6

My Ubuntu 17.10 is showing a TPM Update (1.2, 5.81.0.0 -> 5.81.2.1) for a couple of weeks or months now but when I restart the machine it's unable to execute the firmware update successfully.

Error:

This TPM is Owned. Please clear the TPM Owner. This update is not for this system.

Improve this question
1
  • 4
    Yes, if the TPM is potentially holding key material, it cannot be updated, because the update could include code to read the key material. That's not a bug, but a feature.
    – Simon Richter
    Commented Feb 21, 2018 at 12:59

1 Answer 1

Reset to default
9

Attention: If you encrypt your disk with TPM the following steps will clear the encryption keys and you'll lose your data (thanks @Simon Richter)! I encrypt my disk with Ubuntu's encrypted home & encrypted LVM and did not lose any data.

I was able to solve this issue by:

  • Reboot the machine and enter the BIOS (usually by hitting the F2 or esc or del key depending on your motherboard)

  • Go to SecurityTPM 1.2 Security

  • Enable the Clear checkbox to clear the TPM information

  • Save & exit the BIOS

  • Install the TPM update again, after rebooting the update should succeed

Improve this answer
2
  • 7
    Caveat: if you used the TPM for encrypting your harddisk, this will also clear the encryption keys and you will lose all your data.
    – Simon Richter
    Commented Feb 21, 2018 at 12:58
  • 1
    Ubuntu's disk encryption stores the key material on the harddisk, encrypted with a key generated from the passphrase, so the TPM is not used. The downside is that security rests on the length of the passphrase.
    – Simon Richter
    Commented Feb 21, 2018 at 15:12

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .