Manjaro boot error after an update on luks encrypted partition

I updated after 4 months during the holidays and it crashes during the boot. This was the original error message.

[TIME] Timed out waiting for device /dev/68032c-b312-4f5a-b32d-4f54a543051e.

[DEPEND] Dependency failed for /sysroot.

[DEPEND] Dependency failed for Initrd Root File System.

[DEPEND] Dependency failed for Mountpoints Configured in the Real Root.

[DEPEND] Dependency failed for Initrd Root Device.

You are in emergency mode. After logging in, type “journalctl -xb” to view systen logs, “systemctl reboot” to reboot, or “exit” to continue bootup.

Cannot open access to console, the root account is locked. See sulogin(8) man page for more details.

Press Enter to continue.

I chrooted into the luks encrypted partition, (after mounting /boot/efi) and reinstalled grub. generated grub config and ran mkinitcpio -P. Removed / root from the crypttab. updated fstab to point to the unecnrypted device at /dev/mapper/luks-root

my /etc/fstab:

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a device; this may
# be used with UUID= as a more robust way to name devices that works even if
# disks are added and removed. See fstab(5).
#
# <file system>             <mount point>  <type>  <options>  <dump>  <pass>
UUID=E47A-B4A0                            /boot/efi      vfat    umask=0077 0 2
/dev/mapper/luks-root /              ext4    defaults,noatime 0 1
UUID=14C67C792E60C809   /data/3tb  ntfs    defaults,nofail 0       0
/dev/mapper/sdb-crypt /data/1tb btrfs rw,noatime,compress=lzo,autodefrag,nofail 0 0

Here is my /etc/crypttab:

# /etc/crypttab: mappings for encrypted partitions.
#
# Each mapped device will be created in /dev/mapper, so your /etc/fstab
# should use the /dev/mapper/<name> paths for encrypted devices.
#
# See crypttab(5) for the supported syntax.
#
# NOTE: Do not list your root (/) partition here, it must be set up
#       beforehand by the initramfs (/etc/mkinitcpio.conf). The same applies
#       to encrypted swap, which should be set up with mkinitcpio-openswap
#       for resume support.
#
# <name>               <device>                         <password> <options>
# luks-root UUID=557a0c57-3e41-48a7-92fd-fcae746fc635     /crypto_keyfile.bin luks
sdb-crypt UUID=df2f6de1-2a5b-4b6b-b201-e0bd30853b99 /crypto_keyfile.bin luks

return of fdisk -l:

Disk /dev/sda: 2.73 TiB, 3000592982016 bytes, 5860533168 sectors
Disk model: WDC WD30EFRX-68N
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: E3474F1D-ABF2-4C68-A1D2-C21A4171FCCB

Device     Start        End    Sectors  Size Type
/dev/sda1   2048 5860532223 5860530176  2.7T Microsoft basic data


Disk /dev/loop0: 81.81 MiB, 85786624 bytes, 167552 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop1: 537.95 MiB, 564084736 bytes, 1101728 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop2: 1.31 GiB, 1404850176 bytes, 2743848 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop3: 656.67 MiB, 688570368 bytes, 1344864 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/mmcblk0: 58.24 GiB, 62537072640 bytes, 122142720 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 53A9F3FB-25AE-A746-AA76-637C7DD8312C

Device          Start       End   Sectors  Size Type
/dev/mmcblk0p1   4096    618495    614400  300M EFI System
/dev/mmcblk0p2 618496 122142194 121523699 57.9G Linux filesystem


Disk /dev/sdb: 931.48 GiB, 1000170586112 bytes, 1953458176 sectors
Disk model: Elements 25A2   
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/sdc: 57.7 GiB, 61958258688 bytes, 121012224 sectors
Disk model: Patriot Memory  
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: FED4CF21-5CB3-43C8-B39D-95F47C993EDF

Device        Start       End  Sectors  Size Type
/dev/sdc1      2048  64323543 64321496 30.7G Microsoft basic data
/dev/sdc2  64323544  64389079    65536   32M Microsoft basic data
/dev/sdc3  64389120 121010175 56621056   27G Microsoft basic data


Disk /dev/mapper/ventoy: 2.62 GiB, 2818185216 bytes, 5504268 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x00000000

Device                   Boot   Start     End Sectors  Size Id Type
/dev/mapper/ventoy-part1 *         64 5496075 5496012  2.6G  0 Empty
/dev/mapper/ventoy-part2      5496076 5504267    8192    4M ef EFI (FAT-12/16/32)


Disk /dev/mapper/mmc: 57.95 GiB, 62218036736 bytes, 121519603 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

Now what happens is:

Attempting to decrypt master key.
Enter passphrase for hd2, gpt2 (557a0c573e4148a792fdfcae746fc635):
_
Slot 0 opened

error: no server is specified.
error: no suitable video mode found.
error: symbol grub_efi_set_variable_to_string' not found.

