Join Log in
Score:0
taiBsu avatar Ubuntu

Unable to recover boot partition after encrypting root system

ke flag
taiBsu

I encrypted my existing NVMe root partition of Xubuntu 22.04.2 LTS using this guide.

Now, when trying to boot, I keep being thrown into the GRUB screen.

I have tried a lot to repair the bootloader using a live USB stick, e.g.

sudo cryptsetup open /dev/nvme0n1p2 rootfs
sudo mount /dev/mapper/rootfs /mnt
sudo mount /dev/nvme0n1p1 /mnt/boot/efi
for i in /dev /dev/pts /proc /run /sys; do sudo mount -B $i /mnt$i; done
sudo chroot /mnt

# and then multiple iterations and variants of following commands
apt update && apt -y install --reinstall grub-efi-amd64 linux-generic linux-headers-generic
grub-install
# or alternatively
grub-install /dev/nvme0n1

update-grub

update-initramfs -k all -c

Sometimes I got into a boot loop which threw me right into BIOS, another time I get into GRUB screen with no idea what to do.

I also tried using boot-repair, however even after opening the encrypted hard drive using cryptsetup open /dev/nvme0n1p2 rootfs I keep getting the error message "Encrypted partition detected. Please retry after mounting your encrypted partitions so that the tool can verify their contents. (sudo cryptsetup luksOpen /dev/nvme0n1p2 myvolume)".

Here's the boot-repair boot info log: debian pastezone

============================== Boot Info Summary ===============================

 => No boot loader is installed in the MBR of /dev/nvme0n1.
 => No boot loader is installed in the MBR of /dev/sda.
 => No boot loader is installed in the MBR of /dev/sdb.
 => No boot loader is installed in the MBR of /dev/sdc.
 => Windows 7/8/10/11/2012 is installed in the MBR of /dev/sde.

nvme0n1p1: _____________________________________________________________________

    File system:       vfat
    Boot sector type:  FAT32
    Boot sector info:  No errors found in the Boot Parameter Block.
    Operating System:  
    Boot files:        /grub/grub.cfg /efi/BOOT/fbx64.efi /efi/BOOT/mmx64.efi 
                       /efi/systemd/systemd-bootx64.efi 
                       /efi/ubuntu/grubx64.efi /efi/ubuntu/mmx64.efi 
                       /efi/ubuntu/shimx64.efi /efi/ubuntu/grub.cfg

nvme0n1p2: _____________________________________________________________________

    File system:       crypto_LUKS
    Boot sector type:  Unknown
    Boot sector info: 

sda1: __________________________________________________________________________

    File system:       crypto_LUKS
    Boot sector type:  Unknown
    Boot sector info: 

sdb1: __________________________________________________________________________

    File system:       crypto_LUKS
    Boot sector type:  Unknown
    Boot sector info: 

sdc1: __________________________________________________________________________

    File system:       crypto_LUKS
    Boot sector type:  Unknown
    Boot sector info: 

sde1: __________________________________________________________________________

    File system:       crypto_LUKS
    Boot sector type:  Unknown
    Boot sector info: 

sdd: ___________________________________________________________________________

    File system:       crypto_LUKS
    Boot sector type:  Unknown
    Boot sector info: 

sdf: ___________________________________________________________________________

    File system:       iso9660
    Boot sector type:  Unknown
    Boot sector info: 
    Operating System:  
    Boot files:        /boot/grub/grub.cfg


================================ 1 OS detected =================================

OS#1:   Ubuntu 22.04.2 LTS on mapper/rootfs

================================ Host/Hardware =================================

CPU architecture: 64-bit
Video: GF108 [GeForce GT 440] from NVIDIA Corporation
Live-session OS is Ubuntu 64-bit (Boot-Repair-Disk 64bit 20200604, bionic, x86_64)

