XPS 13 9370 Ubuntu full disk encryption

Same here, I have a XPS 9380, I followed michaelzap's instructions, and it worked fine.

I was interested in trying out dell-recovery_1.61, for the feature of not requiring the "apt install" step -- but I see on github there is no prebuilt deb file for that version --  so I stuck to the original script.

I managed to do this as well , but the gnome software center now shows a permanent progress indicator on the icon....

How do I remove this?

try

# apt -f install

Hi Lemonjello

It doesn't work unfortunately.

Anyone else suggestions? Perhaps reinstall software center somehow? Or use a different version than the 1.60 deb that I have used?

Same solution works for XPS 13 9380 too.

I was sad to discover the same problem impacted the XPS 13 7390.

I tried the workaround, using the 1.63 Dell-Recovery release that was published 4 days ago, but it didn't work: I ended up on a OEM installation version of Ubuntu, with no Wifi driver nor any Dell PPAs, and when I ran the script "Prepare for shipping to end user", it prompted me with the usual Ubuntu install prompt, I set it up, but ended up with a broken installation that was expecting some PPA to be cdroms, or files... (Altough it enabled FDE correctly, the rest just wasn't working.)

I will try with the 1.62, to see if it makes a differences.

Hi,

it's relatively annoying how many hoops one has to jump through to make it work. Here's the shortest path I was able to take on my Dell XPS 9380:

1. Get recovery image from Dell's support pages for your machine
2. Take an usb stick (>=4GB, which can be wiped) and create a new msdos type partition table with a single vfat partition (i used gparted) and flag the partition as bootable
3. Mount the new partition on the usb stick and extract (sic!) the recovery image into it, ie. (mount /dev/sdb1 /mnt; cd /mnt; sudo 7z x ~/Downloads/Dell_XPS_9380_....iso)
4. Get dell_recovery_1.62_all.deb from the dell-recovery releases github page. (Version 1.63 does not work, since it depends on python of at least version 3.7 which is not available in bionic, causing the entire installation to fail!!) and copy it into the debs/main directory on the pendrive.
5. Reboot and press F12 during the boot sequence, where your pendrive should now be listed in the EFI drive options to launch directly into the Ubuntu installation.
6. At the beginning of the setup, there should be two options: "Restore Entire HD" and "Restore Only Linux" choose the second ("Restore Only Linux").
7. Choose "Erase Disk and Install Ubuntu" and mark "Encrypt the new Ubuntu", this will auto-mark also the LVM option.
8. When asked for an encryption password, pick any password (some users with non-QWERTY keyboards have reported issues, so watch out for this!).

The steps have been extracted from:

https://www.dell.com/community/Linux-Developer-Systems/XPS-13-9370-Ubuntu-full-disk-encryption/m-p/6223948/highlight/true#M8812

and

https://www.dell.com/community/Linux-Developer-Systems/XPS-13-9370-Ubuntu-full-disk-encryption/m-p/7195610/highlight/true#M8892

Good luck,

Jonas

Wow...what a rollercoaster ride this whole thread has been. So good to see everybody (a lot of smart people) working together.

I've got a Dell XPS 13 9380 and I'm about to attempt this (I think FDE is a must in this day and age) however I'm puzzled about a few things and would like to check.

• Does the TPM come into this equation at all? I mean this thing has TPM 2 so it should be used to save the encryption key, right? So that you won't have to enter it on boot every time.
• Should I still go with Dell Recovery v1.62?
• Can I not use the startup disk creator as opposed to the manual way you've done?
• Will the USB still be detected if plugged in through USB C - USB 3 adapter?
• Will the Dell software and updates work as smoothly as they do now (in a vanilla setup) afterward?

Thank you.

• Does the TPM come into this equation at all? I mean this thing has TPM 2 so it should be used to save the encryption key, right? So that you won't have to enter it on boot every time.

The way that FDE works in Ubuntu by default today is that you will be forced to enter the key every time.  Ubuntu doesn't have integration with TPM2 right now.  There are several efforts that exist to try to change this (Clevis, tpm2-initramfs-tools, maybe some others).  But nothing stock.  They all work on the same concepts and methods as manually entering the key though, the key is released from the TPM and then passed into luks to do the decryption.  I think you can look into these after you've done your initial install.

• Should I still go with Dell Recovery v1.62?

Yes for now, 1.63 is targeted for focal.

• Can I not use the startup disk creator as opposed to the manual way you've done?

Startup disk creator formats the USB key as ISO9660 and it will be read-only.  You'll need it FAT32 to insert updated packages.

• Will the USB still be detected if plugged in through USB C - USB 3 adapter?

It should be, but if the adapter is Thunderbolt you might need to adjust BIOS settings.

• Will the Dell software and updates work as smoothly as they do now (in a vanilla setup) afterward?

Yes, it's the exact same install except that the recovery partition isn't created with FDE.

That's great to hear it worked out well enough for you.

Since this is still a pain point for a lot of people, I've got an idea that can probably be really useful.  Would you mind documented your experience on a new wiki page at the Dell Recovery Github?

https://github.com/dell/dell-recovery/wiki

I think then anyone new to this who needs FDE can start there rather than parsing this long thread.  Even when the newer dell-recovery gets included into the image, obviously these gotchas around needing to use characters in a US keyboard layout are relevant.

Thanks for a swift reply and for addressing all my concerns.

I'm pleased to say it's worked!

As opposed to manually extracting the ISO and injecting the Dell Recovery file to the USB, I copied it to the recovery partition instead (as shown in one of the previous replies) and then created a bootable USB from Dell software. That seems to have done the trick.

Couple things to note though;

The system would not boot into the USB nor would it show up on the boot options menu (F12) until I changed the Secure Boot to Thorough from Minimal.

I have a QWERTY UK keyboard and I set the initial encryption password to numbers..and it did not work. So, I had to do the installation again but set the password to 'eeee' and it worked. Then, I changed it to something more secure from GUI and it was all fine. For some reason, it didn't like the numbers.

Thanks also for the TPM info. I'll just use the pw to unlock the drive for now.

Amazing collaboration effort.

Yeah sure, would love to help but how would I do that? I don't think I can add a page on that wiki.

Sorry for a late reply btw, been away for some time.

Has there been any update on this procedure of late? I would like to use FDE on an XPS 13 9300. Is the method of Coroa the latest, functional method and has it been tested on 9300?