How to get grub to boot from a newly encrypted partition

Question

I recently encrypted my root partition (sda7) with luksipc. It worked well, I can unlock the partition and mount it when running from a live USB, but the OS doesn't load anymore.

My system has 4 relevant partitions:

• /dev/sda1 - EFI
• /dev/sda5 - boot
• /dev/sda7 - root (now encrypted with LUKS)
• /dev/sda8 - swap

I only modified sda7, and I haven't modified my /etc/fstab, /etc/crypttab, and /etc/grub.d/ files because I didn't know what to put in them. This is what I need help with!

My /etc/fstab contains:

UUID=211bd0c8-… / ext4 errors=remount-ro 0 1

(221bd0c8-… being the UUID of the unlocked sda7)

My /etc/crypttab contains an entry for the swap partition (sda8) but nothing for the encrypted sda7 (UUID=8fa9b089-…)

My /boot/grub/grub.cfg has:

linux /vmlinuz-4.15.0-36-generic root=UUID=221bd0c8-… ro quiet splash $vt_handoff
initrd /initrd.img-4.15.0-36-generic

I'm not sure how this file is generated, but I used to use grub-cutomizer to edit my boot menu before :)

How can I get my laptop back? (without restoring a backup that is)

Answer 1

This is how I solved it: I started Ubuntu from a Live USB stick, unlocked and mounted sda7, then inside it added an entry in /etc/crypttab for the encrypted partition:

sda7_crypt UUID=8fa9b089-… none luks

Modified my /etc/fstab entry to use the new mapped name instead of the UUID of the drive:

/dev/mapper/sda7_crypt / ext4 errors=remount-ro 0 1

And finally, modified the /etc/default/grub file to add:

GRUB_CMDLINE_LINUX="rd.luks.name=8fa9b089-…=sda7_crypt"

Then I installed grub-customizer on the Live USB, started it, it gave me an error message a button to "change environment" - selected the unlocked sda7 partition, and clicked the checkboxes to mount /boot and /boot/efi.

Then "Save" in grub-customizer, and reboot.