Header Ads

Header ADS

BUG :: Cannot unlock encrypted root after upgrading to Ubuntu 22.04 due to use of non-standard ciphers

Tuesday, October 25, 2022 0

 


"ALERT! /dev/mapper/vgubuntu-root does not exist. Dropping to shell!"

This post is to help people who may have the same issue I had after upgrading ubuntu to version `Ubuntu 22.04.1 LTS`. 

First, this is a bug already reported here. The long solution was described here, which was not easier to find. 

On rare occasions, you might find that the computer fails to boot. This can happen if Windows makes a major (not necessarily large) update, or if Grub becomes corrupted in some other way.

Steps To Fix

  1. Boot into a Live USB/CD
    1. Download Ubuntu iso

  2. Check your keyboard

  3. Open a terminal

  4. Unlock your partition, enter the following command. Replace /dev/SYSTEM_PARTITION with your system partition, e.g. /dev/sda5 or /dev/nvme01n1p5. You will be prompted for your system passphrase.


    sudo cryptsetup open /dev/SYSTEM_PARTITION encrypted_disk

  1. Mount your system partition. Replace /dev/EFI_PARTITION with your EFI System Partition (ESP), e.g. /dev/sda2 or /dev/nvme01n1p2.


    sudo mkdir /mnt/root
    sudo mount /dev/mapper/system-root /mnt/root
    sudo mount /dev/mapper/system-boot /mnt/root/boot
    sudo mount /dev/EFI_PARTITION /mnt/root/boot/efi

  1. Enter chroot (don't worry about what it means). You can see here what is chroot.


    sudo mount --bind /dev /mnt/root/dev
    sudo mount --bind /run /mnt/root/run

    sudo chroot /mnt/root

    mount --types=proc proc /proc
    mount --types=sysfs sys /sys
  1. Fix Grub. This might take a couple of minutes to run.
   update-initramfs -u
  1. If you didn't see any error, it's done, your system should be fixed, just exit, reboot and be happy. 
   exit
   reboot
  1. Close all open windows, and reboot your computer.

After finishing all the steps above and rebooting, your system should request the luks password to decrypt the disk to start the boot.  💪


Impact

After upgrading to Ubuntu 22.04 with an encrypted root filesystem, the root drive can no longer be unlocked at the "Please unlock disk <diskname>" prompt on boot.

The encrypted root disk can be unlocked fine from the liveCD, but not from the initramfs environment on boot.

Cause

The issue is caused by support for various luks encryption protocols now being missing from the initramfs environment due to changes introduced in OpenSSL 3.0 and Ubuntu pre-release testing not including a test-case of upgrading older Ubuntu versions with an encrypted root to the new version.




Tags:

No comments

Subscribe to: Post Comments ( Atom )
Theme images by sandsun. Powered by Blogger.