Reinstall to existing encrypted partitions

boot system-installation encryption luks reinstall
5,120

The issue is that /etc/crypttab is not set up properly in the new system. You can fix this by booting into a live environment and then mounting your new system to fix it. The following is an overview of what you need to do, but device names will likely need to be changed for your system.

$ sudo -i
# cryptsetup open /dev/sda5 sda5_crypt # For root partition
# cryptsetup open /dev/sda6 sda6_crypt # For home partition
# lvchange -ay  # activates the logical volumes if you use llvm
# mkdir /mnt/ubuntu
# mount /dev/mapper/sda5_crypt /mnt/ubuntu
# mount /dev/mapper/sda6_crypt /mnt/ubuntu/home
# mount /dev/sda1 /mnt/ubuntu/boot
# mount --bind /dev /mnt/ubuntu/dev
# mount --bind /sys /mnt/ubuntu/sys
# mount -t proc none /mnt/ubuntu/proc

Now that the system is mounted you can add /mnt/ubuntu/etc/crypttab. It should look somewhat like this:

sda5_crypt UUID=12345678-9abc-def012345-6789abcdef01 none luks
sda6_crypt UUID=87654321-cba9-543210fed-01fedcba9876 none luks

You can find the UUID with ls -l /dev/disk/by-uuid. Note that the UUIDs used should be of the encrypted partitions, not the decrypted partitions.

You should also have a look at /mnt/ubuntu/etc/fstab and make sure the decrypted partitions are referenced by the sdaX_crypt names you assign in /mnt/ubuntu/etc/crypttab. If you decrypted the devices in the OS installer before installing, they might be referenced by some other names than what you assign yourself (e.g. luks-<uuid>). If you fail to do this, you might get an error saying cryptsetup: lvm is not available during boot.

Finally you can chroot into the new system to update the initramfs.

# chroot /mnt/ubuntu /bin/bash
# update-initramfs -u

And then you're ready to reboot into your new system.

Share:
5,120

Related videos on Youtube

decibyte
Author by

decibyte

Updated on September 18, 2022

Comments

  • decibyte
    decibyte over 1 year

    My disk layout is like this:

    • Encrypted partition for /
    • Encrypted partition for /home
    • Unencrypted partition for /boot

    I set this up last time I did a complete reinstall (incl. wiped disk) of Ubuntu a while ago. Now, after upgrading to latest Ubuntu, some things were broken and I decided to reinstall again from scratch. But, as I have a separate partition for /home and another partition for /, which are both already encrypted, I'd like to reuse these, instead of starting all over. Especially to save the time it takes to back up my /home and restore it again after fresh install.

    Before going through the installer, I unlock the 2 encrypted partitions. This allows me to select these for / and /home for the new installation. I do this pre-install unlocking because I am not able to unlock the partitions from the installer UI.

    Everything seems to install fine.

    But when I reboot into the system, I never get the unlock prompt. The 5 dot boot splash is just there for a while, and then it drops to an (initramfs) prompt.

    What do I do to get the unlock prompt at boot? Can I change some settings in a file somewhere in my /boot partition? Do I need to do something different during the install? I don't mind doing another reinstall (as it doesn't take a lot of time, yay!). I just don't want to have to do the backup/restore of /home (as it takes a lot of time, boo!).

  • Wrzlprmft
    Wrzlprmft about 7 years
    I fail to make sense why you mount dev, sys, and proc to /boot instead of /. When I changed this, everything worked fine for me. Shoud you agree that this is a mistake, please edit your answer accordingly. (CC @decibyte)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Won't boot (drop to busybox) after kernel upgrade (with encrypted disks)
Full System encryption with LUKS on headless server - unlock with dropbear and busybox. How?
Ubuntu 14.04.2 cryptsetup failed on boot
Ubuntu 18.04 fails to boot after install (lvmetad)
How to repair /boot on LUKS encrypted harddrive?
How do I install Ubuntu with full disk encryption without having to "erase everything"?
LUKS keyscript being ignored ... asks for password
Warnings about cryptsetup on new Ubuntu 17.10 installation?
Cannot enter password to start Ubuntu
How do I automatically decrypt an encrypted filesystem on the next reboot?