#StackBounty: #boot #grub2 #mount #encryption Grub looking for an encrypted root UUID before the container decryption

Bounty: 100

I was cleaning Ubuntu 18.10 with bleachbit when my PC froze. When rebooting, I was stucked after Grub at BusyBox (initramfs). When exiting BusyBox, I get the message:

ALERT! UUID=f6fc1852-25c6-47a6-9976-... does not exist. Dropping to a shell.

The recovery mode failed just as well.

I rebooted with a Live CD and ran fsck -f on the disk, minor errors were detected and fixed, then the output was ok, but the system did not pass Grub on reboot.

I have a LVM fully encrypted with a different /boot partition in clear:

$ sudo fdisk -l
Disk /dev/nvme0n1: 477 GiB, 512110190592 bytes, 1000215216 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 6B6C7A2C-478C-4999-ABD9-53A3BB5FE607

Device             Start        End   Sectors   Size Type
/dev/nvme0n1p1      2048     534527    532480   260M EFI System
/dev/nvme0n1p2    534528     567295     32768    16M Microsoft reserved
/dev/nvme0n1p3    567296  547442295 546875000 260.8G Microsoft basic data
/dev/nvme0n1p4 998166528 1000214527   2048000  1000M Windows recovery environment
/dev/nvme0n1p5 547442688  547969023    526336   257M Linux filesystem
/dev/nvme0n1p6 547969024  998166527 450197504 214.7G Linux filesystem

$ sudo blkid
/dev/nvme0n1p1: LABEL="SYSTEM" UUID="7AA1-7D80" TYPE="vfat" PARTLABEL="EFI system partition" PARTUUID="8030af7e-64f9-4090-9457-fcd97de33216"
/dev/nvme0n1p3: LABEL="Windows" UUID="DA32A3D932A3B8C1" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="ccc54701-8855-4d06-a7af-b3c4ce9e3c11"
/dev/nvme0n1p4: LABEL="WinRE_DRV" UUID="B242A4E642A4B111" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="73272228-de36-4cb9-959e-53792c2dc104"
/dev/nvme0n1p5: UUID="8618de9e-f06e-46de-9717-38f6da7b1969" TYPE="ext4" PARTUUID="7cdfe2e1-103d-4cf1-9436-0008d34b5ed6"
/dev/nvme0n1: PTUUID="6b6c7a2c-478c-4999-abd9-53a3bb5fe607" PTTYPE="gpt"
/dev/nvme0n1p2: PARTLABEL="Microsoft reserved partition" PARTUUID="6d62624f-eba4-4fbb-838e-9ce6087d1135"
/dev/nvme0n1p6: UUID="69a32ddc-3092-487f-99b5-b0e757c5ddf1" TYPE="crypto_LUKS" PARTUUID="f7199882-ca6f-44a9-8730-92386d62ef50"

No UUID here begins with f6fc. I think it was the UUID of the encrypted LVM on the / partition once decrypted with udisksctl unlock -b.

The fstab is

# /etc/fstab: static file system information.
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
/dev/mapper/nvme0n1p6_crypt /               ext4    errors=remount-ro 0       1
# /boot was on /dev/nvme0n1p5 during installation
UUID=8618de9e-f06e-46de-9717-38f6da7b1969 /boot           ext4    defaults        0       2
# /boot/efi was on /dev/nvme0n1p1 during installation
UUID=7AA1-7D80  /boot/efi       vfat    umask=0077      0       1
# /windows was on /dev/nvme0n1p3 during installation
UUID=DA32A3D932A3B8C1 /windows        ntfs    defaults,umask=007,gid=46 0       0
/swapfile                                 none            swap    sw              0       0

So I tried to chroot the system and reinstall Grub, using both udisksctl unlock -b and what follows to decrypt the root:

$ sudo cryptsetup luksOpen /dev/nvme0n1p6 crypt
Enter passphrase for /dev/nvme0n1p6: 
$ sudo vgchange -ay
$ sudo mount /dev/mapper/crypt /mnt
$ sudo mount /dev/nvme0n1p5 /mnt/boot/
$ sudo mount -t proc proc /mnt/proc
$ sudo mount -o bind /dev /mnt/dev
$ sudo mount -o bind /sys /mnt/sys
$ sudo chroot /mnt
root@ubuntu:/# update-initramfs -c -k all
update-initramfs: Generating /boot/initrd.img-4.18.0-12-generic
Warning: couldn't identify filesystem type for fsck hook, ignoring.
root@ubuntu:/# update-grub
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.18.0-12-generic
Found initrd image: /boot/initrd.img-4.18.0-12-generic
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
Adding boot menu entry for EFI firmware configuration

But, here, Grub does not detect Windows 10 and you guess if I post here, it’s because it didn’t work. I’m still stuck with this strange error on an UUID that is not in fstab. I also tried to grub-install on the whole disk, no change.

Edit: unlocking the root with udisks2, I get :

$ sudo udisksctl unlock -b /dev/nvme0n1p6
Unlocked /dev/nvme0n1p6 as /dev/dm-0.
$ sudo udisksctl mount -b /dev/dm-0 
Mounted /dev/dm-0 at /media/root/f6fc1852-25c6-47a6-9776-4ed8b8d6b70e.

notice the name of the media, it’s the same as the faulty UUID. So I suspect Grub is looking for the UUID of the decrypted LVM before it is actually decrypted. The problem is where to find that call ?

Edit 2: meanwhile, having rebooted on Windows 10 for the first time in 3 months, the BIOS and SSD firmware were updated. Still no luck with Grub.

Edit 3: I found the bad call in /boot/grub/grub.cfg :

menuentry 'Ubuntu' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-f6fc1852-25c6-47a6-9776-4ed8b8d6b70e' {
    gfxmode $linux_gfx_mode
    insmod gzio
    if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
    insmod part_gpt
    insmod ext2
    if [ x$feature_platform_search_hint = xy ]; then
      search --no-floppy --fs-uuid --set=root  8618de9e-f06e-46de-9717-38f6da7b1969
      search --no-floppy --fs-uuid --set=root 8618de9e-f06e-46de-9717-38f6da7b1969
    linux   /vmlinuz-4.18.0-12-generic root=UUID=f6fc1852-25c6-47a6-9776-4ed8b8d6b70e ro  quiet splash elevator=noop $vt_handoff
    initrd  /initrd.img-4.18.0-12-generic

but here is /etc/default/grub:

# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.
# For full documentation of the options in this file, see:
#   info -f grub -n 'Simple configuration'

GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash elevator=noop"

# Uncomment to enable BadRAM filtering, modify to suit your needs
# This works with Linux (no patch required) and with any kernel that obtains
# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)

# Uncomment to disable graphical terminal (grub-pc only)

# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'

# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux

# Uncomment to disable generation of recovery mode menu entries

# Uncomment to get a beep at grub start
#GRUB_INIT_TUNE="480 440 1"

So, how do I make that right ?

Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.