You are not logged in.
A little bit of preface before continuing to my problem: I have done a clean install of Arch using archinstall. I have two NVME M.2 SSD drives, which I've chosen to be formatted to BTRFS using the "Wipe everything etc." option, and use systemd-boot as boot loader. The disks are formatted in the GPT-scheme and I use UEFI (Secure Boot), so I've installed and signed keys using sbctl.
After everything is formatted and I get into the OS, I install several packages. Among these, are the ones worth mentioning:
AppArmor
Dracut
Snapper
snap-pac (AUR)
plymouth-git (AUR)
dracut-hook-uefi (AUR)
sddm-git (AUR) - due to using Wayland
Following the instructions on these packages from the official wiki is where, I think, I might be doing something wrong... below are the steps I've taken:
1. Dracut
sudo dracut --hostonly --no-hostonly-cmdline /boot/initramfs-linux.img
# Created files /usr/local/bin/dracut-install.sh and /usr/local/bin/dracut-remove.sh
# chmod the files above
# Created /etc/pacman.d/hooks/90-dracut-install.hook and /etc/pacman.d/hooks/60-dracut-remove.hook
# Stopped mkinitcpio
sudo ln -sf /dev/null /etc/pacman.d/hooks/90-mkinitcpio-install.hook
sudo ln -sf /dev/null /etc/pacman.d/hooks/60-mkinitcpio-remove.hook2. AppArmor
# Edited /boot/loader/entries/<date>_linux.conf and added
lsm=landlock,lockdown,yama,integrity,apparmor,bpf3. Plymouth
sudo systemctl disable sddm.service
sudo systemctl enable sddm-plymouth.service
# Edited /boot/loader/entries/<date>_linux.conf and added
quiet splash vt.global_cursor_default=0
# Regenerated initramfs
sudo dracut -f --uefi --regenerate-all3. Snapper
sudo snapper -c root create-config /
sudo snapper -c home create-config /home
sudo systemctl edit snapper-timeline.timer
# set parameter to daily or hourly
OnCalendar=hourly
sudo systemctl edit snapper-cleanup.timer
# set parameter to daily or hourly
OnUnitActiveSec=1h
sudo systemctl enable snapper-boot.timerAfter reboot, I get two extra entries in the boot loader (can't recall specific name, but it's something along Arch (rolling) - some numbers -); selecting either one of the two new ones, will yield a red message which says
Error loading \EFI\Linux\linux-6.0.8-arch-1-3affe82db72e4869ad8fff6100d0ad73-rolling.efi: Access Deniedand I get kicked out back to the boot menu. If I then choose either of the regular ones (Arch or Arch-LTS), the system boots normally.
So I guess my question is: how do I set up Snapper + Secure Boot + Dracut + AppArmor properly? I'd like for the kernels to be rebuilt (properly) automatically by Dracut whenever there's a kernel update.
- Many thanks
Last edited by telometto (2022-11-13 10:48:03)
"Concern should drive us to action and not into depression."
-- Pythagoras
Offline