fix stage2 kernel cmdline + use linux-hardened again

chroot.sh

@@ -31,7 +31,7 @@ mkinitcpio -P
 root_uuid="$(grep ext4 /etc/fstab | sed 's/^UUID=//; s/\s\/.*$//')"
 drive2_uuid="$(blkid | grep "$DRIVE"2 | tr ' ' '\n' | grep ^UUID= | sed 's/^UUID="//; s/"//')"
 
-echo "BOOT_IMAGE=/boot/vmlinuz-linux root=UUID=$root_uuid rw cryptdevice=UUID=$drive2_uuid:cryptroot loglevel=0 quiet udev.log_level=3" > /etc/kernel/cmdline
+echo "BOOT_IMAGE=/boot/vmlinuz-linux-hardened root=UUID=$root_uuid rw cryptdevice=UUID=$drive2_uuid:cryptroot loglevel=0 quiet udev.log_level=3" > /etc/kernel/cmdline
 chmod +w /etc/kernel/cmdline
 
 sb_status="$(sbctl status)"
@@ -41,8 +41,8 @@ echo "$sb_status" | grep "^Vendor Keys:" | grep -q "none" || error_exit "Error:
 
 sbctl bundle -s \
     -a /boot/amd-ucode.img \
-    -k /boot/vmlinuz-linux\
-    -f /boot/initramfs-linux.img \
+    -k /boot/vmlinuz-linux-hardened \
+    -f /boot/initramfs-linux-hardened.img \
     -c /etc/kernel/cmdline \
     /efi/EFI/Linux/ArchBundle.efi
 

stage1.sh

@@ -56,7 +56,7 @@ mount /dev/"$DRIVE"1 /mnt/efi
 
 pacman -Sy --noconfirm archlinux-keyring
 
-pacstrap /mnt base linux linux-firmware networkmanager sbctl amd-ucode efibootmgr tpm2-tss
+pacstrap /mnt base linux-hardened linux-firmware networkmanager sbctl amd-ucode efibootmgr tpm2-tss
 
 genfstab -U /mnt >> /mnt/etc/fstab
 mv drive /mnt

stage2.sh

@@ -34,7 +34,7 @@ echo "$sb_status" | grep "^Secure Boot:" | grep -q "Enabled" || error_exit "Erro
 
 grep -q "^2$" /sys/class/tpm/tpm*/tpm_version_major || error_exit "Error: No tpm2 devices found."
 
-drive2_uuid="$(sed 's/^.*cryptdevice=//; s/:cryptroot.*$//' /etc/kernel/cmdline)"
+drive2_uuid="$(sed 's/^.*cryptdevice=UUID=//; s/:cryptroot.*$//' /etc/kernel/cmdline)"
 drive2_drive="$(blkid | grep "$drive2_uuid" | tr ' ' '\n' | grep '^.*:$' | sed 's/://')"
 
 systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 "$drive2_drive" || error_exit "Error: Failed to enroll luks2 key into tpm2"