===================================== UEFI =====================================

BIOS/UEFI firmware: 1.K0 from American Megatrends Inc.
The firmware is EFI-compatible, and is set in EFI-mode for this live-session.
SecureBoot disabled (confirmed by mokutil).
BootCurrent: 0004
Timeout: 1 seconds
BootOrder: 0002,0000,0004,0005,0001,0003
Boot0000* Linux Boot Manager    HD(1,GPT,7b7462c4-0e32-437d-a027-aff94aeb7d20,0x800,0xff000)/File(\EFI\SYSTEMD\SYSTEMD-BOOTX64.EFI)
Boot0001  Hard Drive    BBS(HD,,0x0)/VenHw(5ce8128b-2cec-40f0-8372-80640e3dc858,0200)..GO..NO........}.T.S.1.2.8.G.M.T.E.1.1.0.S...................\.,[email protected].=.X..........A.......................................*..Gd-.;.A..MQ..L.G.5.8.3.7.9.1.0.2.1........BO..NO..........S.a.n.D.i.s.k. .S.D.8.S.N.A.T.-.1.2.8.G.-.1.0.0.6...................\.,[email protected].=.X..........A.................................>..Gd-.;.A..MQ..L.6.1.6.3.9.2.2.4.0.3.1.1. . . . . . . . ........BO..NO..........S.T.2.0.0.0.D.M.0.0.8.-.2.F.R.1.0.2...................\.,[email protected].=.X..........A.................................>..Gd-.;.A..MQ..L. . . . . . . . . . . . .F.W.2.L.V.4.C.W........BO..NO..........S.T.2.0.0.0.D.M.0.0.8.-.2.F.R.1.0.2...................\.,[email protected].=.X..........A.................................>..Gd-.;.A..MQ..L. . . . . . . . . . . . .F.W.0.L.F.J.Y.A........BO..NO..........T.-.F.O.R.C.E. .1.T.B...................\.,[email protected].=.X..........A.................................>..Gd-.;.A..MQ..L.1.1.0.2.7.0.7.0.2.0.0.5.1.0. .0. . . . ........BO..NO..........W.D.C. .W.D.8.0.E.F.Z.Z.-.6.8.B.T.X.N.0...................\.,[email protected].=.X..........A.................................>..Gd-.;.A..MQ..L. . . . . . . . .W. .-.D.A.C.4.1.0.S.K.6........BO
Boot0002* ubuntu    HD(1,GPT,7b7462c4-0e32-437d-a027-aff94aeb7d20,0x800,0xff000)/File(\EFI\UBUNTU\SHIMX64.EFI)
Boot0003  USB KEY   BBS(HD,,0x0)/VenHw(5ce8128b-2cec-40f0-8372-80640e3dc858,0b00)..GO..NO........a.G.e.n.e.r.a.l. .U.D.i.s.k. .5...0.0...................\.,[email protected].=.X..........A................................Gd-.;.A..MQ..L..........BO
Boot0004* UEFI: General UDisk 5.00  PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)/USB(9,0)/CDROM(1,0x3c4,0x4d00)..BO
Boot0005* UEFI: General UDisk 5.00, Partition 2 PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)/USB(9,0)/HD(2,MBR,0x2c534026,0x3c4,0x1340)..BO

a9c517741ac31962d7feb152948ad1ee   nvme0n1p1/BOOT/fbx64.efi
a660182adef313615746a665966d2ccc   nvme0n1p1/BOOT/mmx64.efi
28da651ee9bfa8571bfc218b7f6cb200   nvme0n1p1/systemd/systemd-bootx64.efi
5ddf997e8b025bfbc2009e85b32f60dc   nvme0n1p1/ubuntu/grubx64.efi
a660182adef313615746a665966d2ccc   nvme0n1p1/ubuntu/mmx64.efi
64349b3622c65f495a99dbf6102496e3   nvme0n1p1/ubuntu/shimx64.efi
64349b3622c65f495a99dbf6102496e3   nvme0n1p1/BOOT/BOOTX64.efi

============================= Drive/Partition Info =============================

Disks info: ____________________________________________________________________

nvme0n1 : is-GPT,   no-BIOSboot,    has---ESP,  not-usb,    not-mmc, no-os, no-wind,    2048 sectors * 512 bytes
sda : is-GPT,   no-BIOSboot,    has-noESP,  not-usb,    not-mmc, has-os,    no-wind,    2048 sectors * 512 bytes

Partitions info (1/3): _________________________________________________________

nvme0n1p1   : no-os,    64, nopakmgr,   no-docgrub, nogrub, nogrubinstall,  grubenv-ok, noupdategrub,   not-far
mapper/rootfs   : is-os,    64, apt-get,    signed grub-pc grub-efi ,   grub2,  grub-install,   grubenv-ng, update-grub,    not-far

Partitions info (2/3): _________________________________________________________

nvme0n1p1   : is---ESP, part-has-no-fstab,  no-nt,  no-winload, no-recov-nor-hid,   no-bmgr,    notwinboot
mapper/rootfs   : isnotESP, fstab-has-goodEFI,  no-nt,  no-winload, no-recov-nor-hid,   no-bmgr,    notwinboot

