How to chroot into an encrypted root partition

luks
chroot
encryption

#1

Disclaimer: I finally tested the process myself. But I got the ideas initially from the posts in the old Manjaro forum, this one in particular.

When an installed encrypted system

  • fails to boot to TTY (command line)
  • or when the (correct) password fails to open the encryption after an update
    the user might try to repair the system by chrooting it.
    Chroot stands for change root and means to switch to a different root file system at runtime.

First find out the name of the encrypted device with lsblk -f:

~ >>> lsblk -f                                                                                                               
NAME   FSTYPE      LABEL UUID                                 MOUNTPOINT
sda    btrfs             7d6dceec-fe31-4823-9740-0a02a4d20d1c /home
sdb                                                           
├─sdb1 crypto_LUKS       0c9ffa24-e245-4f01-a754-2fb86d9bb320 
└─sdb2 swap              dde5f6d7-a639-45df-af6d-7faac09c2eda 

So here the name is crypto_LUKS and it is located in /dev/sdb1. If there is a separate /boot and/or /boot/efi partition (sda2 or sda3 respectively) like for a UEFI system you mount it after root. Then run the following commands:

su
cryptsetup open --type luks /dev/sda1 crypto_LUKS
mount /dev/mapper/crypto_LUKS /mnt
mount /dev/sda2 /mnt/boot # if the system has separate /boot partition (rare case)
mount /dev/sda3 /mnt/boot/efi # if the system boots in UEFI mode
mount -t proc proc /mnt/proc
mount -t sysfs sys /mnt/sys
mount -o bind /dev /mnt/dev
mount -o bind /run /mnt/run
mount -t devpts pts /mnt/dev/pts/
cp /etc/resolv.conf /mnt/etc/resolv.conf
chroot /mnt

A viable alternative to manually mounting and chrooting is the following:

sudo mount /dev/mapper/crypto_LUKS /mnt
manjaro-chroot /mnt

The command manjaro-chroot is part of the package manjaro-tools-base which must be installed for this method to work. (https://github.com/manjaro/manjaro-tools#6-manjaro-chroot)
Then you can install a new kernel or update the system or downgrade a package or run mkinitcpio. Examples:

pacman-mirrors -f 10
pacman -Syy
downgrade package_name
mhwd-kernel install linuxXY
pacman -S --force package_name
mkinitcpio -P
pacman -Syu

sudo grub-install --recheck /dev/sda  # if the system boots in legacy (MBR) mode
## for UEFI systems use the following command
sudo grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=manjaro --recheck
sudo update-grub
...

PS: Feel free to suggest additions to the tutorial, generalizations, special cases. And you can ask questions, too. But if the questions cannot get answered with one-two posts they will be moved to a separate topic. :slight_smile:


Cannot decrypt system after system crashes
Boot hang & failed kernel modules
Manjaro doesn't start, Control-Alt-Fkeys don't work, Flashing error messages
Unable to boot after latest stable update
Manjaro failing to start after most recent upgrade
[Stable Update] 2016-10-09 - Kernels, Manjaro Tools, Deepin, NM, LibreOffice, Steam
[Stable Update] 2016-10-09 - Kernels, Manjaro Tools, Deepin, NM, LibreOffice, Steam
Boot with Luks not working anymore after update with pacman -Syu
Manjaro XFCE: I can not boot my computer after the last update (2017-01-30)
URL's from my cheat sheet
After updating system and downloading new Kernel, LUKS doesn't accept my password
[Stable Update] 2017-04-02 - Mesa-Stack, Kernels, Plasma, Firefox
[Stable Update] 2017-04-02 - Mesa-Stack, Kernels, Plasma, Firefox
Stuck at decrypt
Manjaro LXQt 17.0 (net edition)
Manjaro tatsächlich stabil u. für Einsteiger geeignet?
Does Disk Encryption Affect performance
Disk encryption with 2 Hard drives?
[SOLVED] New to Manjaro <3 but full disk encryption somewhat buggs me
[Solved]Blank dark screen
How to recover GRUB after a Kernel update
Issues mounting in order to chroot into encrypted partition
System does not start after update
How can I repair encrypted grub from manjaro livecd?
#2

I’d like to add that if you have multiple partitions in the installation you’re trying to access (example, separate /boot, /var, or /home, etc…) you have to mount them at the root mount point prior to mounting /proc, /sys, /dev, /run, etc… and entering the chroot environment, otherwise you won’t have access to them properly.