I'm trying to do a fresh install of KDE Neon, but the current installer appears to be broken. I've been running a previous version of Neon for several years, & its installer works without issue. The previous working ISO was 20220324-0945; the current failing one is 20240201-0717. Rero: 1) Download the ISO, copy to USB & boot live 2) Once booted, connect to wifi & launch the installer 3) On the Partitions step, choose "Manual Partitioning": * Select free space->Create. File System=btrfs, Encrypt=checked, Mount Point=/ * As it's a multi-boot system, I have an existing fat32 efi partition. Select that partition->Edit. Set its mount point to /boot/efi. 4) Proceed with the install 5) Reboot. Result: It prompts for the password, accepts the password, shows the Grub menu, I select Neon, then it fails to boot. The screen shows `cryptsetup: ERROR luks-(uuid): maximum number of tries exceeded`. If I hit a key to show the text, it reveals: ``` /bin/cat: /crypto_keyfile.bin: No such file or directory Nothing to read on input. cryptsetup: ERROR: luks-(uuid): cryptsetup failed, bad password or options? (...repeating over and over until it gives up & drops to shell) ``` * This was the exact install process that worked properly with the previous version of Neon. Just to sanity check my steps, I went back & fully reinstalled the previous 20220324-0945 ISO. It worked without issue. So this definitely seems to be a regression. * I read online that the crrent installer is only broken with encryption & btrfs, so I tried to repeat the process using ext4 rather than btrfs. The same error occurred. * Rather than doing Manual partitioning, I also tried choosing "Replace a partition", and just giving it the partition I intended to use as "/" (aka I didn't explicitly give it /boot/efi). It did not work. Same issue. * I tried doing the same, but *not* selecting encryption (definitely not an option for real-world use, but just out of curiosity). That worked. So it seems to be unable to install with encryption.
Addendum: it looks like others are experiencing the same - multiple posts about this on Reddit in the past 5 days: https://www.reddit.com/r/kdeneon/comments/1aenouy/kde_neon_wont_boot_after_fresh_install_cryptsetup/
Can confirm the bug. Tried today to install it on some new machines but after installation and successful password prompt, it failed to boot. We use the default setup with no custom configuration (we use the 'use full disk' option with the 'system encryption' enabled). The iso version was 'neon-user-20240208-0715' and we verified the signature before writing it to media. Can we at least get a link to the last good iso until the fix?
(In reply to Ioannis Panagiotopoulos from comment #2) > Can confirm the bug. Tried today to install it on some new machines but > after installation and successful password prompt, it failed to boot. We use > the default setup with no custom configuration (we use the 'use full disk' > option with the 'system encryption' enabled). The iso version was > 'neon-user-20240208-0715' and we verified the signature before writing it to > media. Can we at least get a link to the last good iso until the fix? Same exact process and issue here. Confirmed on testing ISO from today.
More reports of this here: https://discuss.kde.org/t/disk-encryption-not-working-on-recent-neon-isos-but-is-working-on-older-images/9505
(In reply to spiesant from comment #1) > Addendum: it looks like others are experiencing the same - multiple posts > about this on Reddit in the past 5 days: > https://www.reddit.com/r/kdeneon/comments/1aenouy/ > kde_neon_wont_boot_after_fresh_install_cryptsetup/ I can confirm this is happening when I install KDE neon using a recent ISO.
Most recent user iso is broken on boot when installing with encryption!!!
Created attachment 166669 [details] Here's some analysis that I did
Created attachment 166670 [details] This is the session log from the install into my VM
I can report that the Reddit workaround https://www.reddit.com/r/kdeneon/comments/1aenouy/kde_neon_wont_boot_after_fresh_install_cryptsetup/ works (where I replaced /dev/nvme0n1p2 with my root partition path inferred from, e.g., partitionmanager) ------------------- On the running system, out of curiosity I re-added the keyfile to the key slots of my two encrypted partitions by calling this: sudo cryptsetup luksAddKey /dev/nvme0n1p2 /crypto_keyfile.bin To my surprise when checking sudo cryptsetup luksDump /dev/nvme0n1p2 before and after adding of the keyfile, I found out that the new key slot data does not match any of the old slots. It looks like the keyfile was not added correctly to the slots before. Also I put the /crypto_keyfile.bin back into the /etc/crypttab (replacing the none's) but did not add back the keyscript=/bin/cat. I read in the man page of crypttab that the third parameter is the keyfile. I didn't see the need to add the keyscript at all. sudo update-initramfs -c -k all and reboot ------------ This can be done after booting the installed system as follows from an (initramfs) prompt https://discuss.kde.org/t/disk-encryption-not-working-on-recent-neon-isos-but-is-working-on-older-images/9505/4 ------------- cryptsetup luksOpen /dev/disk/by-id/[deviceid] luks-<uuid> and enter the password. Then run exec run-init /root /sbin/init /root/dev/console -------------
Here's everything I've found so far: ## Stuff that is fine - the `/etc/crypttab` looks fine - the `/etc/fstab` looks fine - the keyfile _is_ present and _can_ unlock the filesystems - the swap partition appears to be good, but in mapper form (which makes sense since it's an encrypted partition) ## Stuff that doesn't appear to be fine - the `initramfs.conf` seems to be missing from the ISO - the `luksbootkeyfile.conf` seems to be missing from the ISO - I still get error `Failed to enable swap for devices: ['/dev/sda3']`, but it may be a red herring I'm continuing to dig, but even after I place the two config files above and re-run the installer, the system still won't boot.
this is now working. neon's calamares-settings package had to be adjusted to use the calamares initramfscfg module. tested in neon release. will be snapshot(ted) to neon user very soon (TM) and a new iso spun up.