Portal:Aeon/Troubleshooting

Troubleshooting

This section describes known issues on Aeon and their solutions.

Always prompted for Recovery Key on boot

This is likely because your system state is mismatched from the measurements stored in the TPM. See the encryption guide for more details.

Once the reason for the measurements being mismatched is understood, you may remeasure boot integrity.

Remeasuring Boot Integrity

Manually remeasuring boot integrity should only be done if you can explain why your system requested the recovery key.

Usually its as simple as running:

Sometimes your recovery key is needed:

NOTE: When entering the recovery key, it will not be visible. Entering the wrong key will result in an error. If you enter the wrong key too many times, your TPM may lock you out for an unknown amount of time, as the timeout duration is determined by your hardware.

Debugging issues with default mode encryption

If sdbootutil update-predictions or sdbootutil --ask-pin update-predictions commands don't work, more information can be gathered by adding -v or -vv to the commands.

user $ sudo sdbootutil -vv update-predictions

user $ sudo sdbootutil -vv --ask-pin update-predictions

This information will be required if you file a bug report.

"Provided PIN Incorrect or TPM2 locked after too many retries"

It's possible to lock the TPM by supplying the incorrect recovery key when remeasuring boot integrity. The exact behavior and duration of this lock depends on your hardware and cannot be bypassed by Aeon.

In this case you will need to either wait or reset the TPM in your systems UEFI/BIOS.

If you choose to wait, after the TPM lock timer is finished you will need to remeasure boot integrity.

If you choose to reset the TPM you will need to re-enroll it. See Portal:Aeon/Encryption/Advanced#Complete_re-enrollment_of_TPM2.

Rollback

Do not use snapper for rollbacks!

Aeon strongly focuses on stability, but if something goes wrong or a new update causes problems, you can easily rollback to an older snapshot using Aeon's built-in rollback feature.

If a new update causes problems, we strongly recommend that you simply rollback the system and wait a few days for the problem to be fixed.

You can easily rollback using the systemd-boot menu or from the terminal using transactional-update.

Rollback using the systemd-boot menu

To rollback using systemd-boot, hold the Space key during boot. This opens a menu with all available snapshots. Use the arrow keys to select the desired one, then press the Enter key to rollback.

Perform this command inside the desired snapshot if you want it to be pinned as the "newest" snapshot:

Rollback using the Terminal

If you wish to rollback to the last working snapshot use:

If you wish to rollback to a specific snapshot, you can exceptionally use snapper to list all available snapshots:

You can now rollback to a specific snapshot like so:

user $ sudo transactional-update rollback $NUM

Set hostname

Set your hostname with the following command, as currently it doesn't work from GNOME settings yet:

Reboot for the change to take effect.

Add extra keyboard layouts

Editors Note: I can't tell if some of these commands modify the underlying OS see here, if they do please leave a note that doing so is unsupported! Otherwise delete this note.

To add special keyboard layouts for languages different from the one selected during the install, you need to add the language locale to the system, and then reboot. This will install the required packages as well.

NOTE: Japanese requires a lot of heavy packages. In particular, the "ibus-mozc" package might fail to be added with the locale. It should be installed manually.

Steam flatpak opens, but can't start games

In case you run into this issue, where Steam opens, but games are not launching - that otherwise would - make sure that the Steam flatpak is allowed to run in the background:

Changing the kernel cmdline (boot)

NOTE: If you change, this you will likely need to remeasure boot integrity afterwards.

Edit the file /etc/kernel/cmdline:

Then run this command to update the initrd: