- Install Asahi
- Add cryptsetup into initrd
- Make initrd spawn a shell before mounting disk
- Reencrypt the partition in-place
- Configure grub and rebuild initramfs to open LUKS device during startup.
- Cleanup
Just curl https://alx.sh | sh and follow the prompts. Move on to the next step once you boot into Asahi.
Add crypt dracut module
echo 'add_dracutmodules+=" crypt "' >/etc/dracut.conf.d/crypt.conf
Add cryptsetup and dependencies
cat >/etc/dracut.conf.d/cryptsetup.conf <<EOF
# cryptsetup binary
install_items+=" /usr/sbin/cryptsetup "
# cracklib because cryptsetup checks the password using it
install_items+=" /usr/share/cracklib/* "
EOF
Make dracut stop before mounting root - edit the GRUB_CMDLINE_LINUX_DEFAULT entry in /etc/default/grub:
- remove
rhgbandquiet - add
rd.break=pre-mountto it.
Rebuild the initrd
dracut -f
All should be set now, reboot away.
reboot
Hopefully the boot process should stop and you should be able to log in as root.
Follow https://davidalger.com/posts/fedora-asahi-remix-on-apple-silicon-with-luks-encryption/ starting from "Shrink the btrfs filesystem to make room for the LUKS header."
The arch-chroot utility is not available in the initrd, but we can work around that. Assuming you have your fedora partition mounted under $FEDORA_MNT you can do the following:
mount --bind /dev $FEDORA_MNT/dev
mount --bind /sys $FEDORA_MNT/sys
mount -t proc none proc
$FEDORA_MNT/usr/sbin/chroot $FEDORA_MNT bash
Edit the GRUB_CMDLINE_LINUX_DEFAULT entry in /etc/default/grub to not include rd.break=pre-mount and add back the previously removed options (rhgb and quiet).
Remove the rd.break=pre-mount from
rm /etc/dracut.conf.d/cryptsetup.conf
Rebuild initrd and regenerate grub config once more
grub2-mkconfig -o /boot/grub2/grub.cfg
dracut -f