TPM Support for Snappy Core

My team is looking to possibly transition to Snappy Core. We particularly like the ability of kernel rollbacks, which is why we would prefer it over an Ubuntu install with snapd. However, it is important to us (and our clients) that our application snap, along with its configuration and any data it generates, are encrypted on the device.

Our preference would be full disk encryption (we have a TPM2.0 on our device), but would also accept having our snap and its data be stored and executed from an encrypted partition.

Is there any solution (commercial or otherwise) to this problem?

Thanks!

1 Like

We intend to support secure boots which chain-load the operating system based on hardware devices such as a TPM. We don’t have that working today, but would be happy to see this work moving forward, commercially or otherwise.

Heck, I’d like to see this better-supported on classic Ubuntu, too :stuck_out_tongue:.