Not booting anymore

Support
1

Dear community,

I did two changes:

  1. updated /etc/openswap.conf with /etc/openswap.conf.pacnew
  2. updated the system (stable branch) with the current updates
  3. reboot

Now the system (Thinkpad T14 Gen1) doesn’t come up and shows only the “Lenovo” logo at boot, three dots (rising an vanishing) and the Manjaro logo right under it.

I tried to Alt+F[1-12] to get a terminal, but no luck.
I tried to SSH into it, but my router has given no IP to the system.

I booted a live USB-system (with drivers) to open the root file system, but

[manjaro ~]# cryptsetup --debug open /dev/nvme0n1p3 n1p3
# cryptsetup 2.8.1 processing "cryptsetup --debug open /dev/nvme0n1p3 n1p3"
# Verifying parameters for command open.
# Running command open.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/nvme0n1p3.
# Trying to open device /dev/nvme0n1p3 with direct-io.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device /dev/nvme0n1p3.
# Crypto backend (OpenSSL 3.6.0 1 Oct 2025 [default][legacy][threads][argon2]) initialized in cryptsetup library version 2.8.1.
# Detected kernel Linux 6.12.48-1-MANJARO x86_64.
# PBKDF pbkdf2-sha256, time_ms 2000 (iterations 0).
# Reading LUKS header of size 1024 from device /dev/nvme0n1p3
# Key length 64, device size 70537113 sectors, header size 4036 sectors.
# Activating volume n1p3 [keyslot -1] using token.
# dm version   [ opencount flush ]   [16384] (*1)
# dm versions   [ opencount flush ]   [16384] (*1)
# Detected dm-ioctl version 4.48.0.
# Device-mapper backend running with UDEV support enabled.
# dm status n1p3  [ opencount noflush ]   [16384] (*1)
# Interactive passphrase entry requested.
Enter passphrase for /dev/nvme0n1p3: 
# Activating volume n1p3 [keyslot -1] using passphrase.
# dm versions   [ opencount flush ]   [16384] (*1)
# dm status n1p3  [ opencount noflush ]   [16384] (*1)
# Trying to open key slot 0 [ACTIVE].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
# Reusing open ro fd on device /dev/nvme0n1p3
# dm versions   [ opencount flush ]   [16384] (*1)
# dm status n1p3  [ opencount noflush ]   [16384] (*1)
# Calculated device size is 70533017 sectors (RW), offset 4096.
# dm target-version crypt  [ opencount flush ]   [16384] (*1)
# device-mapper: target-version ioctl on crypt  failed: Invalid argument
# dm versions   [ opencount flush ]   [16384] (*1)
# DM-UUID is CRYPT-LUKS1-2f5c30c0b0844f03a88269db91174e81-n1p3
# Udev cookie 0xd4d9f90 (semid 14) created
# Udev cookie 0xd4d9f90 (semid 14) incremented to 1
# Udev cookie 0xd4d9f90 (semid 14) incremented to 2
# Udev cookie 0xd4d9f90 (semid 14) assigned to CREATE task(0) with flags DISABLE_LIBRARY_FALLBACK         (0x20)
# dm create n1p3 CRYPT-LUKS1-2f5c30c0b0844f03a88269db91174e81-n1p3 [ opencount flush ]   [16384] (*1)
# dm reload   (254:2) [ opencount flush securedata ]   [16384] (*1)
device-mapper: reload ioctl on n1p3 (254:2) failed: Invalid argument
# Udev cookie 0xd4d9f90 (semid 14) decremented to 1
# Udev cookie 0xd4d9f90 (semid 14) incremented to 2
# Udev cookie 0xd4d9f90 (semid 14) assigned to REMOVE task(2) with flags DISABLE_LIBRARY_FALLBACK         (0x20)
# dm remove n1p3  [ opencount flush securedata ]   [16384] (*1)
# Uevent not generated! Calling udev_complete internally to avoid process lock-up.
# Udev cookie 0xd4d9f90 (semid 14) decremented to 1
# DM create task failed, dm_task errno: -22.
# dm versions   [ opencount flush ]   [16384] (*1)
# dm status n1p3  [ opencount noflush ]   [16384] (*1)
# Device status returned -19.
# Data device /dev/nvme0n1p3 is OK.
# No referenced device missing, some device in use.
# Udev cookie 0xd4d9f90 (semid 14) decremented to 0
# Udev cookie 0xd4d9f90 (semid 14) waiting for zero
# Udev cookie 0xd4d9f90 (semid 14) destroyed
# dm target-version crypt  [ opencount flush ]   [16384] (*1)
# device-mapper: target-version ioctl on crypt  failed: Invalid argument
# dm versions   [ opencount flush ]   [16384] (*1)
# dm target-version crypt  [ opencount flush ]   [16384] (*1)
# device-mapper: target-version ioctl on crypt  failed: Invalid argument
# dm versions   [ opencount flush ]   [16384] (*1)
# Releasing crypt device /dev/nvme0n1p3 context.
# Releasing device-mapper backend.
# Closing read only fd for /dev/nvme0n1p3.
Command failed with code -5 (device already exists or device is busy).

