Unsolved
42 Posts
2
29017
XPS 13 9370 Ubuntu full disk encryption
Hi,
I have just received a XPS 13 9370 Ubuntu and I have some questions.
I will post one thead per question.
First question:
During the Ubuntu 18.04 configuration installation, there was no full disk encryption (LUKS) option.
From what I have understood, this shall be done during Ubuntu configuration, otherwise it seems more complicated.
Did I miss something ? Has Dell removed this option in Ubuntu installation process ?
Shall I reinstall from a Dell Recovery Ubuntu USB key so that the option is proposed ?
Thanks in advance for your hints.
Kind regards
Dave137
1 Message
0
April 7th, 2019 15:00
Same here, I have a XPS 9380, I followed michaelzap's instructions, and it worked fine.
I was interested in trying out dell-recovery_1.61, for the feature of not requiring the "apt install" step -- but I see on github there is no prebuilt deb file for that version -- so I stuck to the original script.
lemonjello1
3 Posts
0
April 7th, 2019 17:00
1.61 had a typo, 1.62 is just 1.61 with that bug fixed. You should be able to use 1.62.
Lex_dell
2 Posts
0
April 8th, 2019 11:00
I managed to do this as well , but the gnome software center now shows a permanent progress indicator on the icon....
How do I remove this?
lemonjello1
3 Posts
0
April 8th, 2019 23:00
try
# apt -f install
Lex_dell
2 Posts
0
April 9th, 2019 13:00
Hi Lemonjello
It doesn't work unfortunately.
Anyone else suggestions? Perhaps reinstall software center somehow? Or use a different version than the 1.60 deb that I have used?
schmorpl
1 Message
0
August 15th, 2019 04:00
rolts
1 Message
0
September 27th, 2019 13:00
Same solution works for XPS 13 9380 too.
anomalroil
1 Message
0
October 18th, 2019 08:00
I was sad to discover the same problem impacted the XPS 13 7390.
I tried the workaround, using the 1.63 Dell-Recovery release that was published 4 days ago, but it didn't work: I ended up on a OEM installation version of Ubuntu, with no Wifi driver nor any Dell PPAs, and when I ran the script "Prepare for shipping to end user", it prompted me with the usual Ubuntu install prompt, I set it up, but ended up with a broken installation that was expecting some PPA to be cdroms, or files... (Altough it enabled FDE correctly, the rest just wasn't working.)
I will try with the 1.62, to see if it makes a differences.
coroa
1 Message
1
October 18th, 2019 14:00
Hi,
it's relatively annoying how many hoops one has to jump through to make it work. Here's the shortest path I was able to take on my Dell XPS 9380:
The steps have been extracted from:
https://www.dell.com/community/Linux-Developer-Systems/XPS-13-9370-Ubuntu-full-disk-encryption/m-p/6223948/highlight/true#M8812
and
https://www.dell.com/community/Linux-Developer-Systems/XPS-13-9370-Ubuntu-full-disk-encryption/m-p/7195610/highlight/true#M8892
Good luck,
Jonas
Godspell
3 Posts
0
November 7th, 2019 17:00
Wow...what a rollercoaster ride this whole thread has been. So good to see everybody (a lot of smart people) working together.
I've got a Dell XPS 13 9380 and I'm about to attempt this (I think FDE is a must in this day and age) however I'm puzzled about a few things and would like to check.
Thank you.
dell-mario l
34 Posts
0
November 8th, 2019 07:00
The way that FDE works in Ubuntu by default today is that you will be forced to enter the key every time. Ubuntu doesn't have integration with TPM2 right now. There are several efforts that exist to try to change this (Clevis, tpm2-initramfs-tools, maybe some others). But nothing stock. They all work on the same concepts and methods as manually entering the key though, the key is released from the TPM and then passed into luks to do the decryption. I think you can look into these after you've done your initial install.
Yes for now, 1.63 is targeted for focal.
Startup disk creator formats the USB key as ISO9660 and it will be read-only. You'll need it FAT32 to insert updated packages.
It should be, but if the adapter is Thunderbolt you might need to adjust BIOS settings.
Yes, it's the exact same install except that the recovery partition isn't created with FDE.
dell-mario l
34 Posts
0
November 8th, 2019 08:00
That's great to hear it worked out well enough for you.
Since this is still a pain point for a lot of people, I've got an idea that can probably be really useful. Would you mind documented your experience on a new wiki page at the Dell Recovery Github?
https://github.com/dell/dell-recovery/wiki
I think then anyone new to this who needs FDE can start there rather than parsing this long thread. Even when the newer dell-recovery gets included into the image, obviously these gotchas around needing to use characters in a US keyboard layout are relevant.
Godspell
3 Posts
0
November 8th, 2019 08:00
Thanks for a swift reply and for addressing all my concerns.
I'm pleased to say it's worked!
As opposed to manually extracting the ISO and injecting the Dell Recovery file to the USB, I copied it to the recovery partition instead (as shown in one of the previous replies) and then created a bootable USB from Dell software. That seems to have done the trick.
Couple things to note though;
The system would not boot into the USB nor would it show up on the boot options menu (F12) until I changed the Secure Boot to Thorough from Minimal.
I have a QWERTY UK keyboard and I set the initial encryption password to numbers..and it did not work. So, I had to do the installation again but set the password to 'eeee' and it worked. Then, I changed it to something more secure from GUI and it was all fine. For some reason, it didn't like the numbers.
Thanks also for the TPM info. I'll just use the pw to unlock the drive for now.
Amazing collaboration effort.
Godspell
3 Posts
0
November 16th, 2019 08:00
Yeah sure, would love to help but how would I do that? I don't think I can add a page on that wiki.
Sorry for a late reply btw, been away for some time.
Herrnleben
1 Message
0
April 12th, 2020 16:00
Has there been any update on this procedure of late? I would like to use FDE on an XPS 13 9300. Is the method of Coroa the latest, functional method and has it been tested on 9300?