[Bug 2138609] Re: Patch fwupdmgr to verify recovery key with snapd API for TPM/FDE

Launchpad Bug Tracker 2138609 at bugs.launchpad.net
Mon Mar 30 16:21:14 UTC 2026 

This bug was fixed in the package fwupd - 2.0.20-1ubuntu2~25.10.1

---------------
fwupd (2.0.20-1ubuntu2~25.10.1) questing; urgency=medium

  * Backport to questing.
  * Fixes UOD behavior on some Dell docks (LP: #2143688)
  * d/control: Drop passim b-d

 -- Mario Limonciello <superm1 at gmail.com>  Thu, 12 Mar 2026 22:51:33
-0500

** Changed in: fwupd (Ubuntu Questing)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupd in Ubuntu.
https://bugs.launchpad.net/bugs/2138609

Title:
  Patch fwupdmgr to verify recovery key with snapd API for TPM/FDE

Status in fwupd package in Ubuntu:
  Fix Released
Status in fwupd source package in Questing:
  Fix Released

Bug description:
  [ Impact ]
  Currently the firmware-updater GUI verifies the recovery key on updates affecting TPM/FDE state using a synchronous POST call to the "/v2/system-volumes" endpoint of snapd. This is for the purpose of ascertaining the availability of the recovery key before reboot in order to prevent locking the user out of the system.

  [ Test plan ]
  1. On TPM/FDE enabled Ubuntu Desktop system
  2. Using fwupdmgr to update UEFI firmware
  3. A prompt is popped up to request user to input recovery key
  4. The system can finish UEFI firmware update successfully and boot to Ubuntu Desktop

  [ Where problems could occur ]
  The recovery key is not written to snapd successfully, and the user is not able to boot into the system anymore.

  [ Additional information ]
  A proposal was made upstream (see https://github.com/fwupd/fwupd/issues/9744) to generalize this verification by moving it into fwupd itself and communicating the verification to the possible frontends using the system DBus. However after some discussion it was concluded that this had considerable security implications and the proposal was discontinued.

  Still, firmware-updater has the behavior of verifying the recovery
  key, and as such we should reflect this behavior in the fwupdmgr CLI
  frontend. In the future we should consider not requiring the user to
  input the recovery key upon predictable reboots, which means that this
  is likely best maintained as a temporary patched delta in the
  meantime.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/2138609/+subscriptions

More information about the foundations-bugs mailing list