How to chroot into an encrypted root partition

Disclaimer: I finally tested the process myself. But I got the ideas initially from the posts in the old Manjaro forum, this one in particular.

When an installed encrypted system

  • fails to boot to TTY (command line)
  • or when the (correct) password fails to open the encryption after an update
    the user might try to repair the system by chrooting it.
    Chroot stands for change root and means to switch to a different root file system at runtime.

First find out the name of the encrypted device with lsblk -f:

~ >>> lsblk -f                                                                                                               
NAME   FSTYPE      LABEL UUID                                 MOUNTPOINT
sda    btrfs             7d6dceec-fe31-4823-9740-0a02a4d20d1c /home
sdb                                                           
├─sdb1 crypto_LUKS       0c9ffa24-e245-4f01-a754-2fb86d9bb320 
└─sdb2 swap              dde5f6d7-a639-45df-af6d-7faac09c2eda 

So here the name is crypto_LUKS and it is located in /dev/sdb1. If there is a separate /boot and/or /boot/efi partition (sda2 or sda3 respectively) like for a UEFI system you mount it after root. Then run the following commands:

su
cryptsetup open --type luks /dev/sda1 crypto_LUKS
mount /dev/mapper/crypto_LUKS /mnt
mount /dev/sda2 /mnt/boot # if the system has separate /boot partition (rare case)
mount /dev/sda3 /mnt/boot/efi # if the system boots in UEFI mode
mount -t proc proc /mnt/proc
mount -t sysfs sys /mnt/sys
mount -o bind /dev /mnt/dev
mount -o bind /run /mnt/run
mount -t devpts pts /mnt/dev/pts/
cp /etc/resolv.conf /mnt/etc/resolv.conf
chroot /mnt

Notice: This tutorial doesn’t cover LVM, but you will see how LVs are set up in lsblk -f output and will be able to mount them using their /dev/mapper/… descriptor.

A viable alternative to manually mounting and chrooting is the following:

sudo mount /dev/mapper/crypto_LUKS /mnt
manjaro-chroot /mnt

The command manjaro-chroot is part of the package manjaro-tools-base which must be installed for this method to work. (https://github.com/manjaro/manjaro-tools#6-manjaro-chroot)
Then you can install a new kernel or update the system or downgrade a package or run mkinitcpio. Examples:

pacman-mirrors -f 10
pacman -Syy
downgrade package_name
mhwd-kernel install linuxXY
pacman -S --force package_name
mkinitcpio -P
pacman -Syu

sudo grub-install --recheck /dev/sda  # if the system boots in legacy (MBR) mode
## for UEFI systems use the following command
sudo grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=manjaro --recheck
sudo update-grub
...

PS: Feel free to suggest additions to the tutorial, generalizations, special cases. And you can ask questions, too. But if the questions cannot get answered with one-two posts they will be moved to a separate topic. :slight_smile:

15 Likes
Unable to boot after latest stable update
Cannot decrypt system after system crashes
Boot hang & failed kernel modules
Manjaro doesn't start, Control-Alt-Fkeys don't work, Flashing error messages
Manjaro failing to start after most recent upgrade
After updating system and downloading new Kernel, LUKS doesn't accept my password
[Stable Update] 2017-04-02 - Mesa-Stack, Kernels, Plasma, Firefox
[Stable Update] 2017-04-02 - Mesa-Stack, Kernels, Plasma, Firefox
Stuck at decrypt
Manjaro LXQt 17.0 (net edition)
Manjaro tatsächlich stabil u. für Einsteiger geeignet?
Disk encryption with 2 Hard drives?
How can I repair encrypted grub from manjaro livecd?
System does not start after update
Kernel Panic Boot error: switch_root failed to execute /sbin/init: exec format error
Issues mounting in order to chroot into encrypted partition
After install Manjaro only boots into grub rescue
How to recover GRUB after a Kernel update
Failed to start Light Display Manager help?
[Solved]Blank dark screen
Problem after restart
[SOLVED] New to Manjaro <3 but full disk encryption somewhat buggs me
Cant boot my Manjaro. What can i do?
Does Disk Encryption Affect performance
Can't boot encrypted Manjaro after installing Windows 10.
Chroot -a immediate error - mounting encrypted partition?
Problem after restart
Chroot -a immediate error - mounting encrypted partition?
Unable to boot into manjaro due to shared libraries issue
Corrupted Kernel after Updating (Manjaro i3) 4.9.78-1
Multi-booting on encrypted disk
Manjaro kde no longer boots after update (Need fix that considers encrypted hard drive)
Manjaro XFCE LUKS broken after 49 updates this morning
Disk Trouble: Updated everything last night, and now my disk won't boot
17.1.10 Hakoila slow boot due to luks encryption?
Can't boot into manjaro, luks device not found
ERROR: device ‘/dev/mapper/volumegroup-logicalvolume_root’ not found
System crash, cannot reboot
[Unstable Update] 2018-12-14 - Cinnamon, Deepin, QT5, Systemd, KDE-Apps, KDE-Framework, Mesa
Can’t login libread so 7 error
After update not starting
[SOLVED]Interrupted update, system would not boot
Manajro won't boot after update - also I can't log in any more
Can't boot encrypted Manjaro after installing Windows 10.
Can't boot encrypted Manjaro after installing Windows 10.
[Stable Update] 2016-10-09 - Kernels, Manjaro Tools, Deepin, NM, LibreOffice, Steam
[Stable Update] 2016-10-09 - Kernels, Manjaro Tools, Deepin, NM, LibreOffice, Steam
Boot with Luks not working anymore after update with pacman -Syu
Manjaro XFCE: I can not boot my computer after the last update (2017-01-30)
URL's from my cheat sheet

I’d like to add that if you have multiple partitions in the installation you’re trying to access (example, separate /boot, /var, or /home, etc…) you have to mount them at the root mount point prior to mounting /proc, /sys, /dev, /run, etc… and entering the chroot environment, otherwise you won’t have access to them properly.

1 Like

I used this guide on a recent chrooting experience, a couple of things related to the “viable alternative” section, you do need to run cryptsetup before mounting to /mnt…and I’m not sure if manjaro-chroot is smart enough to automatically mount the newer single boot partition to mnt/boot/efi, I wasn’t sure and mounted mine to simply mnt/boot and now I’ve got duplicate files there.

Forum kindly sponsored by Bytemark