Installing kubuntu 22.10 it's interesting that booting splash screen showed both motile and kubuntu logo. this must be a uefi thing as both uefi systems did it.
This laptop also runs windows so the disk layout has partitions for that. I'll leave those alone. historically, I could not install with the kubuntu installer since I use encrypted partitions and that would crash it. The latest version seems to be better but it still will not allow me to create and use encrypted partitions. If I create LUKS volumes before starting the install the installer does allow me to chooose them but only if I use lvm on the opened luks device. When I try to use the raw LUKS device the installer forces creating a partition on it--which is not what I want. It's already a partition on another device, so LVM it is. i suppose it's easier this way to manage the swap partition.
This time the installer shows me an error about having swap enabled in my environment and that it could expose my encryption keys. Interesting... disable swap (swapoff -a) and the message disappears.
i install with a separate /boot partition that is unencrypted. to recap:
boot kubuntu installer into TRY
manually partition drive
create luks device
open luks device
create lvm on luks device
add swap partition for suspend to disk that is slightly larger than RAM in system
start installer
set swap and /boot
install / on opened lvm device from luks partition
sudo su
swap=34G
dev=/dev/nvme0n1p5
guid=`cryptsetup luksUUID $dev`
cryptsetup luksFormat $dev
cryptsetup luksOpen $dev luks-$guid
pvcreate /dev/mapper/luks-$guid
vgcreate vg_kubuntu /dev/mapper/luks-$guid
lvcreate -n swap -L $swap vg_kubuntu
lvcreate -n lv_root -l 100%FREE vg_kubuntu
ubiquity
next I run the post install setup so that the encrypted root is handled properly in the boot process
mount /dev/mapper/vg_kubuntu-lv_root /target
mount -o bind /dev /target/dev
mount -o bind /sys /target/sys
mount -o bind /proc /target/proc
chroot /target
mount -a
dev=/dev/sda6
guid=`cryptsetup luksUUID $dev`
echo "luks-$guid UUID=$guid none luks" >> /etc/crypttab
update-initramfs -u -k all
after install i setup the boot process to use my smartcard for the decryption and I setup the smartcard for logins, sudo, etc
On this system, the installer detected secure boot and asked for a passphrase on the first install. I enter it but not sure if this is all working.
on the second install the secure boot options were not there. I did not enroll the MOK from the first time so not sure what this means.