After bios update I cannot boot OS anymore with encrypted disks

Rulinux · 3 July 2025 19:43

I have updated my bios for my lenovo P16 with the latest bios provided on lenovo support website. I wrote the iso file to an USB stick and booted with the bios USB-stick. The installation of the bios seemed to be fine.
But when booting my luks encrypted OS after entering the password and after the manjaro boot menu has appeared following error is shown:

ERRO: Fail to mount '/dev/mapper/luks-....' on real root[     9....] fbcon: Taking over console

your are now beeing dropped into an emergency shell.
[   9.   ] Console: switching to colour frame buffer devic 160x58
sh: can't access tty: job control turned off
[rootfs~]#

I have tried out with several downgrade version of the bios finally I installed the latest version again. The problem keeps always the same.

After I booted the with an USB-live stick. The root and data partition are fully available after entering the password. Opening gparted shows an error for the fat32 partition:

dev/nvme0n1p1 fat32 error shown in gparted in USB-live system: unable to read the content of this file system!

I also tried it with a backup with timeshift. No success.

What can I do? I have no more idea how to fix this partition where probably grub file is located.

linux-aarhus · 4 July 2025 03:58

A firmware update should not affect the encrypted container and you have confirmed it by unlocking and mount container in chroot.

This leaves the EFI boot partition which you also confirmed has been damaged.

I suggest you boot a live image and format the EFI partition

mkfs.fat -F32 -n EFI /dev/nvme0np1

Then open your luks container and mount on /mnt - then mount the EFI partition on /mnt/boot/efi, chroot into /mnt and run the Manjaro script install-grub.

//EDIT:
If the firmware update has removed grub from the firmware’s list of registered efi loaders - you need to run the efibootmgr to add the grub loader to the firmware.

References

GRUB/Restore the GRUB Bootloader - Manjaro

[root tip] [recovery] Basic Manjaro Linux Rescue and Recovery

Rulinux · 4 July 2025 07:01

Thank you so far.
I have tried this command but it says command not found.
Than I tried to format /dev/nvme0np1 with gparted. Flags are set automatically: bios, esp.
After formating it gives out again a warning:
“Unable to read the contents of this file system! Because of this some operation may be unavailable. The cause might be a missing software package. The following list of software packages is required for fat32 file system support: dosfstools, mtools”

I have checked: dofstools is already installed but mtools not.

I do not have a dual boot system, purely Linux Manjaro using BTRFS with LUKS for root and separeted a data hard disk.

Should I delete the partition and format it again? Hopefully the logic of naming is kept as:
/dev/nvme0np1
What can be done?

By the way currently I can unlock my root partition with gparted but I have no access to the files still with dolphin.
Would you specify the next steps you wrote after formatting step a little more clearly, please?

linux-aarhus · 4 July 2025 07:05

You shouldn’t need to delete the partition - if you need to - something is really off.

But you can remove it and recreate - no problem - the reference should stay the same.

Ensure it is ESP and formatted with FAT32

The reference to the second topic does exactly that…

Using btrfs requires a different mount procedure - also explained in the mentioned Basic Recovery topic

Rulinux · 4 July 2025 07:22

In gparted there is no “remove and recreate”. There is only either “format to” or “delete”. If I delete it than I should be able to “format to” hopefully? In that case, if you agree to go this way, is it important to keep an unallocated space of 2 MB like it is now?

linux-aarhus · 4 July 2025 07:40

Before you do - please unmount all mountpoints and close the luks container

sudo umount -R /mnt
cryptsetup close <container name>

Then use the command line utility cgdisk from the package gptfdisk to alter the partition table (another utility is cfdisk from the package util-linux) (cgdisk takes care of allignment etc.)

sudo cgdisk /dev/nvme0n1

navigate to the EFI system partition and press d to delete
navigate up to the free space and press n to create a new
press enter to accept default
press enter to accept default
partition type - enter ef00 - press enter
partition name - enter EFI - press enter
press w to write partition table
enter the word you are prompted with (if english locale the word yes) and press enter
press q to exit to the prompt

When you are returned to the prompt - format the partition

 sudo mkfs.fat -F32 -I -n EFI /dev/nvme0n1p1

//EDIT:
Remember to update the UUID in the system’s /etc/fstab file

Aragorn · 4 July 2025 09:12

The unallocated 2 MiB is only pertinent if your drive has a GPT partitioning scheme in combination with a legacy BIOS (or BIOS emulation) boot, because without it, grub would overwrite the start of the first partition. However, on an EFI system, this is irrelevant, because the EFI version of grub is stored as a file in the EFI system partition.

That said, it is however important that all partitions start and end on 1-MiB boundaries.

Rulinux · 4 July 2025 13:12

Done.

Now I have given as

mount point: /boot/efi (in KDE Partition manager)
Flag in gparted: boot, esp — in KDE Partition manager only “boot” is shown
device path is still: /dev/nvme0n1
Label: EFI

EFI System

root # grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=manjaro --recheck COPY

turns out:

Installing for x86_64-efi platform
grub-install: error: failed to get canonical path of '/boot/efi'.

How to continue?

Secondly how can I get access to my encrypted root partition?

There is somehow an error mounting clicking in dolphin after entering the password: 
... can't read superblock on /dev/mapper/nveme0n1p2_crypt

But I can access on my encrypted data partition which is on the same SSD (I was wrong before).

linux-aarhus · 4 July 2025 13:16

Consult the Basic Recovery topic linked above

mount your btrfs subvolumes
mount your EFI partition to /boot/efi

verify the mounts using lsblk - output should be similar to the example

 $ lsblk
NAME                                          MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINTS
sr0                                            11:0    1 1024M  0 rom   
vda                                           254:0    0   25G  0 disk  
├─vda1                                        254:1    0  300M  0 part  /boot/efi
├─vda2                                        254:2    0 16,3G  0 part  
│ └─luks-bd9ebf21-ace6-4bd9-a54f-60b159891444 253:0    0 16,3G  0 crypt /var/cache
│                                                                       /var/log
│                                                                       /home
│                                                                       /
└─vda3                                        254:3    0  8,4G  0 part  
  └─luks-04aa3d73-0250-4064-86dd-8c4934c82efd 253:1    0  8,4G  0 crypt [SWAP]

chroot into the mounted system
execute command install-grub

Manjaro Linux provides a Manjaro specific script called install-grub with all systems.

anon33601770 · 4 July 2025 13:42

If a new partition was created in the place of the old one, the UUID in /etc/fstab needs to be adapted.

Rulinux · 5 July 2025 16:39

Thank you.
I have worked many hours.
Then I could access all partitions and reinstall also grub but with reboot no access on Manjaro OS was possible. I had to reinstall the whole system.

BG405 · 5 July 2025 18:00

Since the system has now been reinstalled and no specific solution was found to work, it is appropriate that this topic be closed and unlisted.

Best regards