You are not logged in.
A few days ago I booted up windows after a long time and also let it do some updates. It rebooted several times while doing updates. When I next tried to boot my arch system again I was greeted by grub rescue. That is the smallest problem however. After booting from a live system I was not able to access my encrypted root partition anymore. I then made full clone of the drive with ddrescue, before doing some more analysis.
Here is what my partition layout looks like (now):
GNU Parted 3.2
Using /dev/loop0
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) p
Model: Loopback device (loopback)
Disk /dev/loop0: 1000GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:
Number Start End Size File system Name Flags
1 1049kB 524MB 523MB ntfs Basic data partition hidden, diag
2 524MB 628MB 104MB fat32 EFI system partition boot, esp
3 628MB 645MB 16.8MB Microsoft reserved partition msftres
4 645MB 161GB 160GB Basic data partition msftdata
5 161GB 161GB 707MB ntfs hidden, diag
6 161GB 162GB 210MB bootArch msftdata
7 162GB 1000GB 839GB rootArchFirst of all what is msftdata? This should be my boot partition. My best guess is that windows modified the boot partition and wrote even further, damaging my encrypted root. The root was encrypted using LUKS. Unfortunately I don't have a backup file of my LUKS header. I once installed a new laptop by just cloning my whole disk, then resizing it, this didn't harm the encrypted root. However if I remember correctly for my current laptop I chose to do a fresh installation, so I can't just take the header from my old laptop. I tried just in case (maybe I did clone it after all).
sudo cryptsetup -v --header backupLuksHeader open /dev/loop0p7 test
Enter passphrase for /dev/loop0p7:
Key slot 0 unlocked.
Command successful.
sudo mount /dev/mapper/test testMnt
mount: wrong fs type, bad option, bad superblock on /dev/mapper/test,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - tryI believe that the unlocking works just means, that I have the correct password for the header? Thus If I use the header to unlock an arbitrary device it will work, but of course I'll decrypt garbage ... Is that correct? I plan to run some tool looking for files on the opened device anyway.
Also I believe it is vital that the partition table is still correct, even if the partitions are damaged. Is it safe to assume that windows update did not change the locations of the partitions? The sizes and labels seem right to me.
I also tried a scan of my whole drive for a luks header
LANG=C grep -obUaP "\x4C\x55\x4B\x53\xBA\xBE" /dev/sdabut it did't find anything. If it is safe to assume that the partition locations are not changed I just have to copy the start of my encrypted partition, this should be the header, correct?
I believe there is no way to recover my partition, but asking doesn't harm. Any advice? Thanks in advance!
Offline