I ordered a system76 meerkat with Pop!OS but on first boot I must have mistyped the encryption password (twice) because I can't get the decrypt to work on boot.
so im trying to install kubuntu 22.10 which is my regular distro anyway. It's interesting that booting splash screen showed both system76 and kubuntu logo even though I'm using the stock Kubuntu download on a usb stick.
After booting the install system I think it cannot see the hard disk but it turns out that we dont' use sdX anymore--which makes sense as SCSI disks have long since fallen out of fashion. Now I have /dev/nvme0n1.
The meerkat disk layout has a uefi partition and a fat32 recovery partition. I'll leave those alone. The rest of the 1T drive is all one giant partition. This seems unnecessary. I delete it. historically, I could not install with the kubuntu installer since I use encrypted partitions and that crashes it. This has been happening for years. This time the installer shows me an error about having swap enabled in my environment and that it could expose my encryption keys. Interesting... disable swap (swapoff -a) and the message disappears.
Though it does not crash, it still will not allow me to create and use encrypted partitions. If I create LUKS volumes before starting the install the installer does allow me to chooose them but only if I use lvm on the opened luks device. When I try to use the raw LUKS device the installer forces creating a partition on it--which is not what I want. It's already a partition on another device, so LVM it is.
i install with a separate /boot partition that is unencrypted. to recap:
boot kubuntu installer into TRY
manually partition drive
create luks device
open luks device
create lvm on luks device
add swap partition for suspend to disk that is slightly larger than RAM in system
start installer
set swap and /boot
install / on opened lvm device from luks partition
sudo su
swap=34G
dev=/dev/nvme0n1p5
guid=`blkid -s UUID -o value $dev`
cryptsetup luksFormat $dev
cryptsetup luksOpen $dev luks-$guid
pvcreate /dev/mapper/luks-$guid
vgcreate vg_kubuntu /dev/mapper/luks-$guid
lvcreate -n swap -L $swap vg_kubuntu
lvcreate -n lv_root -l 100%FREE vg_kubuntu
ubiquity
next I run the post install setup so that the encrypted root is handled properly in the boot process
mount /dev/mapper/vg_kubuntu-lv_root /target
mount -o bind /dev /target/dev
mount -o bind /sys /target/sys
mount -o bind /proc /target/proc
chroot /target
mount -a
dev=/dev/nvme0n1p5
guid=`blkid -s UUID -o value $dev`
echo "luks-$guid UUID=$guid none luks" >> /etc/crypttab
update-initramfs -u -k all
after install i setup the boot process to use my smartcard for the decryption and I setup the smartcard for logins, sudo, etc
Turned on secure boot in the bios and did not have to enroll any keys. suspect it is not working but silently failing.... I enrolled keys on a different system. Still need to try that with this one.
I fight kwallet every install. it gets the password from my local account and when the account password changes kwallet starts prompting for the old password. so annoying. The latest wallet manager allows me to set the password for it to empty which works for me because my system is encrypted already and I'm the only user on my system. I can now store passwords in the wallet without having to manage a password for the wallet. In reality I never use the wallet but the desktop stores some things there such as the wireless network password.
The first day i used the meerkat for work it died in the middle of the day. I restarted and grub refuses to find the kernel. I have tried to 'rescue' multiple times with the installer but it will not boot. normally I boot the Try installer live environment and then mount everything manually. chroot into the environment and run update-initramfs but multiple attempts are still failing.
dev=/dev/nvme0n1p5
mkdir /target
guid=`blkid -s UUID -o value $dev`
cryptsetup luksOpen $dev luks-$guid
mount /dev/mapper/vg_kubuntu-lv_root /target
mount -o bind /proc /target/proc
mount -o bind /dev /target/dev
mount -o bind /sys /target/sys
chroot /target
mount -a
update-initramfs -u -k all
update-grub
umount -a
umount /boot
exit
umount /target/proc
umount /target/dev
umount /target/sys
umount /target
cryptsetup luksClose /dev/mapper/luks-$guid
I wonder if i shut down in the middle of some updates. Don't know why it broke and wont fix... I will have to re-install i think.
I could not get the system to work so I reinstalled without formatting the disks. This will not keep everything but some settings remain.
I ran into the out of memory error again but this time the system boots. I found a bug and implemented the GRUB_GFXMODE suggestion.
echo "GRUB_GFXMODE=1280x1024" >> /etc/default/grub
update-grub
Now the error is gone but I dont know what caused the system to wig out from before and in that case it did not boot after the out of memory error. I got kernel panics and missing file errors. This happened after I tested secure boot which will change the boot process in some cases. I'll try again before getting too far into the setup this time.
[update] A few days later and the system seems fine--even with secure boot turned on--though probably not fully setup.