I am defeated, so I would appreciate some fresh eyes and any ideas that might help.

Why have tagged using initrd ?

Can you boot a live iso and mount the encrypted device(s)?

This procedure does not make any sense to me.
Why would you change anything in /etc/fstab or in /etc/crypttab
when what was in there where the values with which the system was previously running?

It looks like you created a mess and it would be good to still have the original file contents.
It looks like you actually removed what was there - instead of just commenting out a line.
That way, you’d still have a reference and could easily go back.

this also does not make sense - there is /boot/efi and then there is /etc, which is it’s own directory
the two are separate

Why have tagged using initrd ?

I tagged initrd because the initial error message makes it out to be the point of failure.

Can you boot a live iso and mount the encrypted device(s)?

I can boot a live iso and mount the partition to read the data, yes.

when what was in there where the values with which the system was previously running? It looks like you created a mess and it would be good to still have the original file contents.
It looks like you actually removed what was there - instead of just commenting out a line.

When it was running, this line was not commented in the crypttab

# luks-root UUID=557a0c57-3e41-48a7-92fd-fcae746fc635     /crypto_keyfile.bin luks

and what I meant by updated fstab to point to the unecnrypted device at /dev/mapper/luks-root is that I reverted a previous attempt to fix this by using the UUID for the unencrypted partition. This means what you are seeing is the faithful fstab which used to work. (crypttab is now commented because I’m lead to believe that root should not appear there)

“after mounting /etc/boot/efi”
this also does not make sense - there is /boot/efi and then there is /etc, which is it’s own directory
the two are separate.

That was a genuine error in my original post which is now edited. Correct folder is /boot/efi

Your encrypted system seems to be here, on /dev/mmcblk0p2

First, open the encrypted container:
sudo cryptsetup open /dev/mmcblk0p2 encrypted

it will then be available under:
/dev/mapper/encrypted

Then you mount it to somewhere - to /mnt, for example:
sudo mount /dev/mapper/encrypted /mnt

Then you can have a look - check the contents of /mnt , /mnt/boot , /mnt/etc …


Then you can mount /boot/efi
which is on /dev/mmcblk0p1
to the /boot directory of your now decrypted system
sudo mount /dev/mmcblk0p1 /mnt/boot

Then you can chroot into /mnt - and will have your complete system there and can work on it.

But I doubt this is correct, because as far as I know, the Manjaro installer cannot produce/install a system where / is encrypted while /boot/efi is not.

So you likely would skip the second step (mounting /boot/efi to /mnt/boot).

I do not know how to deal with your situation, where the Windows efi partition is unencrypted but your Linux is fully encrypted (including it’s own /boot/efi inside the encrypted container.
The boot loader (Grub) does the decryption in this case -
the
/dev/mmcblk0p1 4096 618495 614400 300M EFI System
EFI system partition is likely not a factor here - it belongs to Windows.
But: I’m really not sure!
I never had a dual boot system, much less one where Windows is unencrypted, but Linux is fully encrypted.

1 Like

Edit: Changed thread title to reflect correct spelling of Manjaro

Then you can mount /boot/efi
which is on /dev/mmcblk0p1
to the /boot directory of your now decrypted system
sudo mount /dev/mmcblk0p1 /mnt/boot

This is very interesting because I did the same thing but with sudo mount /dev/mmcblk0p1 /mnt/boot/efi command. What should I do after following the mount procedure? Also, the system does not dual boot, it just originally came with Windows installed, which I decided to overwrite.

This is the hardware details:

ODYSSEY - X86J41x5
Intel® Celeron® J4105/ J4125
Dual-Band Frequency 2.5GHz/5GHz WiFi and Bluetooth 5.0
Intel® UHD Graphics 600
Dual 1GbE/ 2.5GbE
Integrated Coprocessor: Arduino ATSAMD21 ARM® Cortex®-M0+/ Raspberry Pi RP2040 Dual-Core ARM® Cortex®-M0+
Raspberry Pi 40-Pin Compatible
2 x M.2 PCIe (B Key and M Key)
Pre-installed with Windows 10 Enterprise/ Windows 11 Pro <<<<<<<<<<<<<<<<<<<<<
Compatible with Grove Ecosystem

I still have full system timeshift backups from days up to months before this went south. But I can’t imagine a straight forward way to get it back to running condition beyond installing everything and copying the config files manually.

Unfortunately I have no idea how the setup of a fully encrypted system works with UEFI.
I have only ever done this in Bios mode
or with an unencrypted /boot directory - but the Manjaro installer can’t do this.

Since what you have with /dev/mmcblk0p1 is just the EFI partition,
you’d likely have to:
open the container
mount the filesystem inside
and then mount the EFI partition - but I don’t know to which directory.
Probably to /boot - or to /boot/efi.
I just don’t know and don’t know the difference between the two.

I suppose you could look into one of your timeshift backups to see how it was … but I have never used timeshift and don’t know if these snapshots are archives that you can easily look into.