I also tried a not correct password and the error message says something of “wrong password”, so it is the right password.

I tried a “Detect EFI bootloaders” from the Grub2 Menu of the Live System (as recommended in Can't boot LUKS encrypted install after 2023-03-31 stable update - #25 by ruziel).

But this leads to where I started:
The system shows only the “Lenovo” logo at boot, three dots (rising an vanishing) and the Manjaro logo right under it.

(Yes, I have a backup, but I want to know the system better, so I invest time and effort in this.)

I appreciate any hints.

All the best from varomanja

P.S.: I did not add more tags, because I think it is not only “update” related.

2

Replacing that is not a good idea.
The .pacnew merely contains a default configuration - nothing specific to your machine.
Either leave it as it is or merge it in a meaningful way.
… too late now, I guess … if you don’t have a backup of that file

But it should be easy to recreate.

Are you sure that /dev/nvme0n1p3 is the encrypted partition?
n1p3 at the end of the command is just an arbitrary name - just saying

but it looks to me the device was already open - you did already chroot into it, it looks like, judging by the # root prompt

1 Like
3

On a default Manjaro installation - this is the encrypted swap partition.

Your root partition will be /dev/nvme0n1p2

When you have wiped your configuration for openswap, you will need to reconfigure your system.

As starter you need to boot a live ISO to gain access to the luks container.

After you have opened your root container you will need edit the following files (copy the file with a .bak extension as precaution)

  • <container>/etc/mkinitcpio.conf - remove openswap and resume from the HOOKS
  • <container>/etc/mkinitcpio.conf - remove the reference in FILES to /crypto_keyfile
  • <container>/etc/default/grub - remove reference to resume partiion
  • <container>/etc/fstab - comment the line referencing swap
  • <container>/etc/crypttab - comment the line referencing the crypto_keyfile

Then rebuild init and rebuild grub configuration

swapoff /dev/mapper/luks-the-id-from-etc-fstab
mkinitcpio -P
update-grub

The above will make your system bootable again.

You would want to switch to systemd instead of udev in /etc/mkinitcpio.conf and create a swapfile to accomodate for the now unused swap partition.

The gain is two fold - the swap is inside the luks container and systemd can work with hibernating to a swapfile inside the container.

See dm-crypt/Swap encryption - ArchWiki for more info

1 Like
4

Hi @Nachlese,

I do have a backup of the /etc/openswap.conf but it is on the encrpyted partition (and in the backup should be a correct version too).

The /dev/nvme0n1p3 was - as @linux-aarhus mentioned later - presumably the swap partition and /dev/nvme0n1p3 would be the correct object. I could have guessed this from the fdisk -l and the sizes of the partitions.

5

Your last paragraph does not make sense to me - sorry.
Actually: I don’t know the significance of the first one either. :man_shrugging:

6

Thank you @linux-aarhus for your reply.

