Morphing K18 on Trixie issues

GaS58Bc · December 29, 2025, 1:47pm

Hey all, nooby question (eventually ) so apologies if I’ve asked wrong.

Been trying to morph K18 on Trixie usb. Failed 4-5 times so far. Having fun though and learning stuff

Tried two different fast 1tb usbs, one with lvm encryption and one just lvm, no encryption. Used rufus and etcher.

Trixie installs every time with just lxqt and Debian desktop environment. I follow the guide add the repo manually as not in extrepo for Trixie, then I run into issues once I reboot after installing K18.

On first usb (A) bugs out after entering encryption password, asks for user login then fails to load lxqt and returns cli - don’t know how to start lxqt from cli. Or I run into lux swap file issue and no cli and no options. On second usb (B) K18 install failed as it couldn’t install security-misc and reported process error. Cli option to fix doesn’t fix. When I reboot it’s just into Trixie.

I’m trying to discount my Trixie install choices as a factor.

Question = Are there any dos/dont on the Trixie install which will screw up the k18 morph?

Thanks for reading and any tips.

arraybolt3 · December 30, 2025, 12:57am

It’s hard to determine what’s going wrong here without knowing the exact error messages. Sometimes the same thing can fail the same way with two different error messages, and the details of those error messages indicate radically different solutions needed for each case, so it’s very helpful if you share the exact error messages you’re seeing, if any. (Detailed step-by-step instructions to reproduce an issue are also useful.)

What’s the LUKS swap file issue? What error message are you being shown?

Similarly, what’s the error message you’re running into with security-misc?

For the issue with graphical login, try logging in at a CLI login prompt, then run /usr/libexec/desktop-config-dist/start-lxqt-session. This is the command usually used “under the hood” to start LXQt. What error messages, if any, does this show? Or does it give you an LXQt desktop?

GaS58Bc · December 30, 2025, 7:48am

Thank you for the reply, much appreciated. Tried again on a Trixie install from yesterday.

After entering passphrase to unencrypt I get two lines from swapfile creator

Info: swapfile creator….

Info: File /var/swapfile on LUKS encrypted device: ‘no’. - Doing nothing, ok.

encryption worked on bare Trixie but not after kicksecure.

Does setting up/not setting up root during Trixie install have any impact on kicksecure install? I followed all the steps in the notes right. But after switching to root before K18 install im not 100% sure it’s right as I get root /home/user# and the echo PATH don’t match the full path ( like in notes). Could all be wrong but just asking anyways.

arraybolt3 · December 31, 2025, 12:28am

I bet this is because you have LVM between your filesystem and LUKS. The current LUKS detector I believe requires the filesystem to be used directly on the LUKS volume, not with LVM between it. Fixing that might be possible, but right now LVM support in Kicksecure is pretty limited (mainly because we can’t get an installer that supports LVM; we had debian-installer support for a while but had to remove it due to security issues in live-build when downloading debian-installer.)

If instead of installing from the Debian netinstaller, you install from a Debian Live LXQt image, does it work any better? That will let you use LUKS without LVM.

GaS58Bc · December 31, 2025, 7:17am

Thank you for the update. Let me try and will get back to you.

GaS58Bc · January 2, 2026, 3:37pm

Hey guys, some updates.hopefully I understood the suggested approach correctly…..

Working off VBox VMs now as quicker than usb, results:

D13 lqxt iso, using normal installer, skipped root user setup, partition = guided entire disk (no lvm, no encryption), all files in one partition - reboot ok - all KS commands executed ok - reboot - same result as before - after ks splash - swap-file-creator message ‘File ‘/var/swapfile’ on LUKS encrypted device: no - do nothing ok.
D13 lqxt iso live boot, installed from within live using defaults for partition, no root user etc - reboot ok - all ks commands executed ok - reboot same result as above

so getting same result on VMs as usb.

Appreciate any tips on next tests much appreciated. All good fun

arraybolt3 · January 2, 2026, 6:25pm

Yes, that is expected behavior. swap-file-creator only creates swapfiles on encrypted volumes for security reasons, and only creates them directly on LUKS volumes.

Did you enable encryption here? The live installer has a checkbox on the partitioning screen for “Encrypt disk”, right above the partition layout summary. (This will give you LUKS without LVM, which is what you want.)

