You are not logged in.

#1 2024-04-03 09:55:47

icid
Member
Registered: 2024-04-03
Posts: 5

LUKS full disk encrypted system not asking for passphrase after 1 year

I have a serious issue, so had to register on the forums. My story is the following:

I have a fully configured LUKS full disk encrypted Arch system with GUI and other bells and whistles that I had been using 5 years ago. It sits on an SSD that had been installed in a Lenovo X220 laptop. Over the years I have been using this laptop for other causes, meaning, I have been swapping SSDs in it quite frequently - using other linuxes, win, etc. Just as some debugging laptop.

This particular Arch SSD had been lying in a safe place for over a year unused. Last time I have installed this drive into my laptop approximately in spring 2023. (before that, the drive was in storage for approx 4 years unused). So a year ago I have tried booting into the system, but have forgotten the LUKS passphrase, so was unable to boot the system.

Now, this year, I have finally found my passphrase and was hoping that I would just enter it during boot and all good to go. I was wrong!

So now, whenever I boot, I don't get to see the "enter passphrase" prompt anymore! The system simply says "EFI Default Loader" and a countdown is shown. By the end of the countdown it tries to boot, but displays "No loader found. Configuration files in \loader\entries\*.conf are needed.".

I have googled a bit, but found answers that have nothing to do with my config. Some reporting typos in the arch.conf or something like that. All similar errors are encountered by users during the INSTALLATION phase! My system had been full configured, working and used in production for 3 years! Then 4 year break, then a year ago I tried booting, but couldn't remember the passphrase, then JUST SIT UNUSED, unplugged in cold storage for 1 year....and now THIS! Nothing has changed! Nobody touched it!

I have tried booting Ubuntu and mounting the Arch SSD inside a live boot system, which seems to work fine! Ubuntu's "Disks" application is reporting "Disk OK. 5 bad sectors". Come on! 5 bad sectors should be tolerable! Besides, all the partitions I have on this system are decrypting and mounting absolutely fine in Ubuntu.

Can somebody please help me out?? I really don't want to loose this system, as I have spent over 100 hours (or more) on configuring this Arch installation. Yeah, I can probably dump the configs from the filesystems, but reconfiguring everything from scratch would still take waay to long (I remember banging my head on the wall especially hard during the login splash screen config stage). How can we actually FIX this, instead of a typical Windows world solution requiring a full system reinstall??

Please help! Thanks!

Last edited by icid (2024-04-03 10:55:48)

Offline

#2 2024-04-03 10:38:57

impossibleveins23
Member
From: Israel
Registered: 2022-06-18
Posts: 147

Re: LUKS full disk encrypted system not asking for passphrase after 1 year

OK so you can mount the LUKS partitions. This is a good start.
Did you enable encrypt/sd-encrypt hooks in /etc/mkinitcpio.conf (and generate the ramfs following)?

*Also, follow this to see that the volume is configured correctly in kernel params.


* Good formatted problem description will cause good and quick solution smile
* Please don't forget to mark as [SOLVED].

Offline

#3 2024-04-03 11:09:30

icid
Member
Registered: 2024-04-03
Posts: 5

Re: LUKS full disk encrypted system not asking for passphrase after 1 year

impossibleveins23, I mean.. It used to be enabled..all hooks, etc.. wtf I have to redo this all of a sudden?! (this also raises all sorts of stability questions in my head, even if I do manage to get this working) Honestly, I don't remember the exact sequence for all the procedures, since I haven't touched these layers in years.. but OK.. I think I have an Arch installation medium lying around. I'll try booting and regenerating ramfs and everything else, but so far I don't even remember how to correctly start the installation process smile I'll have to smoke the manual for a bit to get started, so thanks for pointing out the relevant sections!

Last edited by icid (2024-04-03 11:12:00)

Offline

#4 2024-04-03 11:42:36

impossibleveins23
Member
From: Israel
Registered: 2022-06-18
Posts: 147

Re: LUKS full disk encrypted system not asking for passphrase after 1 year

If you have both the SSDs connected, you can mount the Arch partition from the Ubuntu and chroot into your Arch.
So you can:
1. Mount the LUKS volume.
2. Mount boot or your esp (i.e. /efi)
3. chroot into your arch SSD.
4. Check the kernel is installed and generate initramfs with encrypt/sd-encrypt.
5. Boot the kernel and see if it prompts for password.


* Good formatted problem description will cause good and quick solution smile
* Please don't forget to mark as [SOLVED].

Offline

#5 2024-04-03 11:58:51

icid
Member
Registered: 2024-04-03
Posts: 5

Re: LUKS full disk encrypted system not asking for passphrase after 1 year

Oh, yeah, cool, thanks! I was just about to ask if I could just chroot from Ubuntu's GUI instead of Arch's CLI.
What gets me is the question how did this happen that I have to regenerate initramfs? Trying it out now.

Offline

#6 2024-04-03 12:56:40

icid
Member
Registered: 2024-04-03
Posts: 5

Re: LUKS full disk encrypted system not asking for passphrase after 1 year

Doesn't work sad

Steps:

1. Boot Ubuntu
2. Decrypt LUKS boot partition
3. Decrypt LUKS root partition
4. Mount system partitions into Arch root for mkinitcpio to work with

mount -t proc /proc proc/
mount --rbind /sys sys/
mount --rbind /dev dev/

5. chroot into Arch root
6. Mount unencrypted boot partition into Arch root
7. Regenerate initramfs with

mkinitcpio -p linux

8. Reboot

This does not make any sense..

Offline

#7 2024-04-03 13:08:05

icid
Member
Registered: 2024-04-03
Posts: 5

Re: LUKS full disk encrypted system not asking for passphrase after 1 year

I mean, the UUID cloud not have possibly change on its own, right? I can't even understand on which layer this problem lies on. Maybe it's the first stage? That "loader.cfg" or whatever it's called? Or since it tries GRUB, then it gets passed it? Then it should be the cryptsetup pointers? Those mapper UUIDs, etc? Wtf? Why? How? How could this possibly break on its own? Guess I would have to read more on that full disk crypt manual Arch wiki has..

I was not even supposed to be doing this atm. I have misplaced another SSD, which I used for configuring another system and simply wanted to load my Arch for this purpose instead! omg

Offline

#8 2024-04-03 20:51:11

impossibleveins23
Member
From: Israel
Registered: 2022-06-18
Posts: 147

Re: LUKS full disk encrypted system not asking for passphrase after 1 year

Rereading your post, I see you don't see the GRUB menu as one of the EFI boot options at all. Right?
You can check by executing efibootmgr --unicode.
If so you may need to reinstall grub on this SSD.


* Good formatted problem description will cause good and quick solution smile
* Please don't forget to mark as [SOLVED].

Offline

Board footer

Powered by FluxBB