XPS 13 9370 Ubuntu full disk encryption

@jdrogers

Yes the application will behave differently based on the context it's running from (locally on hard disk or from USB disk).

Actually if you have copied it to the SSD recovery partition, if you recreate the recovery ISO it uses that content to build it.  So this problem that you guys are encountering that it's not picking a newer version will be automatically resolved by putting the deb into that directory on SSD.

@Christophe14 I looked through your logs that were sent via PM (Thanks) and the newer version of the package is not present.  

Nov 19 21:34:21 ubiquity: dell-bootstrap: version 1.60~somerville1

It's using 1.60~somerville1.  The newer version is 1.60 (which is bigger).  So you are definitely not testing with the fix.

I'm not sure why the newer version isn't being automatically included to the media for you; but that is certainly where the remaining failure is.

Here's a more manual way to do it.

0) Make sure you have the ISO image and deb file both handy.

1) Open up Gparted (install if it not installed).

2) Delete ALL partitions from USB disk.

3) Create a single new partition, format it as FAT32.

4) Close gparted.

5) If the partition didn't mount, unplug and plug back in USB disk.

6) Open up the ISO image in file-roller, and hit the "Extract" button and browse to extract it to your USB disk.

7) Manually create the directory "debs" and subdirectory "main" if they don't exit.

8) Manually copy the '.deb' file to that location.

Hi @dell-mario l,

Thanks for your feedback.

1. I am very surprised by the way you propose to create the new Dell Recovery USB key.
Meaning,the real Dell Recovery USB created is made of 2 partitions : one EFI and one FAT 32.
I have already tried in the past days to create an only FAT32 partition USB key from Dell Recovery ISO file and it didn't boot at all.

2. I will try the second method consisting of modifying the recovery partition.
Shall the .deb file be copied or installed (extracted) on the recovery partition ?

Thanks!

Actually the way I am proposing is how Ubuntu's USB media creator used to make USB keys.  It's new to 18.04 that it does them the way it works now with two partitions.

Two important things to keep in mind when making a FAT32 partitioned USB key:

1. You need to "extract" the ISO image.  Don't copy it.  You should see a directory "casper/" and another directory "efi/" in the root of your USB stick.

2. Make sure that you create a partition like I said with Gparted.  Windows likes to sometimes format the USB key without a partition table, which can lead to problems.

Just copy the deb file into that directory I indicated.

Hi @dell-mario l

I have got good news: it is working !
I have succeeded creating the new Dell Recovery USB key containing the fix by copying the deb file on the SSD recovery partition and asking again the creation of the Dell Recovery USB key.

Then, I was able to reinstall Dell-Ubuntu and create a pass-phrase "rrrrr" that is recognized at following boot.
If you don't have a QWERTY keyboard when defining the pass-phrase, you will probably encounter an issue when switching Ubuntu in your regional language.
So, my advice is to create a simple pass-phrase with characters compatible with QWERTY position, then change Ubuntu regional language. Boot from standard Ubuntu Live also configured in the regional language and change the pass-phrase from Disk application.
It worked for me.

Thanks for your support !

Kind regards

Hi @RAN_Feld,

I've just received an XPS 13 9370 including Ubuntu 18.04 and thanks to @dell-mario l and @Christophe14 messages on this thread I succeeded in formatting the whole disk with encryption (using an AZERTY keyboard).

Please follow this instructions at your own risk (I can't be responsible of any damage to your computer) and only if you understand exactly what you're doing.
Note that this will format your whole SSD disk and that you will lost the recovery partition (but you will keep its content on a USB drive).

1 - Download the dell-recovery_1.60_all.deb Github following this link: 

https://github.com/dell/dell-recovery/releases/download/1.60/dell-recovery_1.60_all.deb

2 - Mount the recovery partition of your embed SSD disk, for example using the following command: sudo mount /dev/nvme0n1p2 /mnt/

3 - Copy the downloaded file into the /debs/main folder of the mounted recovery partition: cp dell-recovery_1.60_all.deb /mnt/debs/main/

4 - Unmount the recovery SSD partition: umount /mnt/

5 - Create an ISO recovery image using the dell recovery tool

6 - Insert a blank USB flash memory and create a bootable recovery key using the ubuntu "Startup Disk Creator"

7 - Reboot your computer, press F12 and go to the BIOS setup

8 - Switch the boot option to legacy, save and restart

9 - Hit F12 key again to show the startup menu and select the USB key to boot

10 - At the beginning of the setup, tick the second choice allowing to resize the partitions

11 - Choose to format the whole disk and tick the options for LVM and encryption

12 - When asked for an encryption password, use a simple password that you can enter with both QUERTY or AZERTY keyboards like "eeee"

13 - Follow all the steps of the setup normally

14 - On first reboot, I had a bug with language selection (I couldn't choose other language than English, but don't worry it can be changed after). Configure your keyboard as AZERTY if needed.

15 - Once setup finished, restart, press F12, go to the BIOS setup and set boot option to UEFI.

16 - Boot to ubuntu, login and change the system default language if you need

17 - Change your SSD partition password to something more robust than "eeee" using the disk utility

18 - Keep the USB recovery key to a safe place

19 - Run sudo apt-get update && sudo apt-get upgrade to keep the system up to date.

I hope that theses instructions will help some others.
If needed, don't hesitate to ask for more information before doing anything.

Good day guys,
Bp

Just a minor comment;

Please do not switch to legacy boot mode.  You won't be able to receive automatic BIOS updates.

