.Mounting and restoring a broken kernel using the Ubuntu Live CD with a LUKS encrypted disk - Chris Stretton

Chris Stretton

Jun 19, 2023

Mounting and restoring a broken kernel using the Ubuntu Live CD with a LUKS encrypted disk

I had an interesting issue where I ended up with a Ubuntu kernal installed without its modules.

This lead to a barely usable system and recovering from the Ubuntu live CD (always have at least one USB pen drive available!)

To fix this from the live CD I first had to unlock the encrypted volume:

sudo cryptsetup luksOpen /dev/nvme01p3 nvme01p3_crypt

The second argument is the mapping passed to LVM, which defaults to diskdevice_crypt on Ubuntu

Then you have to create your chroot environment, on my Live CD the LVM volume group was created as vgubuntu-root however I have also seen others so you should check first.

1
2
3
sudo mount /dev/vgubuntu-root /mnt
sudo mount /dev/nvme0n1p2 /mnt/boot
sudo mount /dev/nvme0n1p1 /mnt/boot/efi

Then you have to bind various bits of the running live CD into the chroot too (i’ve used a loop below but you can for peace of mind run individual sudo mount --bind /point /mnt/point commands)

1
2
3
4
for i in /dev /dev/pts /proc /sys /run
do
    sudo mount --bind $i /mnt$i
done

now finally you can chroot into your system.

sudo chroot /mnt

Once in you can do what you need to repair your system. In my case it was apt reinstall linux-headers-generic-hwe-22.04 which added all of my missing modules, but you can do things like create users, reset passwords, change shells etc.

Once you are done, you can type exit or ctrl + D to exit the chroot.

Once done you should unmount all of those mountpoints you just mounted.

1
2
3
4
for i in /mnt/dev/pts /mnt/dev /mnt/proc /mnt/sys /mnt/run /mnt/boot/efi /mnt/boot /mnt
do
    sudo umount $i;
done

Then reboot out of the live CD and into your hopefully now working system.

Volume group not found

One thing to bear in mind is that the volume group name used by the live CD is carried into the chroot environment. This means that if you do anything that regenerates initramfs (like updating a kernel) it will regenerate it using that name. This could cause a problem, if your normal system does not share the name vgubuntu-root you will encounter the lovely error volume group <your volume group name> not found and be dumped down to an initramfs shell.

To boot from this, you need to open the LUKS volume manually and then the system will resume.

As before, open the luks crypt volume with the command

cryptsetup luksOpen /dev/nvme01p3 nvme01p3_crypt (note the lack of sudo here, the initramfs shell is already root)

then ctrl + D to exit

Your system should now boot normally.

Once booted, open a shell and run the following command to regenerate initramfs with your correct volume group name:

sudo update-initramfs -u

You should not have any further boot problems.

linux luks lvm
OLDER > < NEWER

stretton.xyz by Chris Stretton is licensed under CC BY-SA 4.0

Favicon graphics by Twitter