I have(had) the following setup:
Full disk encryption with LUKS and a separately encrypted /home partition.
Made the mistake to delete my /root but caught early enough so only changes to the partition table where made.
Now I'm left with the following:
sudo hexdump -C /dev/nvme0n1 |grep LUKS
3e900000 4c 55 4b 53 ba be 00 01 61 65 73 00 00 00 00 00 |LUKS....aes.....|
That means that LUKS header is still intact (phew)
Then I create a loop device on that offset
sudo losetup -o 0x3e900000 -r -f /dev/nvme0n1
and mount it with
sudo cryptsetup luksOpen /dev/loop1 luksrecover
so far it works great, things get mounted properly I can see my files and with a few more commands I can get my separate /home back.
However, since I do have an operating system intact I'd like it back.
Only problem as it seems, there is no grub to call the initial Xubuntu LUKS decrypter.
Now, since I see that there is a significant offset in my partitioning, I guess that's where grub used to live
So, what can I do about getting my OS back?
As far as I understand I must somehow mark bytes 0 – $offset as grub and install grub there and the rest as something else.
So I tried grub-install /dev/nvme0n1 and it complained about aufs
grub-install: error: failed to get canonical path of `aufs'.
then tried the same in a chroot in the LUKS system that was mounted but it that filesystem is read-only and of course it never had grub to begin with.
So what can I do to get grub to sit in the empty space before LUKS and decrypt LUKS on start?
Best Answer
WARNING:
Make an image (backup) of the drive BEFORE you do all this.
Read the documentation (e.g., "man pages") for all commands, and make sure you understand what they do, before using them.
YOU HAVE BEEN WARNED
For future reference, here's the solution:
Find where the LUKS partition starts. All LUKS partitions have a plaintext header containing the word LUKS. So
Note where LUKS was.
hexdump
should list an offset where it found the start of this header. Mount the partition as a loopback device starting where the offset you found the LUKS header isFor reference, my offset, in Xubuntu with an Intel SSD and GRUB2, was 0x3e900000.
Find out which device it got losetup'd as
Decrypt & mount
At this point the disk should have been mounted under
/media/
. However: your/home
should still be encrypted. It's time to decryptThis should produce the following
Plug in an external storage device (e.g., an HDD), save your
/home
,/opt
and whatever else you need. Re-install and replace the/home
with your own. Or just move the existing filesystem to a proper partition.Crisis averted, and it took only a few hours.