UC20: enabling Secure Boot + FDE on Raspberry PI4

find . -print0 | cpio --null --create --quiet --format=newc --owner=0:0 | lz4 -9 -l > …/kernel-snap/initrd.img

for this i always get permission denied to access initrd.img even if i use sudo

Try with sudo sh -c '<full command>'. Anyway, if you need root permissions is probably because you used sudo while running unsquashfs/unmkinitramfs, that you don’t need, I think.

Hi @fguerzoni, I am also working on this and I managed to ADD tpm_tis_spi to initrd and compile the kernel snap with fde hooks

During the initial boot, it displayed and the process hangs:

  secboot_tpm.go:77: checking if secure boot is enabled…
  secboot_tpm.go:79: secure boot not enabled: not a supported EFI system
  taskrunner.go:271: [change 2 "Setup system for run mode" task] failed: cannot encrypt device storage as mandated by model grade secured: not a supported EFI system

Did you manage to solve this issue?