Header Ads

Header ADS

BUG :: Cannot unlock encrypted root after upgrading to Ubuntu 22.04 due to use of non-standard ciphers


"ALERT! /dev/mapper/vgubuntu-root does not exist. Dropping to shell!"

This post is to help people who may have the same issue I had after upgrading ubuntu to version `Ubuntu 22.04.1 LTS`. 

First, this is a bug already reported here. The long solution was described here, which was not easier to find. 

On rare occasions, you might find that the computer fails to boot. This can happen if Windows makes a major (not necessarily large) update, or if Grub becomes corrupted in some other way.

Steps To Fix

  1. Boot into a Live USB/CD
    1. Download Ubuntu iso
  2. Check your keyboard

  3. Open a terminal
  4. Unlock your partition, enter the following command. Replace /dev/SYSTEM_PARTITION with your system partition, e.g. /dev/sda5 or /dev/nvme01n1p5. You will be prompted for your system passphrase.

sudo cryptsetup open /dev/SYSTEM_PARTITION encrypted_disk
  1. Mount your system partition. Replace /dev/EFI_PARTITION with your EFI System Partition (ESP), e.g. /dev/sda2 or /dev/nvme01n1p2.

sudo mkdir /mnt/root
sudo mount /dev/mapper/system-root /mnt/root sudo mount /dev/mapper/system-boot /mnt/root/boot sudo mount /dev/EFI_PARTITION /mnt/root/boot/efi
  1. Enter chroot (don't worry about what it means). You can see here what is chroot.

sudo mount --bind /dev /mnt/root/dev
sudo mount --bind /run /mnt/root/run
sudo chroot /mnt/root
mount --types=proc proc /proc mount --types=sysfs sys /sys
  1. Fix Grub. This might take a couple of minutes to run.
update-initramfs -u
  1. If you didn't see any error, it's done, your system should be fixed, just exit, reboot and be happy. 
  1. Close all open windows, and reboot your computer.

After finishing all the steps above and rebooting, your system should request the luks password to decrypt the disk to start the boot.  💪


After upgrading to Ubuntu 22.04 with an encrypted root filesystem, the root drive can no longer be unlocked at the "Please unlock disk <diskname>" prompt on boot.

The encrypted root disk can be unlocked fine from the liveCD, but not from the initramfs environment on boot.


The issue is caused by support for various luks encryption protocols now being missing from the initramfs environment due to changes introduced in OpenSSL 3.0 and Ubuntu pre-release testing not including a test-case of upgrading older Ubuntu versions with an encrypted root to the new version.

No comments

Theme images by sandsun. Powered by Blogger.