Encrypted disk not available in boot process after distro upgrade

Question

Some time ago I installed Ubuntu 20.04 following this guide with btrfs-luks encryption.

The boot process used to involve only a single passphrase prompt at the very beginning.

Today, after upgrading to Ubuntu 22.04, booting fails.

I still receive a passphrase prompt at the very beginning of the boot process. But now I am receiving the following output (all UUIDs modified for clarity):

Btrfs loaded, crc32c=crc32c-intel, zoned=yes, fsverity=yes
Scanning for Btrfs filesystems
done.
Begin: Waiting for root file system ... Begin Running /scripts/local-block ... done.
done.
Gave up waiting for root file system device. Common problems:
- Boot args (cat /proc/cmdline)
  - Check rootdelay= (did the system wait long enough?)
- Midding modules (cat /proc/modules; ls /dev)
ALERT! UUID=xxx-xxx-xxx-xxx-xxx does not exist. Dropping to a shell!

After this output, it drops me into a (initramfs) prompt.

Running cat /proc/cmdline gives me:

BOOT_IMAGE=/@/boot/vmlinuz-5.15.0-46-generic root=UUID=xxx-xxx-xxx-xxx-xxx ro rootflags=subvol=@

Listing disks by uuid via ls -l /dev/disk/by-uuid/ gives me (again, UUIDs are replaced for clarity):

aaa-aaa-aaa-aaa-aaa -> ../../nvem0n1p2
bbb-bbb-bbb-bbb-bbb -> ../../nvem0n1p3
ccc-ccc -> ../../nvme0n1p1
ddd-ddd-ddd-ddd-ddd -> ../../nvme0n1p4

So, the UUID mentioned is not available.

If I decrypt manually using cryptsetup open /dev/nvme0n1p3 cryptdata (and entering the passphrase again) I receive:

BTRFS: device fsid=xxx-xxx-xxx-xxx-xxx devid 1 transid 797369 /dev/dm-0 scanned by systemd-udevd (527)

When I now run ls -l /dev/disk/by-uuid/, the missing uuid is now included:

aaa-aaa-aaa-aaa-aaa -> ../../nvem0n1p2
bbb-bbb-bbb-bbb-bbb -> ../../nvem0n1p3
ccc-ccc -> ../../nvme0n1p1
ddd-ddd-ddd-ddd-ddd -> ../../nvme0n1p4
xxx-xxx-xxx-xxx-xxx -> ../../dm-0

When I now exit, the boot process continues running without problem.

Now I am looking for a way to have the boot process run by itself again. I suspect that some config file might have been overwritten during the upgrade, and I think in addition to the installation guide linked above some adjustments have been necessary, but I do not remember exactly.

What I have tried:

Booting from a USB stick, decrypting and mounting manually, chroot into the mount, and running update-initramfs as suggested by answers to similar questions. No effect.

score 5 · Accepted Answer · answered Aug 23 '22 at 16:55

The solution turned out to be:

echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook
update-initramfs -c -k all

It seems like the conf-hook was overwritten by the update. After restoring the KEYFILE_PATTERN, and running update-initramfs, it is working as intended again.

Kermit · Answer 2 · 2022-08-22T18:51:15.863

I stumbled upon another possible fix, not sure if it is applicable for your setup though.

sda3_crypt: cryptsetup failed after 20.04 to 22.04 upgrade

I've performed exactly the same steps to upgrade from 20.04 to 22.04 and ran into the very same issue. I have no idea what is the cause of it yet I was able to work around it by decrypting the partition using the old passphrase by booting from ubuntu live usb and adding a new one.
Boot from the ubuntu live usb.
I've used the 22.04 from the official downloads page.
Using the UI I've unlocked the partition.

just try open the disk from file manager

Determine which partition is the encrypted one. 
  the partition UUID is stored on the /etc/crypttab relative to your drive. 
  For example cat /media/GUID/ubuntu/etc/crypttab.
Then use blkid | grep PARTITION_GUID <- change the guid to determine the partition name.
In my case it was /dev/nvme0n1p3
Add a new additional passphrase sudo cryptsetup luksAddKey 
  /dev/nvme0n1p3 <- change the partition name.
You will be prompted twice for a new passphrase.
Reboot into your primary os
The old passphrase was still not working but the new one did the trick.

It is very likely that there is a more optimal way to achieve this but this one worked for me :p

score 1 · Answer 3 · answered Sep 29 '23 at 20:36

The same error can happen if for any reason the package cryptsetup-initramfs has been deleted. This utility adds the cryptsetup command to the initramfs BusyBox shell.

To install it again:

sudo apt install cryptsetup-initramfs

If the initramfs image is not updated you can do it manually using

sudo update-initramfs -u -k <your-kernel-version>

Encrypted disk not available in boot process after distro upgrade

3 Answers3

Linked