./0- and install TPM specific packages once done.
./1- && mortar-compilesigninstall /path/to/vmlinuz-kernel-image /path/to/initramfs.img --install-entry
sync && reboot
EITHER: Enable Secureboot Custom/Audit then run ./2- or:
mkdir -p /boot/efi/EFI/mortar-pub
cp /etc/mortar/private/*.crt /boot/efi/EFI/mortar-pub/
cp /etc/mortar/private/*.der /boot/efi/EFI/mortar-pub/
And install keys manually. Enforce Secureboot and test.
./3- && mortar-compilesigninstall
sync && reboot
umount /boot/efi
mkdir -p /boot2
cp -r /boot/* /boot2
umount /boot
mv /boot2/* /boot
rmdir /boot2
vim /etc/fstab
mount -a
sync && reboot