Bug ID 1095096
Summary Leap 42.3: update broke boot with encrypted partitions on NVMe
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.3
Hardware x86-64
OS openSUSE 42.3
Status NEW
Severity Critical
Priority P5 - None
Component Bootloader
Assignee jsrain@suse.com
Reporter dariusz.ostolski@gmail.com
QA Contact jsrain@suse.com
Found By ---
Blocker --- 

Created attachment 771738 [details]
Emergency shell with broken cryptsetup

After latest updates my laptop won't boot anymore. Needless to say I've chosen
Leap due to stability and this is somehow disappointing that it's second time
during last 12 months when my machine cannot boot because of updates.

I have LVM encrypted nvme disk.

The culprit of this is difference between what contents of /etc/crypttab and
/dev/disk/by-id/ directory (see attachment).



How to fix that (based on https://bugzilla.opensuse.org/show_bug.cgi?id=1063249
and https://bugzilla.opensuse.org/show_bug.cgi?id=904987):
1. Wait for emergency shell

2. Decrypt *all* encrypted drives/partitions (you quite possibly only have one)
that are part of your system. The lsblk command may be helpful, or you may find
these under paths like /dev/nvme*, or it may be easier to look at the symlinks
under /dev/disk/by-id/ (be aware there are likely lots of duplicates, pointing
to the same drive/partition, in this location). Run cryptsetup for each one:

cryptsetup open <device> <some-unique-name>

For example:

cryptsetup open /dev/nvme0n1p2 name1

<some-unique-name> needs to be different for each device, obviously. :-)

Enter the normal passphrase for each device when prompted.

3a. If you are using LVM, run:
lvm_scan
lvm lvscan
lvm vgchange -ay
lvm lvdisplay

Verify you can see all your logical volumes.

Note the "LV Path" of each logical volume.

Mount the logical volume that corresponds to the / filesystem for your system
on /mnt. It may have an "LV Name" of root, or it may not. Use the "LV Path" to
mount it:

mount <lv-path> /mnt

For example:

mount /dev/system/root /mnt

3b.  If you ARE NOT using LVM, mount the drive/partition that corresponds to
the / filesystem for your system on /mnt:

mount <device> /mnt

For example:

mount /dev/nvme0n1p2 /mnt
4.  (probably unneeded!) If you have a very unusual setup where /etc is on a
separate filesystem from /, mount it:

mount <device/lv-path> /mnt/etc

For example:

mount /dev/system/etc /mnt/etc

5. Prepare and enter a chroot environment for your system:

mount -t proc none /mnt/proc
mount --rbind /dev /mnt/dev
mount --rbind /sys /mnt/sys
chroot /mnt /bin/bash

6. Mount the remaining filesystems (if any) using information from your
system's /etc/fstab file:

mount -a

7. Edit /etc/crypttab to fix the entry that is no longer created by udev
because of this bug.
Replace:
/dev/disk/by-id/nvme-20xxxxxxx

With:
/dev/disk/by-id/nvme-eui.0

8. (May be optional) I'm not sure if this is required but I've executed
/usr/lib/systemd/system-generators/systemd-cryptsetup-generator

9. Regenerate the initramfs boot images with dracut.

dracut -f

You are receiving this mail because: