So I'm trying to install the latest version of Debian on my SSD drive with UEFI. I'd like to use the CinnamonKDE desktop environment and have my drive fully encrypted.
I used Windows 10 before and am not an expert in Unix/Linux/Debian (which I wouldn't consider a necessity for this).
I consider the OS installation the most basic thing that is absolutely necessary for any OS to work properly and hence I'm pretty frustrated with the state of Debian on that. I'm simply using modern hardware and standards (SSD & UEFI) and I consider encryption a must for everyone.
So here's what I did:
- Went to https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/ downloaded debian-8.8.0-amd64-CD-1.iso verified the .iso's hash using HashMyFiles and burned it to a CD (the DVDs don't work)
- Then I followed this guide (note: it would be way better to be able to set up proper partitions for UEFI by a simple selection! Nobody wants to first have to Google for guides and the like!):
Setting Up Full Disk Encryption on Debian Jessie
I do not have a network connection during installation and the only software I could select was "Basic software" and "Desktop environment". When partitioning I get two strange additional entries with FREE SPACE: one with 1 MB and one with 138.2 kB – not sure why they're getting added along? Besides the /boot partition I also created a "EFI System Partition" partition which isn't described in the tutorial but which I had to create as my first installation-try failed entirely. -
I was able to follow it through until the end of the installation of the reboot. When I reboot I get this:
Loading, please wait... 1.xxxxxx usb 1-3: device descriptor read/64, error -71 [ 1.xxxxxx usb 1-3: device descriptor read/64, error -71 Please unlock disk sda2_crypt: _ -
I enter my password correctly once and get:
No key available with this passphrase. cryptsetup: cryptsetup failed, bad password or options? -
I enter my password again correctly and it says "set up successfully" and "recovering journal" (I tried this many times and it always only works on the 2nd try!)
- Then it says (in bold) "Please enter passphrase for disk … on /home" I have to enter my password one more time (see the guide above – again I'm not sure why people haven't yet implemented a way to easily encrypt the entire drive with one password that has to be entered only once)
-
Then I only get to the terminal where it says:
Debian GNU/Linux 8 name tty1 name login: -
I enter my username (I tried it with root and the user I set up during installation) and my password and get:
username@name:~$_ - No further information provided, no graphical desktop environment, nothing.
I'm not sure how to proceed here.
This didn't help: wiki.debian.org/UEFI
startx didn't get me to the desktop environment either. Also I, reluctantly, tried disabling secure boot which didn't help as well.
Update: I tried another install where I did not follow the tutorial but instead selected 'Guided – use entire disk and set up encrypted LVM'. There I only have to enter my password once and at startup before entering it I get this:
Loading, please wait...
[ 1.xxxxxx usb 1-3: device descriptor read/64, error -71
[ 1.xxxxxx usb 1-3: device descriptor read/64, error -71
Volume group "name-vg" not found
Skipping volume group name-vg
Unable to find LVM volume name-vg/root
Volume group "name-vg" not found
Skipping volume group name-vg
Unable to find LVM volume name-vg/swap_1
Please unlock disk sda3_crypt: _
Once I entered my password and logged into one of my 2 accounts (root or username) I'm not getting a desktop environment but stay at the bash terminal with no further info provided. When I enter startx I only get:
username@name:~# []
where I can't enter anything. I tried it with my mainboard-only onboard graphics. If I build in my graphics card I'm not getting the above but a black screen / nonworking monitor. I also tried resetting my UEFI settings back to default (and only changing boot mode to UEFI).
I can't overstated how disappointed I'm here. I'm not trying to do anything unusual or have any uncommon hardware. I tried to move away from Windows and to FOSS but it appears that's not possible so far 🙁
Update 2: Alright so now I did another try with the "expert mode" which gave me more options. In it I also installed to the removable media path (as recommended in wiki.debian.org/UEFI) when I was asked about it. That didn't help.
Also I came across this post: https://forum.level1techs.com/t/solved-installing-linux-on-an-m-2-ssd/110982/46 where another user has had the same problem.
I will do some further tests today but it appears the cause is my mainboard B250 PC MATE not working with non-Windows operating systems with UEFI.
I find this unacceptable by MSI and potentially UEFI and hope that others do too and that we can act accordingly (make this issue known to potential buyers, boycott, sue, etc).
It seems I now have 3 options:
- Installing Windows 10 (but I want to move away from vulnerability, backdoors and proprietary software)
- Installing Debian with Legacy mode instead of UEFI (I hope that this works and that I can use nonboot-drives > 2TB with it; also by it I'll miss certain UEFI improvements and I hoped to use secure boot in the future)
- Getting a new mainboard (how can I be sure that it works with another mainboard?)
Follow-up question: Should I use legacy BIOS for Debian or get a new mainboard?
Update 3: So now I tried it with legacy BIOS, without encryption and without separate home partition. I'm still having the same problem so I'm not sure what the cause is but it doesn't seem to be UEFI. Any ideas?
Best Answer
I got it working with Debian 9.0.0 (by booting from the DVD) which got released after I posed this question. I simply went through the standard UEFI installation and selected 'Guided - use entire disk and set up encrypted LVM' and 'Cinnamon' as desktop environment.
SecureBoot is not yet supported; and when booting I now need to wait a few seconds before entering the password for it to work at 1st try. I installed without Internet connection and had some issues with the sources.list file afterwards but got it fixed.
After installing one should install sudo and the firewall (gufw) and add ones user to the sudoers file. One should also run
apt-get update && apt-get upgradeand make sure everything is upgraded.