GaS58Bc · January 2, 2026, 6:55pm

Ah, didnt enable encryption - let me try again. Thanks again buddy

GaS58Bc · January 2, 2026, 10:58pm

Little update. Created a new VM through the Debian 13 lxqt live installation process. Ticked the encryption box and accepted default partition etc. ks18 commands worked fine. FYI I’m using the install ‘for host os’ and not ‘for any other VMs (not qubes)’ - could be a wrong choice screw up on my part.

on reboot I have to enter encryption passphrase for grub, then KS splash, then again the passphrase for vbox_harddisk. Swapfile seems to work this time, e.g. enough ram; capping at 10% disk size; calculating swap file in mb 1998; then stops after ‘Info: File var/swapfile’ (1 GB) ready Ok.

Btw - thanks for all the advice so far….really appreciated

Patrick · January 3, 2026, 2:15am

Yes. As expected. It’s mentioned in the documentation but not obvious to find. See also:

I wonder if the info message can be improved.

github.com/Kicksecure/swap-file-creator

usr/share/swap-file-creator/swap-file-creator

master


      
             systemd_detect_virt_output=""
          fi
          
          if [ "$DO_PRE_CHECK" = 'yes' ]; then
             if [ "$systemd_detect_virt_output" = "xen" ]; then
                printf '%s\n' "INFO: Virtualizer 'xen' detected. Could be 'Qubes'. Skipping swap-file-creator. Doing nothing, ok."
                exit 0
             fi
          
             if ! luks-path-check "$SWAPFILE" &>/dev/null ; then
                printf '%s\n' "INFO: File '$SWAPFILE' on LUKS encrypted device: 'no'. - Doing nothing, ok."
                exit 0
             else
                pre_check_done='true'
             fi
          fi
          
          ## User can set HIBERNATION=yes in /etc/default/swap-file-creator
          [[ -v "HIBERNATION" ]] || HIBERNATION="$hibernation_consideration"
          
          total_ram_in_mb="$(free -m | sed  -n -e '/^Mem:/s/^[^0-9]*\([0-9]*\) .*/\1/p')"

Perhaps we could add a short link there?

See also: https://www.kicksecure.com/wiki/swap

GaS58Bc · January 3, 2026, 10:36am

Thank you Patrick. I’m gonna have a strong flask of coffee and read all this, but in parallel, if my endgame is not a VBox VM but usb with ks18 morphed on trixie, should I:

install d13 from inside the live d13 lxqt iso, select encryption and default partition etc
Run k18 commands
Disable swapfile to get past it or do something else? Sorry dumb question

So far my attempts with usb or VM using with d13 net iso or ixqt have not got me past swapfile creator during boot. I’m too dumb to know if this is down to d13 configuration or my k18 choices. If you were to install to a usb, what setting would you choose to avoid swapfile creator issues? The pc has a lot of ram. Very appreciative of your patience and support

Patrick · January 3, 2026, 11:22am

We might be having an XY Problem here.

This message can be safely ignored:

It starts with INFO: and ends with ok. So unless that is something you’re interested in, you can very safely move your focus away from these kind of messages.

Once that message is shown, all that swap-file-creator does is exit 0, which means it terminates itself with status “success”. And that’s it. swap-file-creator won’t have any future effect on the boot or system.

If you want to morph, then morph. Note that this is a method for advanced users. Unless you have a strong rationale why distribution morphing is useful, there is no need to do distribution morphing.

Kicksecure on USB can be done according to:

No distribution morphing required.

There are no issues.

In this case, never mind swap-file-creator. It’s not needed and can be ignored.

If the boot is frozen after swap-file-creator, doesn’t mean it’s caused by swap-file-creator.

Now that I think about it, having a swapfile versus not having one isn’t important enough to be shown during boot. If there is enough RAM (at the time of writing 2 GB), then swap-file-creator does not need to say anything at all by default. So that’s a usability bug which will be fixed in the next release.

In the future, we can move information level messages can be moved to systemcheck.

I used to be under the impression, swap-file-creator is the thing you’re interested here. However, it might be a different issue. Frozen boot? In that case, we can suggest other things. In that case…

As per Recovery Mode…

Remove kernel parameter loglevel=0 and quiet.
Follow the Temporary Kernel Boot Parameter Change instructions to change the kernel parameters.

GaS58Bc · January 3, 2026, 2:43pm

Thanks again Patrick. Appreciate the guidance and patience. Will leave things for now and do some reading and try again in a couple of months. I found D12/K17 easy but need time to understand the new features of D13/K18 better.