[TUT] Boot fix for encrypted SSD on Parrot (2021)

Prepare:

  1. Bootable Linux USB. Parrot is recommended
  2. Boot into live mode

Update2 + Important note: The name of disk when use cryptsetup must be as same as the name in /etc/crypttab. Wrong name cause update-grub problem that leads to unable to mount root partition -> initramfs shell
This step used the article Repair grub2 + lvm2 + luks encrypted system (Volume group "ubuntu-vg-root" not found) of Antoine Walter to fix the issue volume group "luks" not found issue. The article is at https://blog.anw.fr/2018/09/27/repair-grub2-lvm2-luks-encrypted-system-volume-group-not-found.html

Start

  1. Mount encrypted SSD
  • Unlock encrypted disk sudo cryptsetup open /dev/nvme0n1p1 disk -> /dev/nvme0n1p1 is partition path of SSD that was mapped on Linux system. disk is the custom name that we use later. This name is optional
  • Enter passphrase to unlock disk
  • Mount disk to /mnt: sudo mount /dev/mapper/disk /mnt -> /dev/mapper/disk is where unencrypted disk was mapped to. disk is custom name we set before.
  1. Get the actual name of disk and reopen it
  • Get the name of disk cat /mnt/@/etc/crypttab. The output should be similar my screenshot

    So the first column, name, is the text we have to use. Save it to your text editor luks-654f5d12-b5c8-46be-8f77-a1ce0bc39398
  • Unmount the /mnt: sudo umount /mnt
  • “Close” the LUKS Partition: sudo cryptsetup close disk
  1. Mount the disk with good name and partitions
  • sudo cryptsetup open /dev/nvme0n1p1 luks-654f5d12-b5c8-46be-8f77-a1ce0bc39398
  • sudo mount /dev/mapper/luks-654f5d12-b5c8-46be-8f77-a1ce0bc39398 /mnt
    Now the /mnt has @, dev, @home, proc, sys
  • sudo mount --bind /proc /mnt/@/proc
  • sudo mount --bind /sys /mnt/@/sys
  • sudo mount --bind /dev /mnt/@/dev
  • sudo mount --bind /dev/pts /mnt/@/dev/pts
  1. chroot
  • sudo chroot /mnt/@
  1. Important: grub could have error can’t find the /boot partition and so on. In this step, we mount the encrypted disk again IN CHROOT
    - sudo cryptsetup open /dev/nvme0n1p1 disk (Update) Dont need to open disk again to mount
  • sudo mount /dev/mapper/luks-654f5d12-b5c8-46be-8f77-a1ce0bc39398 / (Update2: correct the name of example to fix grup problem)
  1. Install kernel, update grub, … Commands bellow are examples. User must use correct commands to fix specific problems.
  • sudo apt install linux-image-amd64 --reinstall
  • sudo grub-install /dev/nvme0n1
  • sudo grub-update
1 Like