Yep, still no /dev/dsp in Daedalus.
But installing wireplumber seemed to be the easy way out of silence.
https://www.youtube.com/watch?v=lL6NUBk_j6M

... but there is no need to modify initrd if there is only 1 big / -partition . No separate /home or swap or anything.

But right now i'm not going to start all over from scratch.

I'm between sixes and sevens about that EFI partition(and SB). Maybe i'll bypass that someday(if i can). Boot straight into /boot part instead. With a pre-EFI-era machine that's trivial operation. But maybe not with that Fujitsu.

But I've been also thinking that shim should contain public keys for some distros, right? So with a stock kernel and a one_size_fits_all_initrd there shouldn't be problems with shim when booting those?

... on the other hand, to be able to mount /home from encrypted lvm partition(that is not /) during boot means that initrd has to be modified ...

Edit. I'm under an impression from mokutil-related pages that i can make my own keys with openssl and sign whatever i want on /boot with them. The user_made keys are supposed to go to firmware, right?

Next time i'll try to remember check the "/"-situation after configuring LVM but before "done". Just in case.

Today i was able to boot the livedvd's,  so last night i must have changed the firmware settings before trying to boot the Chimaera or Daedalus

Still planning to run that memtest though.

The installation procedure wasn't like that.

sda1=EFI
sda2=/boot
sda3=reserved for encrypted /
sda4=reserved for encrypted VG

would be the idea as far as the partitioning goes.

That "Logical Volume" part was the problem. As i said before, i was able to make /dev/sda3_crypt and /dev/sda4_crypt . Even make a PV inside /dev/sda4_crypt .
But the problems started when trying to make VG, and devices /dev/vg/swap and /dev/vg/home . And make those the swap device and /home - partition. I ran into complaints about /-partition. Couldn't get past  that "partitioning the disk"-phase.

I guess i could provide some screenshots after i have successfully installed xorg and vbox, to clarify what i mean. But that will take some time.

This week i found the "jump to a shell"-item in Daedalus's installation menu
But maybe there is something that i don't completely understand about that partitioning phase.
I can make encrypted / - partition. And also another encrypted partition and make a "physical volume for lvm" inside that device.

But if i try to make VG and LV's inside that second encrypted partitition, i get complaints about /-partition and can't get past the partitioning phase.

Used Daedalus netinstall.

After some experiments it became clear to me that when secureboot is on, it verifies the signatures on removable media too. For some reason i thought that when SB is on it just refuses to boot from that kind of media.

Answering to myself: that would be a no, because https://www.gnu.org/software/grub/manua … t-and-shim .
Although i can load grub's configfile from another partition.

I'll run "ls -laR $daedalus_boot_dir | grep efi | less" soon. I know that latest Ubuntu server install disk boots,   and Daedalus install disk won't, when secureboot is enabled.
This time it looks like "su -" works without problems. Haven't tried any sudo stuff yet.
Would like to find out if i can boot into Daedalus when SB is on.

It would be also nice if i can make SB protect the cntents of Daedalus's /boot somehow. If possible.
I heard rumours about somethings called mokmanager and mokutil...

Looks like i can boot Ubuntu install disk when secureboot is turned on. Let's see if can make a working /boot - partition with it.

https://www.youtube.com/watch?v=rRV8ln2VnHc Velikije Luki- Afganistan

https://en.wikipedia.org/wiki/Gutmann_method#Criticism not fully convinced that Guttman's method has additional value over DoD's 7-times-wipe.

And if you don't trust DoD's method, there's always a sledgehammer and gas-welding-equipment. Much quicker than Guttmann, at least.