Skip to content

Expensify/Workstation-Bootstrap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
README.md
README.md
 
 
bootstrap.sh
bootstrap.sh
 
 

Repository files navigation

Workstation-Bootstrap

Apple macOS Workstations

TODO: Detailed instructions

  1. Start the Expensify Bootstrap script:
bash <(curl -s https://raw.githubusercontent.com/Expensify/Workstation-Bootstrap/refs/heads/main/bootstrap.sh)

Linux Workstations

Caution

Linux Workstation are still a beta environment. You're expected to be able to conduct your own debugging and research to resolve any issues you experience.

Follow these steps to install Ubuntu on your shiny new workstation. We currently support:

  • Ubuntu 24.04

These instructions were written based on a Thinkpad P1 Gen 7 (with Intel CPU).

Note: Since we require full-disk encryption using the hardware TPM, you must erase any existing TPM Keys before you install Ubuntu, otherwise the installation will fail.

Installation Steps

  1. Turn your computer on and enter the UEFI menu (F1 on Thinkpads)
    1. Erase the TPM. On Thinkpads, this is under the Security menu, then Security Chip -> Clear Security Chip
    2. On Thinkpads, you also need to disable User Presence Sensing under the Intelligent Security menu.
    3. Lastly, Enable Allow Microsoft 3rd Party UEFI CA under Secure Boot
    4. Save changes
  2. Insert your bootable installation USB key and reboot
    • Use F12 to trigger the one-time boot menu to select your boot media.
  3. Follow the installation steps presented, subject to the following notes:
    1. Join a network when asked (either WiFi or Wired)
    2. Update the installer if a newer one is available - start the install again manually after it updates.
    3. Select "Interactive Installation", and "Default selection" of apps
    4. Do NOT select Install third-party software" or "Download and install support for additional media formats"
    5. Click "Advanced features..." when prompted for "How do you want to install Ubuntu?"
    6. Select the "Enable hardware-backed full disk encryption"
    7. Continue the installation process until complete.
  4. Reboot into your fresh Ubuntu installation.
    • Note: You may get prompted on first boot for your encryption recovery key. Just wait, it will pass.
    • Do not enroll in Ubuntu Pro when prompted.
  5. Start a terminal and retrieve a copy of the encryption recovery keys: sudo snap recovery --show-keys. Save that key somewhere safe (eg, your password manager).
  6. Do a full system update by opening the Gnome menu -> Software Updater. Reboot. Repeat until there are no further updates available.
  7. Install anything you might need to complete bootstrapping (eg, personal password manager etc)
  8. Lastly, start the Expensify Bootstrap script:
bash <(curl -s https://raw.githubusercontent.com/Expensify/Workstation-Bootstrap/refs/heads/main/bootstrap.sh)

Troubleshooting - Linux

No Audio with Intel Corporation Meteor Lake-P HD Audio Controller

As at June 2025, Ubuntu 24.04 uses a snapd version of the kernel to support Full Disk Encryption using the TPM. Unfortunately, this means that the firmware-sof-signed package required to make the Intel Corporation Meteor Lake-P HD Audio Controller in the Thinkpad P1 Gen 7 work cannot be installed.

Refer: https://discourse.ubuntu.com/t/no-audio-device-detected-on-hp-elitebook-840-14-g11-running-ubuntu-24-04/51498

Workaround: Install using disk encryption with a passphrase (NOT "Hardware backed")

About

Initial bootstrapping script for employee workstations.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

30 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages