERROR: path not found in /proc/mounts
4. You can lock it using cryptsetup:
ubuntu@ubuntu:~$ sudo cryptsetup luksClose /dev/mapper/dev-sda5
———
DOCUMENTATION
1. On the website:
https://ubuntu.com/desktop/docs/en/latest/how-to/recover-data-from-
hardware-backed-disk-encryption/
2. The help for snap-tpmctl:
ubuntu@ubuntu:~$ snap-tpmctl --help
NAME:
snap-tpmctl - Ubuntu TPM and FDE management tool
USAGE:
snap-tpmctl [global options] [command [command options]]
COMMANDS:
add-pin Add PIN authentication
add-passphrase Add passphrase authentication
create-recovery-key Create a new recovery key
check-recovery-key Check recovery key
get-luks-key Get LUKS key from recovery key
list-all List all the keyslots with details
list-passphrases List passphrases
list-pins List pins
list-recovery-keys List recovery keys
mount-volume Unlock and mount a LUKS encrypted volume
replace-passphrase Replace encryption passphrase
replace-pin Replace encryption PIN
regenerate-recovery-key Regenerate an existing recovery key
remove-passphrase Remove passphrase authentication
remove-pin Remove PIN authentication
status Show current TPM/FDE status
unmount-volume Unmount and lock a LUKS encrypted volume
version Print version
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--verbosity, -v Increase verbosity level
--help, -h show help
———
WHAT SHOULD HAPPEN
Either:
"snap-tpmctl mount-volume" mounts the volume as per the documentation.
Or:
The documentation is corrected.
ProblemType: Bug
DistroRelease: Ubuntu 26.04
Package: snap (not installed)
ProcVersionSignature: Ubuntu 7.0.0-14.14-generic 7.0.0
Uname: Linux 7.0.0-14-generic x86_64
NonfreeKernelModules: zfs
ApportVersion: 2.34.0-0ubuntu2
Architecture: amd64
CasperMD5CheckResult: pass
CasperVersion: 26.04.2
CloudArchitecture: x86_64
CloudID: nocloud
CloudName: unknown
CloudPlatform: nocloud
CloudSubPlatform: seed-dir (/var/lib/cloud/seed/nocloud)
CurrentDesktop: ubuntu:GNOME
Date: Tue Jun 23 12:49:13 2026
LiveMediaBuild: Ubuntu 26.04 "Resolute Raccoon" - Release amd64 (20260423.1)
ProcEnviron:
LANG=C.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
SourcePackage: snap
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: snap (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug resolute wayland-session
** Summary changed:
- snap-tpmctl doesn't mount or unmount, in contradiction to the documentation
+ snap-tpmctl doesn't mount or unmount, contrary to the documentation
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2158079
Title:
snap-tpmctl doesn't mount or unmount, contrary to the documentation
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/snap/+bug/2158079/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
