Booting from an Encrypted Drive (Linux) with lid closed and Thunderbolt Dock, 2026 edition

Device:
System: AMD Ryzen™ AI 300 Series - Ryzen™ AI 9 HX 370
Expansion Bay Module: Graphics Module (AMD Radeon™ RX 7700S) (2nd Gen)

OS: Unbuntu 25.10 with KDE Plasma

I searched on this, and found multiple older threads about this, but no solution for the AMD setup at the time of the posts - I am hoping this has changed, and this will help other people looking for a solution.

My home setup has a Pluggable Thunderbolt 3 dock, with two HDMI connections. With my Mac, when I plug it into the dock while the lid is closed, the Mac wakes up, and the File Vault / Boot Password screen displays on the external monitors, letting me authenticate and the boot process to continue.

On my Framework, when I connect the dock to the laptop, it should power on and boot automatically, but I am finding that I need to open the lid, at which point it will begin booting and let me authenticate on the main screen before initializing the external monitors after KDE has loaded.

Is there a way to have the boot process display on the external monitors when I plug the laptop in, so that I don’t need to open the laptop, authenticate, then close it back up again?

Thank you for any guidance you can provide!

I don’t believe you can do this on AMD laptops. The part of the BIOS involved in selecting the display to use is a AMD protected blob (AGESA) that FW cannot change, even if they wished.
The AMD team who work on AGESA don’t even have a bug tracker that you can raise feature request on for AGESA features. They are completely disconnected from any user wishes.

This will improve once coreboot/opensil arrives. opensil replaces AGESA, allowing people to then write their own BIOS graphics drivers, so then able to implement multiple displays while in the BIOS.
The rules the AMD AGESA BIOS follows currently is:

1. If the eDP laptop screen is connected, use that one and no other screens for BIOS/BOOT.
2. If the eDP laptop screen cable is disconnected, try an external display for BIOS/BOOT.

It should be noted, that Intel BIOS is different, they default to display on all connected screens for the BIOS.

Wow, what an utterly terrible setup. That fact that they seem to be pursuing coreboot/opensil is the only saving grace. But nothing can excuse it.

What you can do however, is instruct the thunderbolt to not reset the USB when taking over. This gives you the possibility to actually enter the password for decrypting the drives.
Had the same issue. Don’t have all the details anymore, but, I made sure the initramfs tools modules are loaded:
@jupiter:/etc/initramfs-tools$ cat /etc/initramfs-tools/modules
xhci_pci
xhci_hcd
usbhid
hid_generic
thunderbolt

And for the grub, I told to not reset the USB bus:

@jupiter:/etc/default$ grep GRUB_CMDLINE_LINUX_DEFAULT /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT=“plymouth.enable=0 rd.plymouth=0 thunderbolt.host_reset=false”

update the grub file and the init images, and you re done.
Check the internet for details, I did that too long ago.
And, for the power on automatically, on the dell dock you need to configure in the FW16 BIOS to start on AC on.