Then I executed sudo update-grub and rebooted the Raspberry.
Once rebooted, apparmor still won’t enable:
$ aa-enabled
No - disabled at boot.
$ aa-status
apparmor module is loaded.
apparmor filesystem is not mounted.
$ sudo systemctl status apparmor
○ apparmor.service - Load AppArmor profiles
Loaded: loaded (/usr/lib/systemd/system/apparmor.service; enabled; vendor preset: disabled)
Active: inactive (dead)
Condition: start condition failed at Mon 2022-06-27 00:32:08 CEST; 14min ago
└─ ConditionSecurity=apparmor was not met
Jun 27 00:32:08 raspberry systemd[1]: Load AppArmor profiles was skipped because of a failed condition check (ConditionSecurity=apparmor).
What am I missing?
OS info:
$ uname -a
Linux raspberry 5.15.48-1-MANJARO-ARM-RPI #1 SMP PREEMPT Fri Jun 17 22:14:20 UTC 2022 aarch64 GNU/Linux
I see you have apparmor=1 in GRUB_CMDLINE_LINUX_DEFAULT= but in the gentoo wiki they also have security=apparmor. Looking at the error above it seems to mention that not being set.
Looking at the arch wiki the minimal modules are enabled in the kernel they suggested but looking at the gentoo wiki some more might be brought in but I have not done their procedure to see yet.
Are you even sure grub is being used, your GRUB_CMDLINE_LINUX_DEFAULT= does not look right from what I remember booting with grub; I believe root= should be there. Basically the same as cmdline.txt with you additions and if I remember right cmdline.txt should not be present. I believe it is using your cmdline.txt instead. You can tell by looking at /proc/cmdline after booting.
Have you tried adding your additions to cmdline.txt with out grub. Also audit=0 in cmdline.txt might cause issues as as audit it is required by apparmor.
I have not messed wit efi/grub for several months as RPi broke it several kernels/firmware’s back and I have never revisited it.