Partitions info (3/3): _________________________________________________________

nvme0n1p1   : not--sepboot, no---boot,  part-has-no-fstab,  not-sep-usr,    no---usr,   part-has-no-fstab,  no--grub.d, nvme0n1
mapper/rootfs   : not--sepboot, with-boot,  fstab-without-boot, not-sep-usr,    with--usr,  fstab-without-usr,  std-grub.d, sda

fdisk -l (filtered): ___________________________________________________________

Disk nvme0n1: 119.2 GiB, 128035676160 bytes, 250069680 sectors
Disk identifier: 5345F0EE-F12B-4A70-BC5D-3BA005C516CC
            Start       End   Sectors   Size Type
nvme0n1p1    2048   1046527   1044480   510M EFI System
nvme0n1p2 1046528 250068991 249022464 118.8G Linux filesystem
Disk sda: 1.8 TiB, 2000398934016 bytes, 3907029168 sectors
Disk identifier: 523E7DA8-0EF9-40AC-ADDC-51F078BA78EE
      Start        End    Sectors  Size Type
sda1   2048 3907028991 3907026944  1.8T unknown
Disk sdb: 1.8 TiB, 2000398934016 bytes, 3907029168 sectors
Disk identifier: 5FDE81DC-AE93-4E0C-95AA-8D9A61AF30C3
      Start        End    Sectors  Size Type
sdb1   2048 3907028991 3907026944  1.8T unknown
Disk sdc: 119.2 GiB, 128035676160 bytes, 250069680 sectors
Disk identifier: 60632461-A2BD-4576-A998-2D273971ECB9
      Start       End   Sectors   Size Type
sdc1   2048 250068991 250066944 119.2G unknown
Disk sdd: 7.3 TiB, 8001563222016 bytes, 15628053168 sectors
Disk sde: 953.9 GiB, 1024209543168 bytes, 2000409264 sectors
Disk identifier: DD8D9E63-1C14-4089-BEE8-831E61525CAE
      Start        End    Sectors   Size Type
sde1   2048 2000408575 2000406528 953.9G unknown
Disk sdf: 29.3 GiB, 31457280000 bytes, 61440000 sectors
Disk identifier: 0x2c534026
      Boot Start     End Sectors  Size Id Type
sdf1  *        0 1802239 1802240  880M  0 Empty
sdf2         964    5891    4928  2.4M ef EFI (FAT-12/16/32)
Disk zram0: 1.3 GiB, 1403592704 bytes, 342674 sectors
Disk zram1: 1.3 GiB, 1403592704 bytes, 342674 sectors
Disk zram2: 1.3 GiB, 1403592704 bytes, 342674 sectors
Disk zram3: 1.3 GiB, 1403592704 bytes, 342674 sectors
Disk zram4: 1.3 GiB, 1403592704 bytes, 342674 sectors
Disk zram5: 1.3 GiB, 1403592704 bytes, 342674 sectors
Disk zram6: 1.3 GiB, 1403592704 bytes, 342674 sectors
Disk zram7: 1.3 GiB, 1403592704 bytes, 342674 sectors
Disk zram8: 1.3 GiB, 1403592704 bytes, 342674 sectors
Disk zram9: 1.3 GiB, 1403592704 bytes, 342674 sectors
Disk zram10: 1.3 GiB, 1403592704 bytes, 342674 sectors
Disk zram11: 1.3 GiB, 1403592704 bytes, 342674 sectors
Disk mapper/rootfs: 118.8 GiB, 127491112960 bytes, 249006080 sectors

parted -lm (filtered): _________________________________________________________

sda:2000GB:scsi:512:4096:gpt:ATA ST2000DM008-2FR1:;
1:1049kB:2000GB:2000GB:::;
sdb:2000GB:scsi:512:4096:gpt:ATA ST2000DM008-2FR1:;
1:1049kB:2000GB:2000GB:::;
sdc:128GB:scsi:512:4096:gpt:ATA SanDisk SD8SNAT-:;
1:1049kB:128GB:128GB:::;
sdd:8002GB:scsi:512:4096:unknown:ATA WDC WD80EFZZ-68B:;
sde:1024GB:scsi:512:512:gpt:ATA T-FORCE 1TB:;
1:1049kB:1024GB:1024GB:::;
sdf:31.5GB:scsi:512:512:msdos:General UDisk:;
2:494kB:3017kB:2523kB:::esp;
mapper/rootfs:127GB:dm:512:512:loop:Linux device-mapper (crypt):;
1:0.00B:127GB:127GB:ext4::;
nvme0n1:128GB:nvme:512:512:gpt:TS128GMTE110S:;
1:1049kB:536MB:535MB:fat32::boot, esp;
2:536MB:128GB:127GB:::;

