Can't boot from full encrypted cloned disk

Hi there,

I have cloned my (perfectly running :wink: ) Endeavour installation to an USB disk of same size with “dd”. Original Endeavour is fully encrypted including grub. I also got hibernation running. Works like a charm.

I then put the cloned ssd into an external USB case.

I then attached the USB disk to another laptop (to avoind double UUIDs) and booted up from that disk. I had to enter the grub boot password. Grub is launching and showing the grub menu. But whatever I select then I always run into this error:

ERROR: device ‘/dev/mapper/luks…’ not found. Skipping fsck…

Google results mostly point out to a wrongly built initramfs. But in my case the mkinicpio.conf must be okay

HOOKS=(base udev autodetect modconf block keyboard keymap consolefont encrypt filesystems resume fsck)

and that it works I can tell as the original disk boots up correctly.

Do you have any clue why the disk when attached as external device on a diffeent laptop does NOT work?


Not sure if this might help but perhaps you could boot up your EnOS live usb, mount and unlock partiotions on your cloned drive and check if the UUID for the swap device corresponds to the one in fstab.

Or just disable/remove swap/hibernation on the cloned system and see if it boots up correctly. You might need to this in chroot and rebuild initrd by running mkinitcpio.

or remove the resume part from grub temporary on boot time by pressing “e” on grub menu ?

The second line disappears when I remove the resume part but still does not find the luks device (3rd line).

In the rescue shell I only can see one file with ‘ls -l /dev/mapper’


but no luks* directory. But that me be because of the rescue shell - don’t know.

I have no personal experience on this, but there is no luks2 hook. Could that matter?

I think it isn’t that easy to just clone an existing device to a usb drive and it just works.
Have you followed some online guide, or how did you come up of the proper procedure?

Anyway, you should explain/post how the original system was set up regarding encryption method. There are more than one approach IIRC. :person_shrugging:

yea I thought that, too at first. But as it’s a 1:1 clone from the working disk initramfs and all that should contain all that matters. I’ll just grab some more information and post it here.

so here some information

the disks (sda is the external cloned usb):

❯ lsblk
NAME                                          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
sda                                             8:0    0 953,9G  0 disk  
├─sda1                                          8:1    0   300M  0 part  
└─sda2                                          8:2    0 931,2G  0 part  
nvme0n1                                       259:0    0 931,5G  0 disk  
├─nvme0n1p1                                   259:1    0   300M  0 part  /boot/efi
└─nvme0n1p2                                   259:2    0 931,2G  0 part  
  └─luks-91386e25-1e7b-4df5-819d-96198a54eb82 254:0    0 931,2G  0 crypt /

/boot/grub/grub.cfg linux line on both systems

linux   /boot/vmlinuz-linux root=UUID=a68cec36-3cda-4c58-b52a-b7b94bcf2ed5 rw  quiet cryptdevice=UUID=91386e25-1e7b-4df5-819d-96198a54eb82:luks-91386e25-1e7b-4df5-819d-96198a54eb82 root=/dev/mapper/luks-91386e25-1e7b-4df5-819d-96198a54eb82 loglevel=3 nowatchdog nvme_load=YES resume= resume_offset=119984128 resume=/dev/mapper/luks-91386e25-1e7b-4df5-819d-96198a54eb82 resume_offset=119984128

/etc/fstab on both

# <file system>                                          <mount point>               <type>  <options>          <dump>  <pass>
UUID=B725-D1B6                                           /boot/efi                   vfat    umask=0077         0       2
/dev/mapper/luks-91386e25-1e7b-4df5-819d-96198a54eb82    /                           ext4    defaults,noatime   0       1


# <name>               <device>                         <password> <options>
luks-91386e25-1e7b-4df5-819d-96198a54eb82 UUID=91386e25-1e7b-4df5-819d-96198a54eb82     /crypto_keyfile.bin luks

sudo blkid

❯ sudo blkid
/dev/mapper/usb: UUID="a68cec36-3cda-4c58-b52a-b7b94bcf2ed5" BLOCK_SIZE="4096" TYPE="ext4"
/dev/nvme0n1p1: LABEL_FATBOOT="NO_LABEL" LABEL="NO_LABEL" UUID="B725-D1B6" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="9025384b-e621-6042-bed5-147dc40b854a"
/dev/nvme0n1p2: UUID="91386e25-1e7b-4df5-819d-96198a54eb82" TYPE="crypto_LUKS" PARTLABEL="root" PARTUUID="e31da825-ed42-4040-9a1c-12dac7970400"
/dev/mapper/luks-91386e25-1e7b-4df5-819d-96198a54eb82: UUID="a68cec36-3cda-4c58-b52a-b7b94bcf2ed5" BLOCK_SIZE="4096" TYPE="ext4"
/dev/sda2: UUID="91386e25-1e7b-4df5-819d-96198a54eb82" TYPE="crypto_LUKS" PARTLABEL="root" PARTUUID="e31da825-ed42-4040-9a1c-12dac7970400"
/dev/sda1: LABEL_FATBOOT="NO_LABEL" LABEL="NO_LABEL" UUID="B725-D1B6" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="9025384b-e621-6042-bed5-147dc40b854a"

Do you use a swapfile for hibernation?
Doesn’t it have to show in fstab?
I don’t have much experience with encryption, so sorry if this is irrelevant.
I just find the issue intriguing.

you’re right. it’s in fstab. I just cut off 2 entries that don’t matter here :wink:

1 Like

This link exactly describes my problem. I’m gonna try this in the next days. Seems the right cause and resolution approach.

I’ll report. Thanks so far for your ideas.


unfortunately no luck…

I added all drivers I found in dmesg when connecting the external disk to my laptop to the MODULES in /etc/mkinicpio.conf one by one and ran mkinitcpio -p linux. usb-storage other usb stuff, a realtek driver for the case, uas, …

About 10 approaches and now obviously have a maximum of modules in initramfs. The error still is the same.

I give up for now.

The disk is intended as a complete backup disk I can swap back int my laptop in case of a failure but I thought it would have been nice if I easily could have booted up from that disk without opening the case…

May be I’ll try another external USB box if nobody elase has an idea.

one more thing I noticed when dropped to the shell during boot process. I could see in dmesg that all my drivers added to the modules section were loaded AND I could mount the “missing” luks device manually from there with cryptsetup luksopen … and a mount … after that.

You should just try booting the fallback kernel option, which includes all required modules. Unless you did it already.

You could try chrooting to that system and recreate kernel images and re-installing grub.

that’s what I did. I tried both kernels (5.15… and the lts, with regular and fallback option)

the initram has been recreated with chroot and mkinitcpio while I added all the modules. I didn’t reinstall grub yet. But I have doubt that it will help as the boot process already has passed the grub part and scree displays the “Starting arch …” message. Something to the initramfs … No clue…