OK, so, you’re here because you’ve managed to do something to screw up your Linux box which has a LUKS-encrypted root filesystem, and now it won’t boot, and you need to boot from Ubuntu install media to fix what’s broken.
Or, at least, that’s why I’m here, and I’m writing out these notes about what I needed to do to fix my system. In my particular case I was experimenting with different nvidia driver versions and discovered that several of them prevent my system from booting up even in recovery mode.
In a nutshell, here’s what you do:
Download the Ubuntu Desktop ISO version that matches the version of Ubuntu you’re running onto another working Ubuntu Linux machine. It may not be 100% necessary for the versions to match, but it’s safer. See https://releases.ubuntu.com/ for all the installers.
Write the ISO to a thumb drive. To do that:
- Plug in the thumb drive.
- Open the Disks utility.
- Tell it to unmount the thumb drive if it’s mounted by selecting the thumb drive on the left and then clicking the stop button.
- Click the three dots menu button in the upper right corner and select “Restore Disk Image…”.
- Select the ISO file you downloaded as the image.
- Select the thumb drive as the target.
- Click “Start Restoring…”.
- Wait for it to finish.
- Unmount the thumb drive again.
Boot your broken system from the thumb drive.
When Linux boots up it may ask whether you want to try or install Ubuntu. If it does, say try.
Open a Terminal window.
sudo lsblk --fs | grep crypt to get a list of all encrypted devices. For me, the output looks like this:
sdc3 crypto_LUKS 1 [random uuid not included here]
You might have more than one encrypted device. You need to unlock each of them with
cryptsetup. Something like this:
sudo cryptsetup /dev/sdc3 sdc3_crypt
You will be prompted for the passphrase for each device that you unlock.
Now open the Disks utility and you should see your filesystems are available under /dev/mapper. For example, I see
/dev/ubuntu-vg/swap which weren’t there until after I ran
cryptsetup. We’re going to ignore the swap partition, it doesn’t matter for this.
fsck /dev/ubuntu-vg/root (or whatever the correct device path is) to make sure the filesystem isn’t corrupt, and then
mount [the-same-device-path] /mnt (replace the device path with whatever the Disks utility shows for you).
/mnt/etc/fstab for other filesystems that need to be mounted. You’ll probably have
/boot and maybe others. You’re just looking for actual filesystems now, not special things like
/sys etc. I’ll deal with them below. Mount them underneath
/mnt. For example, my
/boot with a UUID instead of a device path, so I have to do
sudo fsck UUID=[uuid-from-fstab] and then
sudo mount UUID=[uuid-from-fstab] /mnt/boot.
Mount other special filesystems:
sudo mount -o bind /sys /mnt/sys sudo mount -o bind /dev /mnt/dev sudo mount -o bind /dev/pts /mnt/dev/pts sudo mount -o bind /proc /mnt/proc
You should now be able to do
sudo chroot /mnt in your Terminal to launch a shell inside your system’s filesystem and do whatever maintenance you need to do there.
If you’re going to be doing stuff in the
chroot that requires networking, you may need to copy the contents of the install boot’s
/mnt/etc/resolv.conf so name resolution works inside the
chroot. If you do this remember to restore the original contents of
/mnt/etc/resolv.conf when you’re done.
When you’re done you can simply reboot.