Which Linux distro are you using?: Kbuntu
Which release version? 25.10
Which kernel are you using? (Default?)
Which BIOS version are you using? LFKN6.03.03
Which Framework Laptop 16 model are you using? AMD Ryzen™ AI 300 Series
+++
I’m looking to install Kbuntu (or Ubuntu, if needed) using hardware / TPM based Full Disk Encryption. Is this supported on the AI 300 series at this time? Looking in the Ubuntu installer, the option is grayed out - I wanted to be sure I wasn’t missing an option to enable it somehow.
Thank you for the help!
Ubuntu had a topic tracking TPM/FDE progress for Ubuntu 25.10, but it’s rolled forward to the upcoming 26.04 with outstanding questions about getting it to work at all on AMD platforms.
‘Supported’ is a term that has as many interpretations as people asking for support. I don’t know what your expectation is, and I’m replying as a customer trying to be helpful given this is a forum of mostly customers of Framework helping each other. You might be asking ‘is the hardware capable at all?’ or ‘is there software that can make the hardware do this?’ or ‘how do I set this up to get the hardware to do this?’ or ‘this isn’t working and I want someone here to fix it for me.’
Ubuntu also have a survey with a tool to test your hardware for compatibility, too. One reply in the thread lists a response from the survey tool on a Framework laptop that shows Ubuntu thinks the hardware is not capable – so raise the question with Ubuntu, ‘why doesn’t TPM-based FDE work with my hardware?’
I think the hardware is capable, Windows uses it and I see evidence that Linux could use the TPM. For my FW 13 AMD with Ryzen 7840U that’s testing Debian 14 Forky, I believe it’s possible because I see requests for hardware attestation in journalctl. I’m not set up with a a signed Kernel+Initial RAMdisk known as ‘unified kernel image’ (UKI) that systemd will use to attest integrity and unlock the FDE at startup.
I tried their support tool on my FW13 AMD and …
sudo /snap/bin/test-ubuntu-tpmfde-compat /var/lib/snapd/hostfs/boot/efi/EFI/debian/shimx64.efi /var/lib/snapd/hostfs/boot/efi/EFI/debian/grubx64.efi /var/lib/snapd/hostfs/boot/vmlinuz
Testing this platform for compatibility with EFI based TPM protected FDE
This platform is not suitable for FDE because of the following problem:
error with secure boot policy (PCR7) measurements: generating secure boot profiles for systems with timestamp revocation (dbt) support is currently not supported
1 Like
Thank you for the reply - that gives the insight I needed. As someone setting up their first Linux desktop environment (and first Framework device), there’s multiple aspects to this that I am learning about “the hard way” - you helped me narrow them down.
I originally went with Kbuntu because Ubuntu is officially supported by Framework, but if you’re mentioning Debian is an option, I can try that as well. (I’ll check to see if KDE is an option over Gnome… if not, I can wait for Kbuntu 26.4 to come out.)