Stick to UEFI boot mode.

Hi, I followed the detailed step-by-step suggestion by @bpierre, with two changes: (1) Using the UEFI boot mode (which is the default) as suggested by @dell-mario l, and (2) ignoring the keyboard layout-related issues (since I have an QWERT keyboard). Below is the list of steps.

Result: Encryption worked (!), However, "Dell Linux Assistant" now aborts with an error, and "Dell Recovery" has different menus than prior to factory status. See below for copy-paste of the error message. @dell-mario l, could you or others kindly advise? I guess that I will not get Dell updates this way. Best would be to have the automatic dell notification as before. Alternatively, I could install a dell support tool, or check manually on a Dell support page for updates. Lastly, I don't mind of re-doing this process, with required changes to make it work.

Steps to enable disk-encryption:

1 - Download the dell-recovery_1.60_all.deb Github following this link: 

https://github.com/dell/dell-recovery/releases/download/1.60/dell-recovery_1.60_all.deb

2 - Mount the recovery partition of your embed SSD disk, for example using the following command: sudo mount /dev/nvme0n1p2 /mnt/

3 - Copy the downloaded file into the /debs/main folder of the mounted recovery partition: sudo cp dell-recovery_1.60_all.deb /mnt/debs/main/

4 - Unmount the recovery SSD partition: sudo umount /mnt/

5 - Create an ISO recovery image using the dell recovery tool

6 - Insert a blank USB flash memory and create a bootable recovery key using the ubuntu "Startup Disk Creator"

7 - Reboot your computer, press F12 to show the startup menu and select the USB key to boot in UEFI mode

8 - At the beginning of the setup, there should be two options: "Restore Entire HD" and "Restore Only Linux" choose the second (i.e 'only Linux').

9. Choose "Erase Disk and Install Ubuntu" and mark "Encrypt the new Ubuntu", this will auto-mark also the LVM option.

10 - When asked for an encryption password, pick any password, assuming you have a QWERT keyboard

11 - Keep the USB recovery key to a safe place

12 - Run sudo apt-get update && sudo apt-get upgrade to keep the system up to date.

Here are the partitions, after this process (by GParted):

/dev/nvme0n1p1 EFI, FAT32, /boot/efi, 512MB total, 7MB used

/dev/nvme0n1p2 EXT4, /boot, 732MB total, 257MB used

/dev/nvme0n1p3, [Encrypted], 475G total, 475G used

The error on "Dell Linux Assistant" is: "Exception: The name com.dell.SummerPalace" was not provided by any .service files."

For "Dell Recovery" there is only one option "Build OS Media". Before this process, in the factory default, there was also the option of creating an ISO. Clicking the "build OS media" leads to a request to provide a Base OS ISO.

Ok, an update:

In "Updates" under "Ubuntu Software" I see an update named "XPS 13 9370 System Update" from 0.1.5.1 to 0.1.6.3. Oddly, the description list a MS-Windows issue. Weird. I am not sure if this is the case also for factory-default setups. My  main issue is still the one at the message above, however.

Here is the description of this update:

"This stable release fixes the following issues:
• Fixed the incorrect Windows operating system logon message that is displayed on the lock screen of Windows.
• Fixed the issue where the characters fail to display on the screen while typing continuously.
• Enabled support for Intel Turbo Boost Technology on I3-8310U processors that was disabled by default.
• Optimized the battery diagnostics in Dell Enhanced Pre-boot System Assessment (ePSA)."

@RAN_Feld

The same BIOS image is provided to both Windows and Linux customers.  So yes, fixes that apply only to Windows will be included as well.

Regarding your error, I believe that Dell Linux Assistant may have an implicit dependency on a recovery partition (which isn't present when you choose your own partitioning layout).  You should be able to remove it using apt.

I'll let the team know about this error so they can improve that in the future.

APT repositories are still configured and you should still receive your updates.

Hi @dell-mario l,

I confirm @RAN_Feld findings regarding Dell Linux Assistant and Dell Recovery applications.

To all users,

Meanwhile, I will add an additional step on the how to proposed:

19 - Perform a CloneZilla image of the entire disk (before any update / new software installation)

Why ?
After having succesfully encrypted the disk, I have updated Ubuntu, installed Firefox, configured the BIOS in Secure Mode and performed a sudo apt-get autoremove command.

Result of these actions : I was no more able to boot (unfortunately, I haven't written down the error message).

So, I have restored the entire disk with CloneZilla tool. It was definitively faster than reinstalling everything (also considering the non QWERTY encryption passphrase issue).

Are you aware of any conflict with full disk encryption feature ?
Have you encountered any issue after encrypting the entire disk ?

Thanks !

This installation process using partition encryption is off the tested beating path, so finding some issues (such as the problem with keyboard layout) isn't too surprising.

I would need to see either the error message or the logs of what was changed from your updates to advise what's happening.  But my best guess is that running `apt auto-remove` removed something it shouldn't have.

Hi @dell-mario l,

I have made a new trial with command "sudo apt-get autoremove".

After the command execution, I have restarted XPS 13. There is no real error message when booting.
Here is what is displayed on the screen :

"BusyBox v1.27.2 (Ubuntu xxx) built-in shell (ash)
Enter 'help' for a list of built-in commands.

(initramfs)"

Any idea ?

Kind regards

Some package that was removed from auto-remove was actually necessary if that's what's happening after auto-remove.

Do you have an older kernel installed that you can boot into from GRUB menu perhaps?