Skip to content

Instantly share code, notes, and snippets.

@dragon788 dragon788/.crypt-fix.md
Last active Mar 29, 2019

Embed
What would you like to do?
Repair "ubuntu--vg-root" not found with LUKS and LVM encryption

Crypt-fix

Use this script via curl -L -O https://gist.github.com/dragon788/e777ba64d373210e4f6306ad40ee0e80/raw/a86f3d05fb56feb6ef01fc2d61a4feb2fd82b281/crypt-fix.sh and sudo bash ./crypt-fix.sh. You may need to edit the DEVICE variable to reflect your disk and partition layout (this was created on an EFI system using LUKS and LVM). It will prompt you for your disk password once to mount and discover the correct name for the encrypted volume mount and then prompt again to mount with the correct name so that the update-initramfs command succeeds with the appropriate mapping, if this wasn't done you would get a warning and your next boot would still fail.

#!/bin/bash
# Call with `sudo bash DEBUG=1 ./crypt-fix.sh` for verbose output
[ -n "$DEBUG"] && set -x
# Prompt user for device from /dev/sd* /dev/nvme* /dev/mmc* prefixes?
# For /dev/sda probably sda1 is EFI and sda2 is boot and sda3 is encrypted
DEVICE=/dev/nvme0n1
EFIPATH="${DEVICE}p1"
BOOTPATH="${DEVICE}p2"
CRYPTPATH="${DEVICE}p3"
TARGETPATH=/mnt
# Need root for mounting stuff
if ! (( $EUID == 0 )); then echo "Please run with `sudo $0`"; fi
clear_mounts () {
# Clears mounts in case of interrupt or upon exit to allow running script multiple times
umount $TARGETPATH/boot/efi
umount $TARGETPATH/boot
umount $TARGETPATH/proc
umount $TARGETPATH/dev
umount $TARGETPATH
vgchange -an
cryptsetup close temp_name
cryptsetup close $CRYPTNAME
set +x
}
trap clear_mounts INT EXIT
cryptsetup open $CRYPTPATH temp_name
vgchange -ay
# Can't get this until LVM devices are scanned above
ROOTPATH=$(ls /dev/mapper/* | grep root)
# Make sure nothing else is mounted on our $TARGETPATH
umount $TARGETPATH
wait
mount $ROOTPATH $TARGETPATH
# Find the name that is required for `update-initramfs` to properly update things
CRYPTNAME=$(cat $TARGETPATH/etc/crypttab | awk '{ print $1 }')
umount $TARGETPATH
vgchange -an
cryptsetup close temp_name
# This proper name is required for `update-initramfs` to properly update things
cryptsetup open $CRYPTPATH $CRYPTNAME
wait
vgchange -ay
ROOTPATH=$(ls /dev/mapper/* | grep root)
mount $ROOTPATH $TARGETPATH
mount $BOOTPATH $TARGETPATH/boot
mount $EFIPATH $TARGETPATH/boot/efi
mount -t proc proc $TARGETPATH/proc
mount -o bind /dev $TARGETPATH/dev
# Have also seen people mounting dev/pts and run and sys, they don't appear to be necessary
chroot $TARGETPATH update-initramfs -c -k all
echo "Completed crypt-fix, try rebooting and you should get prompted for your passphrase after grub"
@icio

This comment has been minimized.

Copy link

commented Nov 24, 2018

This was super useful - thanks for collecting it all together.

I somehow got myself into this situation by trying out different desktop managers. I ran sudo tasksel, unselected KDE Desktop and selected Mate Desktop, and then found I was unable to boot due to missing cryptsetup and the errors described above.

Once I was up and running again with a bootable Live USB stick, I wanted to revert to Ubuntu Desktop and fix initramfs. I first followed all of the steps in the above script up to update-initramfs to prepare /mnt. To revert the desktop manager on the encrypted drive, I had to:

cp /etc/resolv.conf /mnt/etc.resolv.conf
chroot # Pretend we're on the OS on the encrypted drive.
tasksel

After doing all of this, I still had to make sure that I had cryptsetup inside initramfs:

apt-get install cryptsetup-initramfs cryptsetup-run

Which itself triggered update-initramfs, but warned:

cryptsetup: WARNING: The initramfs image may not contain cryptsetup binaries nor crypto modules. If that's on purpose, you may want to uninstall the 'crypsetup-initramfs' package in order to disable the cryptsetup initramfs integration and avoid this warning.

To finally get cryptsetup into the initramfs I had to:

mount -t sysfs sys /sys
update-initramfs -c -k all

I was then able to reboot into gdm.

@lovromazgon

This comment has been minimized.

Copy link

commented Feb 22, 2019

Thanks for this, it helped me figure out a solution to my problem. After an update my computer booted right into a broken GRUB console which was missing commands (e.g. ls didn't work).

I was following the Manual Full System Encryption guide when installing Ubuntu. As mentioned in the Troubleshooting chapter, there is a script refreshgrub which fixed my problem. I created a separate script which helps you run refreshgrub without diving into too many details. Maybe it will help others with the same issue - https://gist.github.com/lovromazgon/7d0a5b6ac8f7557059a8b97e8442720b.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.