FW16 7040 Firmware update 0.0.3.7 -> 0.0.4.2: TPM and passkey operations broken after update #137
Description
Device Information
System Model or SKU
Please select one of the following
- Framework Laptop 12 (13th Gen Intel® Core™)
- Framework Laptop 13 (11th Gen Intel® Core™)
- Framework Laptop 13 (12th Gen Intel® Core™)
- Framework Laptop 13 (13th Gen Intel® Core™)
- Framework Laptop 13 (AMD Ryzen™ 7040 Series)
- Framework Laptop 13 (AMD Ryzen™ AI 300 Series)
- Framework Laptop 13 (Intel® Core™ Ultra Series 1)
- Framework Laptop 16 (AMD Ryzen™ 7040 Series)
- Framework Laptop 16 (AMD Ryzen™ AI 300 Series)
- Framework Desktop (AMD Ryzen™ AI 300 PRO Series)
BIOS VERSION
Windows:
Open a command terminal as administrator:
wmic bios get SMBIOSBIOSVERSION
Linux:
Open a terminal and run the following command
sudo dmidecode --string bios-version
Was 04.02, now:
os-version
03.07
DIY Edition information
If you are experiencing an issue on a DIY system, Please also fill out the memory and storage devices you are using.
Memory: Manufacture and SKU
Storage: Manufacture and SKU
Port/Peripheral information
If you are experiencing an issue with a peripheral or an expansion card/port please fill out the following information:
- Peripheral vendor and name.
- Port the Peripheral was connected to. Please see the following for port numbering: Laptop 16 or Laptop 13
- Device or expansion card attached to the Adjacent port to the port that is having the issue.
- [ USB-C ]
- [ HDMI ]
- [ USB-A ]
- [ USB-C ]
The following are for Laptop 16 only.
5. [ Audio ]
6. [ USB-C ]
Standalone Operation
Are you running your mainboard as a standalone device. Is standalone mode enabled in the BIOS?
- Yes
- No
Describe the bug
After upgrading the BIOS firmware to 4.02, Ubuntu 24.04's hardware backed full disk encryption breaks.
I've done upgrades from 3.03 -> 3.05 -> 3.07 without issue, but I couldn't get it to boot without having to type my recovery key every time after upgrading to 4.02, even after changing the kernel or with systemd-crypt* or cryptsetup.
Reinstalling the system from scratch also failed every time (about six times, between different 24.04 versions) when trying to use FDE. The first boot would immediately ask for the recovery key (which you don't have at that point). This includes after loading the default BIOS settings multiple times.
After downgrading to 3.07, installing with hardware backed FDE started working again.
I also noticed that passkeys wouldn't work under 4.02. They work under 3.07.
Steps To Reproduce
Steps to reproduce the behavior:
- Install BIOS 4.0.2
- Install Ubuntu 24.04.x LTS and select hardware backed FDE
- First boot asks for recovery key which you can only get after the first boot.
Expected behavior
A clear and concise description of what you expected to happen.
Normally I would expect to be able to upgrade and reseal the TPM parameters after entering the recovery key once and switching the kernel. I would also expect to be able to install 24.04 with hardware backed FDE without issue (after clearing the TPM chip).
Screenshots
If applicable, add screenshots to help explain your problem.
Operating System (please complete the following information):
- OS/Distribution: Ubuntu desktop
- Version: 24.04 through 24.04.3
- Linux Kernel Version:
uname -a
Linux TFR-WORK 6.8.0-88-generic #89-Ubuntu SMP PREEMPT_DYNAMIC Sat Oct 11 01:02:46 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
Additional context
Sadly I cannot test it further as this is my work laptop and I need it to work. I understand if this is closed due to me not being able to provide any more logs.