Mortar install fails on Manjaro. Debian installed using the Live Disk option also fails.

[noahbliss]

Debian's Live Installer has changed the way Debian interacts with LUKS volumes. Manjaro similarly uses this technique. It configures the system with an encrypted boot volume and uses Grub to perform the initial unlocking. After Grub unlocks, it uses a LUKS key on disk (in the root of the drive and also included in the initramfs) to re-unlock it automatically after the Grub hand-off to the Linux kernel.

Obviously this throws a wrench in how Mortar interfaces with the system. I'm working on a solution. So far having the /boot location already encrypted does save us a few steps, and the current code already overwrites the Debian "hand-off key" slot, but looks like we need to fiddle with the crypttab file a little bit at least.

[noahbliss]

Updated to reflect this issue also impacts Manjaro.

[noahbliss]

Updated to reflect the issue is with Debian's Live Installer, not unstable nor netinstall. ccf4ba6 added to reflect this.

[Herschenglime]

Hello! I'm hoping to undergo this setup process with a Manjaro installation and I noticed this issue during my research phase.

It seems Manjaro Architect has been dropped from being officially supported and is no longer available as a standalone ISO or as part of the full-fat live disks anymore. At least for the time being, it seems that you can still install it once inside the live environment and go from there, but as it is unmaintained it will likely become unusable over time.

Have you had any luck with it as of late? I'm not sure if calamares supports the steps necessary in the manual partitioning step to recreate the same setup.

Thanks for your insight!

[noahbliss]

Ultimately the issue is on my end, I need to be able to detect these kinds of installations (the crypttab file would be one indicator I can think of) and adjust the configuration as part of the mortar install scripts. Unfortunately I simply haven't had time to do this yet. If you want to take a stab at it though, feel free!

[Herschenglime]

I did a test install in a VM to make sure my planned partitioning setup would work, and in doing so discovered that manjaro-architect still works perfectly for the time being. By first doing my partitioning in the KDE partition editor and then mounting to those in architect, everything worked just fine. I can't test setting up mortar in virtualbox since it doesn't emulate a TPM or support secure boot, so I can't be sure before trying on physical hardware, but I wonder if by using Architect it still may be possible to install the system in a way that mortar can interface with. Based on this, I have a few questions.

When mounting partitions, you have the option to also mount a /boot or just use a /boot/efi partition. I chose to just mount /boot/efi to my ESP partition and forewent mounting /boot to a separate partition. Would it be better to also add a separate /boot partition and mount it to mimic the debian install that you describe in the readme?

Additionally, Architect offers choosing between GRUB, rEFInd, and systemd-boot as bootloaders. Would one of these be preferred, or does it not really matter since you end up directly booting from efi files by the end of the process?

Thank you for bearing with me. I've been researching the details surrounding this process for a couple days now, but all of this is still pretty new to me.

[noahbliss]

Are you emulating on a Linux host? You can use swtpm to emulate a TPM module using virt-manager (KVM/qemu) if you'd like to try installing Mortar in a VM. Just a thought. I think VMware, Parallels, and Hyper-V also support various forms of TPM emulation/passthrough.

[noahbliss]

So Manjaro seems to "just work" now using the arch method.