-
Notifications
You must be signed in to change notification settings - Fork 0
Troubleshooting
This page describes known issues on Aeon and their solutions.
This is likely because your system state is mismatched from the measurements stored in the TPM. See the encryption guide for more details.
Once the reason for the measurements being mismatched is understood, you may remeasure boot integrity.
Manually remeasuring boot integrity should only be done if you can explain why your system requested the recovery key.
Usually its as simple as running:
Aeon@localhost:~> sudo sdbootutil update-predictionsSometimes your recovery key is needed:
Aeon@localhost:~> sudo sdbootutil --ask-pin update-predictionsNOTE: When entering the recovery key, it will not be visible. Entering the wrong key will result in an error. If you enter the wrong key too many times, your TPM may lock you out for an unknown amount of time, as the timeout duration is determined by your hardware.
Debugging issues with default mode encryption
If sdbootutil update-predictions or sdbootutil --ask-pin update-predictions commands don't work, more information can be gathered by adding -v or -vv to the commands.
Aeon@localhost:~> sudo sdbootutil -v update-predictions
Aeon@localhost:~> sudo sdbootutil -v --ask-pin update-predictions
Aeon@localhost:~> sudo sdbootutil -vv update-predictions
Aeon@localhost:~> sudo sdbootutil -vv --ask-pin update-predictionsThis information will be required if you file a bug report.
It's possible to lock the TPM by supplying the incorrect recovery key when remeasuring boot integrity. The exact behavior and duration of this lock depends on your hardware and cannot be bypassed by Aeon.
In this case you will need to either wait or reset the TPM in your systems UEFI/BIOS.
If you choose to wait, after the TPM lock timer is finished you will need to remeasure boot integrity.
Aeon@localhost:~> sudo sdbootutil --ask-pin update-predictionsIf you choose to reset the TPM you will need to re-enroll it. See here.
NOTE: Do not use snapper for rollbacks!
Aeon strongly focuses on stability, but if something goes wrong or a new update causes problems, you can easily rollback to an older snapshot using Aeon's built-in rollback feature.
If a new update causes problems, we strongly recommend that you simply rollback the system and wait a few days for the problem to be fixed.
You can easily rollback using the systemd-boot menu or from the terminal using transactional-update.
To rollback using systemd-boot, hold the Space key during boot. This opens a menu with all available snapshots. Use the arrow keys to select the desired one, then press the Enter key to rollback.
Perform this command inside the desired snapshot if you want it to be pinned as the "newest" snapshot:
Aeon@localhost:~> sudo transactional-update rollbackIf you wish to rollback using the terminal, you can use sdbootutil list-snapshots to list all available snapshots:
Aeon@localhost:~> sudo sdbootutil list-snapshotsYou can now rollback to a snapshot like so:
Aeon@localhost:~> sudo transactional-update rollback $NUMNOTE: changing the hostname might have unintended consequences see here.
Set your hostname with the following command, as currently it doesn't work from GNOME settings yet:
Aeon@localhost:~> sudo hostnamectl set-hostname <new name>Reboot for the change to take effect.
If you need access to TTY you can access it with CTRL + ALT + F6 or depending on your device CTRL + ALT + FN + F6
Editors Note: I can't tell if some of these commands modify the underlying OS see here, if they do please leave a note that doing so is unsupported! Otherwise delete this note.
To add special keyboard layouts for languages different from the one selected during the install, you need to add the language locale to the system, and then reboot. This will install the required packages as well.
Aeon@localhost:~> sudo transactional-update -n run zypper -n aloc <locale>NOTE: Japanese requires a lot of heavy packages. In particular, the "ibus-mozc" package might fail to be added with the locale. It should be installed manually.
Aeon@localhost:~> sudo transactional-update pkg install ibus-mozcIn case you run into this issue, where Steam opens, but games are not launching - that otherwise would - make sure that the Steam flatpak is allowed to run in the background:
Aeon@localhost:~> flatpak permission-set background background com.valvesoftware.Steam yesNOTE: If you change the kernel cmdline you will likely need to remeasure boot integrity afterwards.
Edit the file /etc/kernel/cmdline:
Aeon@localhost:~> sudo vim /etc/kernel/cmdlineDepending on if you install with default mode or fallback mode run the appropriate command to update the initrd.
Default mode:
Aeon@localhost:~> sudo sdbootutil update-all-entriesFallback mode:
Aeon@localhost:~> sudo transactional-update initrdNOTE: By default the "rndis_host" module is blacklisted.
Aeon@localhost:~> cat /usr/lib/modprobe.d/50-blacklist-rndis.conf
# RNDIS is considered insecure (bsc#1205767, jsc#PED-5731)
blacklist rndis_wlan
blacklist usb_f_rndis
blacklist rndis_hostIf you need to enable tethering temporarily you can run:
Aeon@localhost:~> sudo modprobe rndis_host
Aeon@localhost:~> lsmod | grep rndis_hostIf you get an output the module is enabled.
To enable the module on every boot we cannot add it to "/etc/modules-load.d/" since it's blacklisted by default, we can workaround this with a systemd service.
Aeon@localhost:~> sudo vim /etc/systemd/system/rndis_host.serviceYou can paste this in:
[Unit]
Description=Load rndis_host module
# We load rndis_host after systemd-modules-load.service to prevent any race conditions.
After=systemd-modules-load.service
[Service]
Type=oneshot
ExecStart=/sbin/modprobe rndis_host
[Install]
WantedBy=multi-user.target
After you pasted in the service configuration run:
Aeon@localhost:~> sudo systemctl daemon-reload
Aeon@localhost:~> sudo systemctl enable rndis_host.serviceReboot your device.
If you have a battery powered device this happens because it wasn't plugged into AC power when the service ran. (For more information see: https://github.com/AeonDesktop/Project/discussions/4)
To fix this you need to have your device plugged in when the service is run.
NOTE: Some of you will prefer manually updating instead of timing when you need to plug your device into AC power, it's recommended to do this like so:
Aeon@localhost:~> sudo transactional-update dup cleanup
...
transactional-update finished
Aeon@localhost:~> sudo transactional-update --continue --non-interactive pkg in --force --recommends patterns-glibc-hwcaps-x86_64_v3This is to prevent v3 libraries drift as Aeon doesn't enable recommends.
If you get stuck on a boot screen or randomly experience slow boot times it's almost always because SELinux relabeling.
This happens when an update includes something with SELinux related, this isn't an error! Give your device as much time as it needs to finish the relabeling which is usually a few minutes at most.