core: set efibootorder before modules, EFI vars are correct for encry…

…ption

usr/bin/tik

@@ -55,9 +55,7 @@ load_modules "pre" "custom"
 get_disk
 get_img
 dump_image "${TIK_INSTALL_IMAGE}" "${TIK_INSTALL_DEVICE}"
+set_boot_target
 
 load_modules "post"
 load_modules "post" "custom"
-
-set_boot_target
-

usr/lib/tik/lib/tik-functions

@@ -94,9 +94,10 @@ probe_partitions() {
             log "[probe_partitions] ${probedpart} found"
         # Check if ${filematch} exists
         else
-            prun /usr/bin/mount ${mountops} ${part} "${probe_dir}/mnt"
+            prun /usr/bin/mount ${mountops} "/dev/disk/by-id/${part}" "${probe_dir}/mnt"
             if [ -f ${probe_dir}/mnt/${filematch} ]; then
                 log "[probe_partitions] ${filematch} found"
+                 # Fallback to unix device in order to fix issue with USB devices
                 probedpart="$(/usr/bin/readlink -f "/dev/disk/by-id/""${part}")"
                 log "[probe_partitions] ${probedpart} found"
                 if grep -q 'PRETTY_NAME="openSUSE MicroOS"' ${probe_dir}/mnt/${filematch} && [ -f ${probe_dir}/mnt/usr/bin/gnome-shell ]; then

usr/lib/tik/modules/post/10-encrypt

@@ -86,7 +86,7 @@ open_partition() {
 
 finalise_system() {
     log "[finalise_system] configuring crypttab, PCR list, fstab and populating ${esppart}"
-    echo "cr_root ${cryptpart} none tpm2-device=auto,x-initrd.attach" | prun tee ${encrypt_dir}/mnt/etc/crypttab
+    echo "cr_root ${cryptpart} none x-initrd.attach,tpm2-device=auto" | prun tee ${encrypt_dir}/mnt/etc/crypttab
     echo "FDE_SEAL_PCR_LIST=0,2,4,7,9" | prun tee ${encrypt_dir}/mnt/etc/sysconfig/fde-tools
     espUUID=$(lsblk -n -r -o UUID ${esppart})
     prun /usr/bin/gawk -v espUUID=$espUUID -i inplace '$2 == "/boot/efi" { $1 = "UUID="espUUID } { print $0 }' ${encrypt_dir}/mnt/etc/fstab