Free space >10MiB: ______________________________________________________________

sdf: 2.88MiB:30000MiB:29997MiB

blkid (filtered): ______________________________________________________________

NAME        FSTYPE      UUID                                 PARTUUID                             LABEL                  PARTLABEL
sda                                                                                                                      
└─sda1      crypto_LUKS f3f66cdb-3f23-4349-8fba-34dcfc4e4cda 84e2d641-cb21-481e-9990-e75d1e4a9ecc                        
sdb                                                                                                                      
└─sdb1      crypto_LUKS 56c3b9f8-c9f3-48a6-be97-b2d95c3da4b2 261ff605-7ed8-4ec3-8a25-94bf267a7a03                        
sdc                                                                                                                      
└─sdc1      crypto_LUKS e0eaa6a9-d2c0-4fcc-8c7e-bba4356ebb25 04171254-527f-4d91-8430-1e28a16f1706                        
sdd         crypto_LUKS 57ebf54e-aa8f-4dc9-9808-a4c1411b61fe                                                             
sde                                                                                                                      
└─sde1      crypto_LUKS 3691525b-fbc5-47c5-9871-918a08cfe6ad 6481d0ff-32ce-4de4-9d29-1e8c61508993                        
sdf         iso9660     2020-06-13-00-42-55-00                                                    Boot-Repair-Disk 64bit 
├─sdf1      iso9660     2020-06-13-00-42-55-00               2c534026-01                          Boot-Repair-Disk 64bit 
└─sdf2      vfat        D055-8513                            2c534026-02                          Boot-Repair-Disk 64bit 
nvme0n1                                                                                                                  
├─nvme0n1p1 vfat        5B2A-905A                            7b7462c4-0e32-437d-a027-aff94aeb7d20                        
└─nvme0n1p2 crypto_LUKS 17264dfd-5a62-4e46-b158-947550fd9d3e 417a1109-5462-4376-8e99-9a1ab230e33b                        
  └─rootfs  ext4        b12717bb-64f6-4a97-ab38-4722a80cece7                                                             

Mount points (filtered): _______________________________________________________

                    Avail Use% Mounted on
/dev/mapper/rootfs  64.9G  39% /mnt/boot-sav/mapper/rootfs
/dev/nvme0n1p1     494.5M   3% /mnt/boot-sav/nvme0n1p1
/dev/sdf                0 100% /cdrom

Mount options (filtered): ______________________________________________________


============================== ls -R /dev/mapper/ ==============================

/dev/mapper:
control
rootfs

====================== nvme0n1p1/grub/grub.cfg (filtered) ======================

### END /etc/grub.d/30_os-prober ###
UEFI Firmware Settings   uefi-firmware
### END /etc/grub.d/30_uefi-firmware ###

=================== nvme0n1p1/efi/ubuntu/grub.cfg (filtered) ===================

search.fs_uuid b12717bb-64f6-4a97-ab38-4722a80cece7 root 
set prefix=($root)'/boot/grub'
configfile $prefix/grub.cfg

================= nvme0n1p1: Location of files loaded by Grub ==================

           GiB - GB             File                                 Fragment(s)
            ?? = ??             grub/grub.cfg                                  1

====================== sdf/boot/grub/grub.cfg (filtered) =======================

Boot-Repair-Disk session
Boot-Repair-Disk session (failsafe)

==================== sdf: Location of files loaded by Grub =====================

           GiB - GB             File                                 Fragment(s)
            ?? = ??             boot/grub/grub.cfg                             1

================================= User choice ==================================

Is there RAID on this computer? no



Suggested repair: ______________________________________________________________

The default repair of the Boot-Repair utility would purge (in order to unsign) and reinstall the grub-efi of
mapper/rootfs,
using the following options:  nvme0n1p1/boot/efi
Additional repair would be performed: unhide-bootmenu-10s use-standard-efi-file

Blockers in case of suggested repair: __________________________________________

 Encrypted partition detected. Please retry after mounting your encrypted partitions so that the tool can verify their contents. (sudo cryptsetup luksOpen /dev/nvme0n1p2 myvolume)

Final advice in case of suggested repair: ______________________________________

Please do not forget to make your UEFI firmware boot on the Ubuntu 22.04.2 LTS entry (nvme0n1p1/efi/****/grub****.efi (**** will be updated in the final message) file) !
71
0 + 3
waltinator avatar
it flag
waltinator
Not an answer, but an explanation of why you're out of luck. When the system boots, it knows nothing about encryption/decryption. `grub` is trying to find the Ubuntu system to boot, but all it sees is an encrypted mess.
0
Reply
Nmath avatar
ng flag
Nmath
There's a few possibilities: 1) you didn't follow the procedure correctly; 2) there were errors with one or more of the steps, and you passed over a step or steps without them completing; or 3) the procedure you followed is wrong or outdated. It is a personal blog post from three years ago which is not an authoritative source. In any case, reviewing how many steps it takes to encrypt a system after-the-fact, there's a good reason why it's not a good practice to try to encrypt after installation. I recommend reinstalling, and encrypt during installation, and restore your backups
0
Reply
taiBsu avatar
ke flag
taiBsu
@Nmath unfortunately, that's what I ended up doing.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.