[SOLVED] Boot of encrypted root starts emergency shell

Sir-Photch · 2023-04-08 03:05:00

Okay, I'm out of luck right now;

My laptop cannot attach my encrypted root device during boot; Plymouth won't show a password prompt, and pressing ESC shows the following error:

ERROR: device '/dev/mapper/luksdev' not found. Skipping fsck.
mount: /new_root: special device /dev/mapper/luksdev does not exist.
You are being now dropped into an emergency shell.
sh: can't access tty; job control turned off

With a rootfs prompt. My kernel parameters are:

cryptdevice=PARTUUID=...:luksdev root=/dev/mapper/luksdev rootflags=subvol=/@ rw intel_pstate=no_hwp rootfstype=btrfs quiet splash vt.global_cursor_default=0 fbcon=nodefer

I double checked using blkid that the UUID is correct.
I cannot mount my root partition manually, since

mount dev/nvme0n1p2 new_root

returns:

Unknown filesystem: 'crypto_LUKS'.

Switching to booting with a LTS kernel does not fix this.

How can I keep debugging this? I suppose something failed during the last run of mkinitcpio during updates, but I am afraid I didn't pay attention...

Last edited by Sir-Photch (2023-04-08 08:50:05)

Revelation60 · 2023-04-08 08:06:11

I have the same issue, I assume the latest version of mkinitcpio has a bad bug. What makes matters worse is that I am on a 12 hour train ride and I need my laptop for work, and I don't have access to a recovery usb...

Cryptsetup does not seem to exist in the emergency shell it seems.

Can someone helps us?

Last edited by Revelation60 (2023-04-08 08:10:42)

frostschutz · 2023-04-08 08:35:05

if you guys have plymouth enabled I think there were a few threads on that already, I don't use plymouth myself so no clue

in the initramfs shell try to see if command line is correct, devices are present (boot the fallback image), and luks can be opened manually

# check if kernel parameters as expected
cat /proc/cmdline
# check if block devices and partitions present
cat /proc/partitions
# check if UUID can be found
ls -l /dev/disk/by-partuuid/ /dev/disk/by-uuid/
# try to open cryptsetup manually
cryptsetup open /dev/yourdevice cryptyourdevice # (/dev/yourdevice = /dev/disk/by-uuid/YOURUUID or whatever)
# activate LVM if you use that
lvm vgchange -a y

if you can get this far you should be able to proceed by exiting the emergency shell... unless that shell was pid 1 already, then you just exec /init or mount your rootfs to /new_root and exec switch_root /new_root/sbin/init ... something like that?

Last edited by frostschutz (2023-04-08 08:36:04)

Sir-Photch · 2023-04-08 08:49:49

Okay, I've solved this. The issue is that the hook `plymouth-crypt` is missing during the build of mkinicpio.
To solve this, you need a bootable arch linux usb drive and chroot into your root after decrypting it.
Then, edit your mkinitcpio-config and change `plymouth-crypt` to just `crypt`. Then re-run mkinitcpio.

Revelation60 · 2023-04-08 08:52:19

I have

:: running hook resume
Waiting 10 second for device /dev/mapper/root
... Some more stuff

[rootfs ]# cryptsetup
Sh: cryptsetup not found

My cryptdevice has the correct uuid, but I can't run cryptsetup.

Last edited by Revelation60 (2023-04-08 08:52:38)

Sir-Photch · 2023-04-08 08:53:24

Revelation60 wrote:

My cryptdevice has the correct uuid, but I can't run cryptsetup.

I think you need to boot from a archlinux live usb. There, cryptsetup is available.

frostschutz · 2023-04-08 08:57:35

Well. Without access to a working cryptsetup binary, you're stuck completely. Nothing you can do without a live usb or similar.

Maybe another passenger on your train has one or could help you create one. Or you could use your phone with DriveDroid or similar app that lets you use the phone like a thumbdrive. But I've never tried that.

3beb6e7c46a615a · 2023-04-08 10:22:37

frostschutz wrote:

Well. Without access to a working cryptsetup binary, you're stuck completely. Nothing you can do without a live usb or similar.

If /etc/crypttab or corresponding kernel parameters exist I think you should be able to "systemctl start systemd-cryptsetup@<name-of-mapper>.service" from the emergency shell. Perhaps you can also "systemctl start cryptsetup.target" to have all devices encrypted, but I'm not sure if targets work this way.

frostschutz · 2023-04-08 12:06:32

Right, if you're using systemd sd-encrypt there might not be a cryptsetup binary.

It would have these files then:

usr/lib/cryptsetup/
usr/lib/cryptsetup/libcryptsetup-token-systemd-fido2.so
usr/lib/cryptsetup/libcryptsetup-token-systemd-pkcs11.so
usr/lib/cryptsetup/libcryptsetup-token-systemd-tpm2.so
usr/lib/libcryptsetup.so.12
usr/lib/libcryptsetup.so.12.9.0
usr/lib/systemd/system-generators/systemd-cryptsetup-generator
usr/lib/systemd/system/cryptsetup.target
usr/lib/systemd/system/sysinit.target.wants/cryptsetup.target
usr/lib/systemd/systemd-cryptsetup

But my guess is that the situation here is different... most likely a custom encrypt hook was being used (plymouth?), that hook vanished (now integrated in regular encrypt hook), as a result the custom hook is no longer included at all, so the initramfs was built without any cryptsetup support.

Sir-Photch · 2023-04-08 12:49:29

frostschutz wrote:

But my guess is that the situation here is different... most likely a custom encrypt hook was being used (plymouth?), that hook vanished (now integrated in regular encrypt hook), as a result the custom hook is no longer included at all, so the initramfs was built without any cryptsetup support.

I am pretty sure this was the case.

Revelation60 · 2023-04-08 13:09:03

I managed to quickly buy a USB C pen drive on a train station. Then I flashed the arch rescue disk from my phone and managed to fix the plymouth-encrypt issue. It was a journey!

Arch Linux

#1 2023-04-08 03:05:00

[SOLVED] Boot of encrypted root starts emergency shell

#2 2023-04-08 08:06:11

Re: [SOLVED] Boot of encrypted root starts emergency shell

#3 2023-04-08 08:35:05

Re: [SOLVED] Boot of encrypted root starts emergency shell

#4 2023-04-08 08:49:49

Re: [SOLVED] Boot of encrypted root starts emergency shell

#5 2023-04-08 08:52:19

Re: [SOLVED] Boot of encrypted root starts emergency shell

#6 2023-04-08 08:53:24

Re: [SOLVED] Boot of encrypted root starts emergency shell

#7 2023-04-08 08:57:35

Re: [SOLVED] Boot of encrypted root starts emergency shell

#8 2023-04-08 10:22:37

Re: [SOLVED] Boot of encrypted root starts emergency shell

#9 2023-04-08 12:06:32

Re: [SOLVED] Boot of encrypted root starts emergency shell

#10 2023-04-08 12:49:29

Re: [SOLVED] Boot of encrypted root starts emergency shell

#11 2023-04-08 13:09:03

Re: [SOLVED] Boot of encrypted root starts emergency shell

Board footer