fix

src/install/security.rs

@@ -16,21 +16,44 @@ pub fn setup_tpm_unlock(conf: &DriveConfig) {
 
     // Recovery Key
     let recovery_key = arch_chroot(
-        &["systemd-cryptenroll", "--recovery-key", &conf.root],
-        Some(&format!("{}\n", conf.encryption.as_ref().unwrap())),
+        &vec![
+            "systemd-run",
+            "--pipe",
+            "--collect",
+            "-p",
+            format!(
+                "SetCredential=cryptenroll.passphrase:{}",
+                conf.encryption.as_ref().unwrap()
+            )
+            .as_str(),
+            "systemd-cryptenroll",
+            "--recovery-key",
+            &conf.root,
+        ],
+        None,
         false,
     )
     .0;
+
     install_file("/mnt/root/recovery.key", &recovery_key, 0o400);
 
     arch_chroot(
-        &[
+        &vec![
+            "systemd-run",
+            "--pipe",
+            "--collect",
+            "-p",
+            format!(
+                "SetCredential=cryptenroll.passphrase:{}",
+                conf.encryption.as_ref().unwrap()
+            )
+            .as_str(),
             "systemd-cryptenroll",
             "--tpm2-device=auto",
             &conf.root,
             "--tpm2-pcrs=7",
         ],
-        Some(&format!("{}\n", conf.encryption.as_ref().unwrap())),
+        None,
         false,
     );
 }

src/pkg.rs

@@ -3,7 +3,7 @@ use crate::{
     linux::{arch_chroot, run_command},
 };
 
-pub const DESKTOP_PKG: [&str; 3] = ["plasma", "sddm", "navos/navos"];
+pub const DESKTOP_PKG: [&str; 5] = ["plasma", "sddm", "konsole", "dolphin", "navos/navos"];
 
 pub const SERVER_PKG: [&str; 2] = ["tmux", "navos/navos"];