Ubuntu 18.04 - cryptsetup fails to recognize passphrase, unlocking from Live USB works
Here are some suggestions.
- Switch to the command-line by hitting F1 or Alt-Tab, type the password again, and check for any errors. If you find the error, try searching for it.
-
When you wait few minutes, you should be shown
initramfs
/BusyBox console screen. Using the command-line, you should check the syntax of your kernel arguments by typing the following command:cat /proc/cmdline
Especially check (as suggested by BusyBox):
- The value of
root
, whether it points to the right device. - If
rootdelay
is set, maybe you need to increase the system wait?
- The value of
If above won't help, consider the following commands:
-
cryptsetup --debug luksOpen /dev/XXX mapper-name
to decrypt manually (see this how-to).Note: To make sure you're using the right device, run
dumpe2fs /dev/XXX
(e.g.sda1
ornvme0n1p3
) ininitramfs
/BusyBox console, then make sure it reports ascrypto_LUKS
.Note: If
luksOpen
fails, try the older syntax:cryptsetup --debug luksOpen /dev/XXX ubuntu
. -
cryptsetup --debug luksDump /dev/XXX
to dump LUKS header information from the device.Note: In case of corruption of on-disk metadata, use
cryptsetup repair <device>
command. -
On Please unlock disk XXX_crypt screen, note your device name and using above
luksDump
method, confirm that Ubuntu asks you to decrypt the right device as the order (disk number) potentially can change (BIOS boot changes?). In that case, Ubuntu likely will use the last known device (cached,/etc/lvm/[backup|archive]/
?) location when it won't be able to connect tolvmetad
service.For example, I was asked to type a passphrase for
nvme1n1p3_crypt
(Windows NTFS partition) instead ofnvme0n1p3
(crypto_LUKS
partition).
Further suggested commands:
-
Run
lvm lvs
orlvm vgscan
and check for any errors (it identifies each disk with a UUID).See also: Ubuntu won't boot because of lvmetad & Failed to connect to lvmetad - Stuck on boot.
cat /proc/modules
to check for missing modules (load it bymodprobe
).
When finish, type reboot
to restart.
If you did an upgrade recently, test your previous kernel (hold Shift during boot, and select Advanced options), and select the version which you'd like to test.
Other related resources:
- How can one unlock a fully encrypted Ubuntu 11.10 system over SSH at boot?
- Ephemeral error message: "cryptsetup: unknown fstype, bad password or options?"
-
lvm2
bug in Ubuntu 18.04: lvm2-activation-generator crashed with SIGSEGV.Similar older bug: error unlocking / decrypting LUKS volume at boot.
UEFI Introduction & How do I install Ubuntu alongside a pre-installed Windows with UEFI?