You are not logged in.

#1 2022-11-13 08:50:59

telometto
Member
From: Braunau
Registered: 2020-09-30
Posts: 23

Strange error message when trying to use a kernel when booting

A little bit of preface before continuing to my problem: I have done a clean install of Arch using archinstall. I have two NVME M.2 SSD drives, which I've chosen to be formatted to BTRFS using the "Wipe everything etc." option, and use systemd-boot as boot loader. The disks are formatted in the GPT-scheme and I use UEFI (Secure Boot), so I've installed and signed keys using sbctl.

After everything is formatted and I get into the OS, I install several packages. Among these, are the ones worth mentioning:

  • AppArmor

  • Dracut

  • Snapper

  • snap-pac (AUR)

  • plymouth-git (AUR)

  • dracut-hook-uefi (AUR)

  • sddm-git (AUR) - due to using Wayland

Following the instructions on these packages from the official wiki is where, I think, I might be doing something wrong... below are the steps I've taken:
1. Dracut

sudo dracut --hostonly --no-hostonly-cmdline /boot/initramfs-linux.img

# Created files /usr/local/bin/dracut-install.sh and /usr/local/bin/dracut-remove.sh
# chmod the files above

# Created /etc/pacman.d/hooks/90-dracut-install.hook and /etc/pacman.d/hooks/60-dracut-remove.hook

# Stopped mkinitcpio
sudo ln -sf /dev/null /etc/pacman.d/hooks/90-mkinitcpio-install.hook
sudo ln -sf /dev/null /etc/pacman.d/hooks/60-mkinitcpio-remove.hook

2. AppArmor

# Edited /boot/loader/entries/<date>_linux.conf and added
lsm=landlock,lockdown,yama,integrity,apparmor,bpf

3. Plymouth

sudo systemctl disable sddm.service
sudo systemctl enable sddm-plymouth.service

# Edited /boot/loader/entries/<date>_linux.conf and added
quiet splash vt.global_cursor_default=0

# Regenerated initramfs
sudo dracut -f --uefi --regenerate-all

3. Snapper

sudo snapper -c root create-config /
sudo snapper -c home create-config /home

sudo systemctl edit snapper-timeline.timer

# set parameter to daily or hourly
OnCalendar=hourly

sudo systemctl edit snapper-cleanup.timer

# set parameter to daily or hourly
OnUnitActiveSec=1h

sudo systemctl enable snapper-boot.timer

After reboot, I get two extra entries in the boot loader (can't recall specific name, but it's something along Arch (rolling) - some numbers -); selecting either one of the two new ones, will yield a red message which says

Error loading \EFI\Linux\linux-6.0.8-arch-1-3affe82db72e4869ad8fff6100d0ad73-rolling.efi: Access Denied

and I get kicked out back to the boot menu. If I then choose either of the regular ones (Arch or Arch-LTS), the system boots normally.

So I guess my question is: how do I set up Snapper + Secure Boot + Dracut + AppArmor properly? I'd like for the kernels to be rebuilt (properly) automatically by Dracut whenever there's a kernel update.

   - Many thanks

Last edited by telometto (2022-11-13 10:48:03)


"Concern should drive us to action and not into depression."
    -- Pythagoras

Offline

Board footer

Powered by FluxBB