Dear Snapd Community,
We’re pleased to share that Snapd 2.72 snap is available for testing in the beta channel.
Highlights
- Enable the gpio-chardev interface now with the more robust gpio-aggregator configfs kernel interface (LP: #1916244)
- FDE enhancements and additions: add generic reseal function and correct sealing with kernel command line defaults, support replacing TPM protected keys at runtime, secboot preinstall check fix actions and using OPTEE (Ubunbu Core & arm) for protecting keys, as an alternative to existing fde-setup hooks.
Notable updates
- snap-confine: fix non-suid limitation by switching to root:root to operate v1 freezer
- Fix preseeding failure due to scan-disk issue on RPi
- Snap installation: skip snap icon download when running in a cloud or using a proxy store (LP: #2122054)
- snap-confine: fix error message with /root/snap not accessible (LP: #2117558)
- Interfaces: do not expose Kerberos tickets for classic snaps (LP: #2121238)
- Cleanly support socket activation for classic snap (LP: #2117121)
- Improve progress reporting for snap install/refresh (LP: #2112626)
- Extend output to indicate when snap data snapshot was created during remove (LP: #2114704)
For the release plan and complete list of changes, please refer to the full release notes.
More about GPIO Chardev
This release supports the kernel GPIO character device API with specific GPIO lines mediation through the new gpio-chardev interface which offers more fine-grained control over the gpio-control interface that allowed unrestricted access to all GPIO chips when needed.
For historical context: traditionally Snapd supported mediation of the sysfs interface for GPIO access. This sysfs kernel interface is considered legacy by upstream kernel developers (and will be removed from UC26+ kernels) and it has been replaced by a new character device API, commonly referred to as gpiod.
The new kernel GPIO APIs are typically consumed through the libgpiod library (C or various bindings) or a set of command line utilities provided by said library.
For more information on how to use the new interface (and migration from the older gpio interface), please check the official documentation for the gpio-chardev interface: https://forum.snapcraft.io/t/the-gpio-chardev-interface/46411.
More about our FDE journey
The previous release, 2.71, concluded the Snapd contribution to TPM FDE for the 25.10 install image.
Progression through the 25.10 cycle up to 2.71:
- 2.68.* - introduced a new key format, added support for passphrases during installation, and included various fixes.
- 2:70 - set roles in TPM keys and fixed resealing with the v1 hook key format.
- 2.71 - added recovery key auto-repair, delivered many additional APIs needed to support installation and use of TPM-backed FDE on hybrid Ubuntu 25.10, and included further fixes.
As part of this work, secboot has been improved to more extensively check whether the platform can support secure boot, which is used by one of the new Snapd APIs introduced in 2.71 and used by the installer to determine TPM FDE availability during hybrid Ubuntu installation.
This release, along with releases 2.73 and 2.74 planned for next cycle, will extend and refine the TPM FDE hybrid Ubuntu installation and overall user experience for the Ubuntu 26.04 LTS release.
A lot of care goes into continually ensuring compatibility with Ubuntu Core, previous versions of Snapd and targeted hardware. Each release must pass extensive testing, including test suites for certified hardware. In addition to our own rigorous testing, we strongly advise all users to also thoroughly test all their hardware variations and inform us of potential issues or concerns as soon as possible.
For a broader overview on TPM backed FDE for hybrid Ubuntu 25.10, see: TPM/FDE progress for Ubuntu 25.10
Test Feedback
Feel free to provide your test feedback here or directly in Launchpad. To help fast track investigations please provide (1) details about the system, (2) Snapd version(s) and (3) steps to reproduce the issue.
Next release
The next release Snapd 2.73 is estimated to start on 10 November and be available by 19 December.
We greatly appreciate your contributions and support!