#StackBounty: #boot #grub2 #mount #encryption Grub looking for an encrypted root UUID before the container decryption

Bounty: 100

I was cleaning Ubuntu 18.10 with bleachbit when my PC froze. When rebooting, I was stucked after Grub at BusyBox (initramfs). When exiting BusyBox, I get the message:

ALERT! UUID=f6fc1852-25c6-47a6-9976-... does not exist. Dropping to a shell.

The recovery mode failed just as well.

I rebooted with a Live CD and ran fsck -f on the disk, minor errors were detected and fixed, then the output was ok, but the system did not pass Grub on reboot.

I have a LVM fully encrypted with a different /boot partition in clear:

$ sudo fdisk -l
Disk /dev/nvme0n1: 477 GiB, 512110190592 bytes, 1000215216 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 6B6C7A2C-478C-4999-ABD9-53A3BB5FE607

Device             Start        End   Sectors   Size Type
/dev/nvme0n1p1      2048     534527    532480   260M EFI System
/dev/nvme0n1p2    534528     567295     32768    16M Microsoft reserved
/dev/nvme0n1p3    567296  547442295 546875000 260.8G Microsoft basic data
/dev/nvme0n1p4 998166528 1000214527   2048000  1000M Windows recovery environment
/dev/nvme0n1p5 547442688  547969023    526336   257M Linux filesystem
/dev/nvme0n1p6 547969024  998166527 450197504 214.7G Linux filesystem

$ sudo blkid
/dev/nvme0n1p1: LABEL="SYSTEM" UUID="7AA1-7D80" TYPE="vfat" PARTLABEL="EFI system partition" PARTUUID="8030af7e-64f9-4090-9457-fcd97de33216"
/dev/nvme0n1p3: LABEL="Windows" UUID="DA32A3D932A3B8C1" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="ccc54701-8855-4d06-a7af-b3c4ce9e3c11"
/dev/nvme0n1p4: LABEL="WinRE_DRV" UUID="B242A4E642A4B111" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="73272228-de36-4cb9-959e-53792c2dc104"
/dev/nvme0n1p5: UUID="8618de9e-f06e-46de-9717-38f6da7b1969" TYPE="ext4" PARTUUID="7cdfe2e1-103d-4cf1-9436-0008d34b5ed6"
/dev/nvme0n1: PTUUID="6b6c7a2c-478c-4999-abd9-53a3bb5fe607" PTTYPE="gpt"
/dev/nvme0n1p2: PARTLABEL="Microsoft reserved partition" PARTUUID="6d62624f-eba4-4fbb-838e-9ce6087d1135"
/dev/nvme0n1p6: UUID="69a32ddc-3092-487f-99b5-b0e757c5ddf1" TYPE="crypto_LUKS" PARTUUID="f7199882-ca6f-44a9-8730-92386d62ef50"

No UUID here begins with f6fc. I think it was the UUID of the encrypted LVM on the / partition once decrypted with udisksctl unlock -b.

The fstab is

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
/dev/mapper/nvme0n1p6_crypt /               ext4    errors=remount-ro 0       1
# /boot was on /dev/nvme0n1p5 during installation
UUID=8618de9e-f06e-46de-9717-38f6da7b1969 /boot           ext4    defaults        0       2
# /boot/efi was on /dev/nvme0n1p1 during installation
UUID=7AA1-7D80  /boot/efi       vfat    umask=0077      0       1
# /windows was on /dev/nvme0n1p3 during installation
UUID=DA32A3D932A3B8C1 /windows        ntfs    defaults,umask=007,gid=46 0       0
/swapfile                                 none            swap    sw              0       0

So I tried to chroot the system and reinstall Grub, using both udisksctl unlock -b and what follows to decrypt the root:

$ sudo cryptsetup luksOpen /dev/nvme0n1p6 crypt
Enter passphrase for /dev/nvme0n1p6: 
$ sudo vgchange -ay
$ sudo mount /dev/mapper/crypt /mnt
$ sudo mount /dev/nvme0n1p5 /mnt/boot/
$ sudo mount -t proc proc /mnt/proc
$ sudo mount -o bind /dev /mnt/dev
$ sudo mount -o bind /sys /mnt/sys
$ sudo chroot /mnt
root@ubuntu:/# update-initramfs -c -k all
update-initramfs: Generating /boot/initrd.img-4.18.0-12-generic
Warning: couldn't identify filesystem type for fsck hook, ignoring.
root@ubuntu:/# update-grub
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.18.0-12-generic
Found initrd image: /boot/initrd.img-4.18.0-12-generic
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
Adding boot menu entry for EFI firmware configuration
done

But, here, Grub does not detect Windows 10 and you guess if I post here, it’s because it didn’t work. I’m still stuck with this strange error on an UUID that is not in fstab. I also tried to grub-install on the whole disk, no change.

Edit: unlocking the root with udisks2, I get :

$ sudo udisksctl unlock -b /dev/nvme0n1p6
Unlocked /dev/nvme0n1p6 as /dev/dm-0.
$ sudo udisksctl mount -b /dev/dm-0 
Mounted /dev/dm-0 at /media/root/f6fc1852-25c6-47a6-9776-4ed8b8d6b70e.

notice the name of the media, it’s the same as the faulty UUID. So I suspect Grub is looking for the UUID of the decrypted LVM before it is actually decrypted. The problem is where to find that call ?

Edit 2: meanwhile, having rebooted on Windows 10 for the first time in 3 months, the BIOS and SSD firmware were updated. Still no luck with Grub.

Edit 3: I found the bad call in /boot/grub/grub.cfg :

menuentry 'Ubuntu' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-f6fc1852-25c6-47a6-9776-4ed8b8d6b70e' {
    recordfail
    load_video
    gfxmode $linux_gfx_mode
    insmod gzio
    if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
    insmod part_gpt
    insmod ext2
    if [ x$feature_platform_search_hint = xy ]; then
      search --no-floppy --fs-uuid --set=root  8618de9e-f06e-46de-9717-38f6da7b1969
    else
      search --no-floppy --fs-uuid --set=root 8618de9e-f06e-46de-9717-38f6da7b1969
    fi
    linux   /vmlinuz-4.18.0-12-generic root=UUID=f6fc1852-25c6-47a6-9776-4ed8b8d6b70e ro  quiet splash elevator=noop $vt_handoff
    initrd  /initrd.img-4.18.0-12-generic
}

but here is /etc/default/grub:

# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.
# For full documentation of the options in this file, see:
#   info -f grub -n 'Simple configuration'

GRUB_DEFAULT=0
GRUB_TIMEOUT_STYLE=hidden
GRUB_TIMEOUT=0
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash elevator=noop"
GRUB_CMDLINE_LINUX=""

# Uncomment to enable BadRAM filtering, modify to suit your needs
# This works with Linux (no patch required) and with any kernel that obtains
# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"

# Uncomment to disable graphical terminal (grub-pc only)
#GRUB_TERMINAL=console

# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
#GRUB_GFXMODE=640x480

# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
#GRUB_DISABLE_LINUX_UUID=true

# Uncomment to disable generation of recovery mode menu entries
#GRUB_DISABLE_RECOVERY="true"

# Uncomment to get a beep at grub start
#GRUB_INIT_TUNE="480 440 1"

So, how do I make that right ?


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.