6

My Ubuntu 17.10 is showing a TPM Update (1.2, 5.81.0.0 -> 5.81.2.1) for a couple of weeks or months now but when I restart the machine it's unable to execute the firmware update successfully.

Error:

This TPM is Owned. Please clear the TPM Owner. This update is not for this system.

Braiam
  • 4,709
  • 3
  • 26
  • 57
hb0
  • 251
  • 1
  • 7
  • 4
    Yes, if the TPM is potentially holding key material, it cannot be updated, because the update could include code to read the key material. That's not a bug, but a feature. – Simon Richter Feb 21 '18 at 12:59

1 Answers1

9

Attention: If you encrypt your disk with TPM the following steps will clear the encryption keys and you'll lose your data (thanks @Simon Richter)! I encrypt my disk with Ubuntu's encrypted home & encrypted LVM and did not lose any data.

I was able to solve this issue by:

  • Reboot the machine and enter the BIOS (usually by hitting the F2 or esc or del key depending on your motherboard)

  • Go to SecurityTPM 1.2 Security

  • Enable the Clear checkbox to clear the TPM information

  • Save & exit the BIOS

  • Install the TPM update again, after rebooting the update should succeed

bertieb
  • 7,344
  • 36
  • 42
  • 54
hb0
  • 251
  • 1
  • 7
  • 7
    Caveat: if you used the TPM for encrypting your harddisk, this will also clear the encryption keys and you will lose all your data. – Simon Richter Feb 21 '18 at 12:58
  • 1
    Ubuntu's disk encryption stores the key material on the harddisk, encrypted with a key generated from the passphrase, so the TPM is not used. The downside is that security rests on the length of the passphrase. – Simon Richter Feb 21 '18 at 15:12