I failed in opening the root partition:

  1. Boot with bobs-rescue
  2. Try to open the root partition (no other steps in between)
[manjaro ~]# cryptsetup luksOpen --debug /dev/nvme0n1p2 asdf
# cryptsetup 2.7.5 processing "cryptsetup luksOpen --debug /dev/nvme0n1p2 asdf"
# Verifying parameters for command open.
# Running command open.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/nvme0n1p2.
# Trying to open and read device /dev/nvme0n1p2 with direct-io.
# Direct-io is supported and works.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device /dev/nvme0n1p2.
# Crypto backend (OpenSSL 3.5.0 8 Apr 2025 [default][legacy][threads][argon2]) initialized in cryptsetup library version 2.7.5.
# Detected kernel Linux 6.18.0-1-MANJARO x86_64.
# PBKDF pbkdf2-sha256, time_ms 2000 (iterations 0).
# Reading LUKS header of size 1024 from device /dev/nvme0n1p2
# Key length 64, device size 929059541 sectors, header size 4036 sectors.
# Activating volume asdf [keyslot -1] using token.
# dm version   [ opencount flush ]   [16384] (*1)
# dm versions   [ opencount flush ]   [16384] (*1)
# Detected dm-ioctl version 4.50.0.
# Device-mapper backend running with UDEV support enabled.
# dm status asdf  [ opencount noflush ]   [16384] (*1)
# Interactive passphrase entry requested.
Enter passphrase for /dev/nvme0n1p2: 
# Activating volume asdf [keyslot -1] using passphrase.
# dm versions   [ opencount flush ]   [16384] (*1)
# dm status asdf  [ opencount noflush ]   [16384] (*1)
# Trying to open key slot 0 [ACTIVE].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
# Reusing open ro fd on device /dev/nvme0n1p2
# dm versions   [ opencount flush ]   [16384] (*1)
# dm status asdf  [ opencount noflush ]   [16384] (*1)
# Calculated device size is 929055445 sectors (RW), offset 4096.
# dm target-version crypt  [ opencount flush ]   [16384] (*1)
# device-mapper: target-version ioctl on crypt  failed: Invalid argument
# dm versions   [ opencount flush ]   [16384] (*1)
# DM-UUID is CRYPT-LUKS1-d83e8b7c63d24795a2b579f16a21e7a7-asdf
# Udev cookie 0xd4d0c6b (semid 4) created
# Udev cookie 0xd4d0c6b (semid 4) incremented to 1
# Udev cookie 0xd4d0c6b (semid 4) incremented to 2
# Udev cookie 0xd4d0c6b (semid 4) assigned to CREATE task(0) with flags DISABLE_LIBRARY_FALLBACK         (0x20)
# dm create asdf CRYPT-LUKS1-d83e8b7c63d24795a2b579f16a21e7a7-asdf [ opencount flush ]   [16384] (*1)
# dm reload   (253:2) [ opencount flush securedata ]   [16384] (*1)
device-mapper: reload ioctl on asdf (253:2) failed: Invalid argument
# Udev cookie 0xd4d0c6b (semid 4) decremented to 1
# Udev cookie 0xd4d0c6b (semid 4) incremented to 2
# Udev cookie 0xd4d0c6b (semid 4) assigned to REMOVE task(2) with flags DISABLE_LIBRARY_FALLBACK         (0x20)
# dm remove asdf  [ opencount flush securedata ]   [16384] (*1)
# Uevent not generated! Calling udev_complete internally to avoid process lock-up.
# Udev cookie 0xd4d0c6b (semid 4) decremented to 1
# DM create task failed, dm_task errno: -22.
# dm versions   [ opencount flush ]   [16384] (*1)
# dm status asdf  [ opencount noflush ]   [16384] (*1)
# Device status returned -19.
# Data device /dev/nvme0n1p2 is OK.
# No referenced device missing, some device in use.
# Udev cookie 0xd4d0c6b (semid 4) decremented to 0
# Udev cookie 0xd4d0c6b (semid 4) waiting for zero
# Udev cookie 0xd4d0c6b (semid 4) destroyed
# dm target-version crypt  [ opencount flush ]   [16384] (*1)
# device-mapper: target-version ioctl on crypt  failed: Invalid argument
# dm versions   [ opencount flush ]   [16384] (*1)
# dm target-version crypt  [ opencount flush ]   [16384] (*1)
# device-mapper: target-version ioctl on crypt  failed: Invalid argument
# dm versions   [ opencount flush ]   [16384] (*1)
# Releasing crypt device /dev/nvme0n1p2 context.
# Releasing device-mapper backend.
# Closing read only fd for /dev/nvme0n1p2.
Command failed with code -5 (device already exists or device is busy).
[manjaro ~]#

It seems as if the problem is insde or with the encrypted partition.

When I opened the root partition, I’ll come back to this thread.

7

You can use the Manjaro ISO instead of bobs-rescue.
It’s probably easier.
At least the people here know what to expect - unlike with bobs-rescue (I have never heard of it).
But:
any Linux will do for this task
It’s just that the manjaro ISO contains a tool (manjaro-chroot) to make the job significantly easier.

There are posts and wiki posts here describing the procedure.

Boot that, open a terminal, then

first, get a picture of what your partition layout looks like:

lsblk -f

post the output if you need help with interpreting what you see.

Based on that, you can proceed to open the encrypted container.

lsblk -f
again, after that

Then you can mount the partitions that are inside in the correct order.
Then you can chroot into the correctly assembled file system
using manjaro-chroot ...
and repair/update your system.

ps:

I was curious.
bobs-rescue seems to be a

bootable recovery disk based on the Windows Preinstallation Environment (Windows PE)

Bob.Omb’s Modified Win10PEx64

If that’s the case: bad idea™ to use that

1 Like
8

OK, @Nachlese, I’ll use the standard manjaro ISO from now on.

I did a reboot with the standard ISO:

[manjaro ~]# lsblk -f
NAME        FSTYPE      FSVER            LABEL              UUID                                 FSAVAIL FSUSE% MOUNTPOINTS
loop0       squashfs    4.0                                                                            0   100% /run/miso/sfs/livefs
loop1       squashfs    4.0                                                                            0   100% /run/miso/sfs/mhwdfs
loop2       squashfs    4.0                                                                            0   100% /run/miso/sfs/desktopfs
loop3       squashfs    4.0                                                                            0   100% /run/miso/sfs/rootfs
sda                                                                                                             
├─sda1      exfat       1.0              Ventoy             1927-430C                                           
│ ├─ventoy  iso9660     Joliet Extension MANJARO_XFCE_25010 2025-10-13-14-42-10-00                              
│ └─sda1    exfat       1.0              Ventoy             1927-430C                                           
└─sda2      vfat        FAT16            VTOYEFI            626B-4255                                           
mmcblk0     iso9660     Joliet Extension MANJARO_XFCE_2501  2025-05-08-17-57-51-00                     0   100% /run/miso/bootmnt
├─mmcblk0p1 iso9660     Joliet Extension MANJARO_XFCE_2501  2025-05-08-17-57-51-00                              
└─mmcblk0p2 vfat        FAT12            MISO_EFI           CBD3-6116                                           
nvme0n1                                                                                                         
├─nvme0n1p1 vfat        FAT32                               E915-CE17                                           
├─nvme0n1p2 crypto_LUKS 1                                   d83e8b7c-63d2-4795-a2b5-79f16a21e7a7                
└─nvme0n1p3 crypto_LUKS 1                                   2f5c30c0-b084-4f03-a882-69db91174e81                
[manjaro ~]#

With fdisk -l I see some more things:

Device             Start        End   Sectors  Size Type
/dev/nvme0n1p1      4096     618495    614400  300M EFI System
/dev/nvme0n1p2    618496  929678036 929059541  443G Linux filesystem
/dev/nvme0n1p3 929678037 1000215149  70537113 33.6G Linux filesystem

I see that nvme0n1 has the p2 partition with the root partition on it (because of the size) and I see the p3 partition is presumable swap.

I try to open the container:

[manjaro ~]# cryptsetup luksOpen /dev/nvme0n1p2 OpenSesame
Enter passphrase for /dev/nvme0n1p2: 
device-mapper: reload ioctl on OpenSesame (254:2) failed: Invalid argument
[manjaro ~]#

And because this fails, I serach for solving this error.

9

Hi, @Nachlese,

Bobs-Rescue comes from @linux-aarhus : https://manjaro.dk/iso/ and I found it here: [root tip] [recovery] Basic Manjaro Linux Rescue and Recovery

10

Hmm - I never use that specific option “luksOpen” - just “open”

Can you try again?
cryptsetup open /dev/nvme0n1p2 somename

or with debug
cryptsetup open --debug /dev/nvme0n1p2 somename

nvme0n1p2 should be the / file system and nvme0n1p2 the swap - judging by the size
but you’ll probably know

cryptsetup luksDump /dev/nvme0n1p2 | grep -e 'Cipher: ' -e 'Hash:'
could also help

11

Here is the output:

[manjaro ~]# cryptsetup open --debug /dev/nvme0n1p2 newtry
# cryptsetup 2.7.5 processing "cryptsetup open --debug /dev/nvme0n1p2 newtry"
# Verifying parameters for command open.
# Running command open.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/nvme0n1p2.
# Trying to open and read device /dev/nvme0n1p2 with direct-io.
# Direct-io is supported and works.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device /dev/nvme0n1p2.
# Crypto backend (OpenSSL 3.5.0 8 Apr 2025 [default][legacy][threads][argon2]) initialized in cryptsetup library version 2.7.5.
# Detected kernel Linux 6.12.48-1-MANJARO x86_64.
# PBKDF pbkdf2-sha256, time_ms 2000 (iterations 0).
# Reading LUKS header of size 1024 from device /dev/nvme0n1p2
# Key length 64, device size 929059541 sectors, header size 4036 sectors.
# Activating volume newtry [keyslot -1] using token.
# dm version   [ opencount flush ]   [16384] (*1)
# dm versions   [ opencount flush ]   [16384] (*1)
# Detected dm-ioctl version 4.48.0.
# Device-mapper backend running with UDEV support enabled.
# dm status newtry  [ opencount noflush ]   [16384] (*1)
# Interactive passphrase entry requested.
Enter passphrase for /dev/nvme0n1p2: 
# Activating volume newtry [keyslot -1] using passphrase.
# dm versions   [ opencount flush ]   [16384] (*1)
# dm status newtry  [ opencount noflush ]   [16384] (*1)
# Trying to open key slot 0 [ACTIVE].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
# Reusing open ro fd on device /dev/nvme0n1p2
# dm versions   [ opencount flush ]   [16384] (*1)
# dm status newtry  [ opencount noflush ]   [16384] (*1)
# Calculated device size is 929055445 sectors (RW), offset 4096.
# dm target-version crypt  [ opencount flush ]   [16384] (*1)
# device-mapper: target-version ioctl on crypt  failed: Invalid argument
# dm versions   [ opencount flush ]   [16384] (*1)
# DM-UUID is CRYPT-LUKS1-d83e8b7c63d24795a2b579f16a21e7a7-newtry
# Udev cookie 0xd4d64aa (semid 4) created
# Udev cookie 0xd4d64aa (semid 4) incremented to 1
# Udev cookie 0xd4d64aa (semid 4) incremented to 2
# Udev cookie 0xd4d64aa (semid 4) assigned to CREATE task(0) with flags DISABLE_LIBRARY_FALLBACK         (0x20)
# dm create newtry CRYPT-LUKS1-d83e8b7c63d24795a2b579f16a21e7a7-newtry [ opencount flush ]   [16384] (*1)
# dm reload   (254:2) [ opencount flush securedata ]   [16384] (*1)
device-mapper: reload ioctl on newtry (254:2) failed: Invalid argument
# Udev cookie 0xd4d64aa (semid 4) decremented to 1
# Udev cookie 0xd4d64aa (semid 4) incremented to 2
# Udev cookie 0xd4d64aa (semid 4) assigned to REMOVE task(2) with flags DISABLE_LIBRARY_FALLBACK         (0x20)
# dm remove newtry  [ opencount flush securedata ]   [16384] (*1)
# Uevent not generated! Calling udev_complete internally to avoid process lock-up.
# Udev cookie 0xd4d64aa (semid 4) decremented to 1
# DM create task failed, dm_task errno: -22.
# dm versions   [ opencount flush ]   [16384] (*1)
# dm status newtry  [ opencount noflush ]   [16384] (*1)
# Device status returned -19.
# Data device /dev/nvme0n1p2 is OK.
# No referenced device missing, some device in use.
# Udev cookie 0xd4d64aa (semid 4) decremented to 0
# Udev cookie 0xd4d64aa (semid 4) waiting for zero
# Udev cookie 0xd4d64aa (semid 4) destroyed
# dm target-version crypt  [ opencount flush ]   [16384] (*1)
# device-mapper: target-version ioctl on crypt  failed: Invalid argument
# dm versions   [ opencount flush ]   [16384] (*1)
# dm target-version crypt  [ opencount flush ]   [16384] (*1)
# device-mapper: target-version ioctl on crypt  failed: Invalid argument
# dm versions   [ opencount flush ]   [16384] (*1)
# Releasing crypt device /dev/nvme0n1p2 context.
# Releasing device-mapper backend.
# Closing read only fd for /dev/nvme0n1p2.
Command failed with code -5 (device already exists or device is busy).
[manjaro ~]#

Your command had no output, so I paste the information you were looking for here:

LUKS header information for /dev/nvme0n1p2

Version:        1
Cipher name:    aes
Cipher mode:    xts-plain64
Hash spec:      sha256
12

Something ain’t right (duh)
either with your encrypted volume
or perhaps with your hardware
Which one it is I cannot tell.

Something goes wrong 20 lines after the password entry (the line with no # in front of it):

here is the same portion when I do the same:
(I created a new virtual disk in my VM, created a gpt partition on it and formatted it as a luks type 1 volume)

# dm create versuch CRYPT-LUKS1-bb96bb5803f94a83a7cc9ecfa161f6c7-versuch [ opencount flush ]   [16384] (*1)
# dm reload   (253:0) [ opencount flush securedata ]   [16384] (*1)
# dm resume versuch  [ opencount flush securedata ]   [16384] (*1)

Here is the full output of where this snippet was taken from
for comparison, perhaps - it should look like this when it works:

cryptsetup open --debug /dev/vdc1 versuch
# cryptsetup 2.8.1 processing "cryptsetup open --debug /dev/vdc1 versuch"
# Verifying parameters for command open.
# Running command open.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/vdc1.
# Trying to open device /dev/vdc1 with direct-io.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device /dev/vdc1.
# Crypto backend (OpenSSL 3.6.0 1 Oct 2025 [default][legacy][threads][argon2]) initialized in cryptsetup library version 2.8.1.
# Detected kernel Linux 6.12.61-1-MANJARO x86_64.
# PBKDF pbkdf2-sha256, time_ms 2000 (iterations 0).
# Reading LUKS header of size 1024 from device /dev/vdc1
# Key length 64, device size 10481664 sectors, header size 4036 sectors.
# Activating volume versuch [keyslot -1] using token.
# dm version   [ opencount flush ]   [16384] (*1)
# dm versions   [ opencount flush ]   [16384] (*1)
# Detected dm-ioctl version 4.48.0.
# Device-mapper backend running with UDEV support enabled.
# dm status versuch  [ opencount noflush ]   [16384] (*1)
# Interactive passphrase entry requested.
Enter passphrase for /dev/vdc1: 
# Activating volume versuch [keyslot -1] using passphrase.
# dm versions   [ opencount flush ]   [16384] (*1)
# dm status versuch  [ opencount noflush ]   [16384] (*1)
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
# Reusing open ro fd on device /dev/vdc1
# dm versions   [ opencount flush ]   [16384] (*1)
# dm status versuch  [ opencount noflush ]   [16384] (*1)
# Calculated device size is 10477568 sectors (RW), offset 4096.
# dm target-version crypt  [ opencount flush ]   [16384] (*1)
# dm versions   [ opencount flush ]   [16384] (*1)
# Detected dm-crypt version 1.28.0.
# DM-UUID is CRYPT-LUKS1-bb96bb5803f94a83a7cc9ecfa161f6c7-versuch
# Udev cookie 0xd4d4eea (semid 0) created
# Udev cookie 0xd4d4eea (semid 0) incremented to 1
# Udev cookie 0xd4d4eea (semid 0) incremented to 2
# Udev cookie 0xd4d4eea (semid 0) assigned to CREATE task(0) with flags DISABLE_LIBRARY_FALLBACK         (0x20)
# dm create versuch CRYPT-LUKS1-bb96bb5803f94a83a7cc9ecfa161f6c7-versuch [ opencount flush ]   [16384] (*1)
# dm reload   (253:0) [ opencount flush securedata ]   [16384] (*1)
# dm resume versuch  [ opencount flush securedata ]   [16384] (*1)
# versuch: Stacking NODE_ADD (253,0) 0:0 0600 [trust_udev]
# versuch: Stacking NODE_READ_AHEAD 256 (flags=1)
# Udev cookie 0xd4d4eea (semid 0) decremented to 1
# Udev cookie 0xd4d4eea (semid 0) waiting for zero
# Udev cookie 0xd4d4eea (semid 0) destroyed
# versuch: Skipping NODE_ADD (253,0) 0:0 0600 [trust_udev]
# versuch: Processing NODE_READ_AHEAD 256 (flags=1)
# versuch (253:0): read ahead is 256
# versuch: retaining kernel read ahead of 256 (requested 256)
Key slot 0 unlocked.
# Releasing crypt device /dev/vdc1 context.
# Releasing device-mapper backend.
# Closing read only fd for /dev/vdc1.
Command successful.

I have no idea how you could proceed from here
to open the encrypted volume to get to your data.
Maybe try a different ISO - or use your backup.

13

I tried to use the backup and guess where the passphrase for the backup is saved… :see_no_evil_monkey:

14

Let that be a lesson to you. :upside_down_face:

15

So is this a topic for cryptsetup or device-mapper? I would go for the second, becaus of this:

I tested the hardware with nvme-cli:

[manjaro ~]# nvme smart-log -H /dev/nvme0
Smart Log for NVME device:nvme0 namespace-id:ffffffff
critical_warning			: 0
      Available Spare[0]             : 0
      Temp. Threshold[1]             : 0
      NVM subsystem Reliability[2]   : 0
      Read-only[3]                   : 0
      Volatile mem. backup failed[4] : 0
      Persistent Mem. RO[5]          : 0
temperature				: 39 °C (312 K, 102 °F)
available_spare				: 100%
available_spare_threshold		: 10%
percentage_used				: 0%
endurance group critical warning summary: 0
Data Units Read				: 31,254,619 (16.00 TB)
Data Units Written			: 26,694,941 (13.67 TB)
host_read_commands			: 441,959,689
host_write_commands			: 807,227,292
controller_busy_time			: 986
power_cycles				: 69,904
power_on_hours				: 7,355
unsafe_shutdowns			: 37
media_errors				: 0
num_err_log_entries			: 0
Warning Temperature Time		: 0
Critical Composite Temperature Time	: 0
Temperature Sensor 1			: 32 °C (305 K, 89 °F)
Temperature Sensor 2			: 32 °C (305 K, 89 °F)
Thermal Management T1 Trans Count	: 0
Thermal Management T2 Trans Count	: 0
Thermal Management T1 Total Time	: 0
Thermal Management T2 Total Time	: 0
[manjaro ~]#

So I guess, I have to turn to the device-mapper any thoughts beside this?

I’d like to thank all of you, who had spend their thoughts and time for this topic.

..and yes, @tracyanne, I did learn a lesson or two through this.

16

Using another ISO makes no difference - but you could try to reboot the system.

You cannot create two open containers from the same volume - only one.

Please use the rescue and recovery topic as reference for how to open and mount a luks volume.

When opening a luks container hosting a default Manjaro Installation it will be luks1 - this is not an issue as cryptsetup will open it correct even if you don’t provide a type.

Restart using the rescue ISO - you could also ensure that you have no active mapper crypt containers open - but it is easier to just restart.

On a default Manjaro system the layout is always

  • first partition is $esp
  • second partition is root
  • third partition is swap

So the process is

cryptsetup luksOpen /dev/<disk>2 system

Mount root partition

mount /dev/mapper/system /mnt

When mounted you check the content of /mnt to vefify it is correct - it should return a similar output (yours will not be identical)

 $ ls /mnt
a                   home        proc             tmp
bin                 lib         root             tpm2_pkcs11.sqlite3
boot                lib64       rootfs-pkgs.txt  usr
desktopfs-pkgs.txt  lost+found  run              var
dev                 miso        sbin
efi                 mnt         srv
etc                 opt         sys
17

I may or may not have quite a few passwords :grimacing:, but I can easily remember them and try them all in turn.
My strategy:
a quote from some book I read or some people I know who I will always associate with a particular saying that they often use - which no one else will even guess,
then take that phrase and use for instance the first letter of each word of that phrase - this will be hard to guess for anyone even if one would know that there are only letters in that pretty long sequence - which they don’t.
It may be hit and miss a couple of times for you, but you’ll always be able to eventually remember that phrase that it is derived from.
You’ll never guess a random password …

2 Likes