[Bug 2138609] Re: Patch fwupdmgr to verify recovery key with snapd API for TPM/FDE

[Launchpad Bug Tracker]

This bug was fixed in the package fwupd - 2.0.19-1ubuntu1

---------------
fwupd (2.0.19-1ubuntu1) resolute; urgency=medium

  * d/p/fwupdmgr-fde-verify-snapd-recovery-key.patch: Make fwupdmgr
    verify snapd recovery key through prompt on updates affecting FDE.
    (LP: #2138609)

 -- Simon Johnsson <simon.johnsson at canonical.com>  Thu, 22 Jan 2026
16:38:17 +0100

** Changed in: fwupd (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupd in Ubuntu.
https://bugs.launchpad.net/bugs/2138609

Title:
  Patch fwupdmgr to verify recovery key with snapd API for TPM/FDE

Status in fwupd package in Ubuntu:
  Fix Released

Bug description:
  Currently the firmware-updater GUI verifies the recovery key on
  updates affecting TPM/FDE state using a synchronous POST call to the
  "/v2/system-volumes" endpoint of snapd. This is for the purpose of
  ascertaining the availability of the recovery key before reboot in
  order to prevent locking the user out of the system.

  A proposal was made upstream (see
  https://github.com/fwupd/fwupd/issues/9744) to generalize this
  verification by moving it into fwupd itself and communicating the
  verification to the possible frontends using the system DBus. However
  after some discussion it was concluded that this had considerable
  security implications and the proposal was discontinued.

  Still, firmware-updater has the behavior of verifying the recovery
  key, and as such we should reflect this behavior in the fwupdmgr CLI
  frontend. In the future we should consider not requiring the user to
  input the recovery key upon predictable reboots, which means that this
  is likely best maintained as a temporary patched delta in the
  meantime.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/2138609/+subscriptions