Disk Encryption - linux-surface/linux-surface GitHub Wiki

Please note that most distros currently don't have an onscreen keyboard for the disk encryption dialog so you will need a physical keyboard for most distros. More information: https://github.com/linux-surface/linux-surface/issues/400 and https://github.com/linux-surface/linux-surface/issues/1001

Disk Encryption on Devices with Keyboard Connected via the Surface Aggregator Module

On devices where the keyboard is connected via the Surface Aggregator Module, i.e. the Surface Laptop 2, 3, and 4, the Surface Book 3, as well as the Surface Laptop Studio, you need to ensure that the required drivers are included in the initramfs/initrd.

To do this, you need to ensure that the following modules are included in the initramfs/initrd (e.g. by editing mkinitcpio.conf or alike depends on your used OS distribution):

  • surface_aggregator, surface_aggregator_registry, surface_aggregator_hub, surface_hid_core
  • 8250_dw (required for communication with the embedded controller)

Depending on your Surface model:

  • surface_hid (Surface Laptop 3/Surface Book 3 and later)
  • surface_kbd (Surface Laptop 1 and 2).

Depending on whether GPIO support was compiled into your kernel, you may also need to include the following module:

  • pinctrl_amd (only on the AMD models)
  • intel_lpss and intel_lpss_pci (only on the Intel models)
  • pinctrl_icelake for Ice Lake Intel CPUs (Surface Laptop 3/Surface Book 3)
  • pinctrl_tigerlake for Tiger Lake Intel CPUs (Surface Laptop 4/Surface Laptop Studio)

Example for adding keyboard drivers to Fedora 35 (run as root):

# this will create a file with parameters for adding modules to initramfs
# from this below, replace list of your modules inside below double-quoted text, and using space for separate each modules, and then finally prefixed with `add_drivers+=\042 ` and suffixed with `\042 `
echo "add_drivers+=\042 surface_hid_core surface_hid surface_aggregator_registry surface_aggregator \042 " > /etc/dracut.conf.d/surface.conf
# this rebuilds the initramfs for all kernel version
dracut --force --regenerate-all

Example for adding keyboard drivers to Debian (run as root):

# this will add required modules to initramfs-tools module list
# from this below, replace list of your modules inside below double-quoted text, and using `\n` for separate each modules
echo -e "8250_dw\nsurface_hid_core\nsurface_hid\nsurface_aggregator_registry\nsurface_aggregator_hub\nsurface_aggregator" >> /etc/initramfs-tools/modules
# this rebuilds the initramfs for all kernel version
update-initramfs -u -k all

It is important to remember that all manipulations to rebuild initramfs and add surface modules are done on a system booted from the linux-surface kernel.