TPM in DA lockout mode

Fresh device, installed UEFI, tried installing Ubuntu. Can’t use device encryption with TPM because the TPM is in DA lockout mode. Missing something obvious?

While I’m not sure what TPM is (search results sounds like a physical chip), you may want to provide more details about your “Fresh device” and version of Ubuntu. Chromebook model? Board name? Mine would be Lenovo 500E (2nd gen) Phaser360S, for example. In the docs it says

Ubuntu and Ubuntu-based distributions that are not based on 23.10 or higher may have issues .

Would be good to know if that was the thing or not.
Perhaps also if you know if secure boot is on/off and other settings, because if it’s related then it’d be easier to figure out what’s up.

1 Like

The board is GALLOP, the OS is Ubuntu 23.10, SB is on. The issue persists on Fedora 39 and with SB off. Boot, try to clear TPM, TPM claims it’s in DA lockout.

I am not using Google’s firmware. I am on UEFI.

@WeirdTreeThing what was the command for that again?

Anyway TPM FDE wont work due to a bug on Ubuntu’s side. I’d recommend waiting for 24.04 if you wanna have passwordless encryption

TPM for Gallop won’t work since Cr50 TPMs do not work on MrChromebox firmware with Linux atm. I tried multiple times to set up automatic disk unlocking with TPM on Jinlon but it doesn’t work. You can still setup device encryption with a password that you type in though.