0

hope you're all well!

I have a Lenovo Thinkpad E15 Gen4 with 2 SSDs (let's name them Primary and Secondary). On Primary I have a Windows 11 that came preinstalled with the laptop, the Secondary was bought and installed recently.

The Ubuntu 24.04 install went smooth, I made a custom install on Secondary with my own partitioning scheme, i.e. root, home and swap. I selected Second to contain the bootloader (grub2) which lead to the creation of an EFI System Partition. I ended up with the following partitioning scheme:

Disklabel type: gpt
Disk identifier: 896C08E8-3159-497F-8563-09DF9DD97353

Device             Start       End   Sectors   Size Type
/dev/nvme0n1p1      2048  39065599  39063552  18.6G Linux filesystem
/dev/nvme0n1p2  39065600  41267199   2201600     1G EFI System
/dev/nvme0n1p3  41267200 431892479 390625280 186.3G Linux filesystem
/dev/nvme0n1p4 431892480 463142911  31250432  14.9G Linux swap

After rebooting I had to provide the Bitlocker recovery key which seemed odd. After that Windows boots just fine, didn't have to do that more than once. However, Ubuntu doesn't boot at all with the only message I got being a quick "Reset System" after which the laptop reboots. If I disable TPM (in Lenovo named "Security Chip"), Ubuntu boots normally but, as could be expected, I have to provide the recovery key when booting Windows (since bitlocker can't obtain it from the security chip).

What didn't work:

  1. Fiddling with the PCR 4 Group Policy on Windows: https://superuser.com/questions/1278841/bitlocker-asking-for-protection-code-after-ubuntu-installation

  2. Changing the boot priority in UEFI and/or selecting Secondary from Boot Menu

  3. Disabling BitLocker

  4. Physically removing the SSD with windows on it

  5. Wiping TPM keys in UEFI

From what I understand the system restarts before grub is loaded, which makes debugging it pretty hard.

I found lots of info and possible "solutions", like disabling BitLocker altogether, disabling TPM or installing Ubuntu with Bitlocker disabled (why?), but they didn't really convince me. Ubuntu should work just fine with Secure Boot and TPM enabled, epecially since it's residing on a different SSD than Windows.

Now to my questions:

  1. What might prevent grub from loading? Can I somehow debug this?
  2. Why does disabling TPM make Ubuntu boot? I thought TPM is just a sophisticated encryption key storage...
hymx
  • 101

0 Answers0