Luks problems - suddenly locked out of computer

Hi all

Apologies, I’m in a bit of a crisis. I’ve been using EndeavourOS since last autumn without problems. No dualboot, just pure EOS. Full disk luks encryption - not sure what the file system is.

This morning I booted my computer and found that I cannot decrypt my hard disk (see below error).

I have attempted to reboot multiple times. I know the keyboard layout is in EN_US and that shouldn’t cause the issue. The password is also correct - typed it in plain text in rescue mode to verify.

I have had issues previously with the password being unrecognised once, maybe twice, but never have been locked out for an entire hour.

Tried searching for answers, most unusable as I can’t actually log in.

Can anyone please help a comrade?

Try booting into a live environment and decrypting your root partition using sudo cryptsetup open.

Luks headers can corrupt, although it is not common, always a good idea to back them up using sudo cryptsetup luksHeaderBackup.

For this reason I always image backup the root filesystem within a luks partition, this way if the luks header corrupts I can just create a new luks container and restore the root filesystem into it.

Thanks - I have tried that and it is still refusing the password - “no key available for this passphrase”. My password is definitely correct though.

Is this consistent with the headers being corrupted?

At this stage, is my best option to reinstall?

You are absolutely positive your are remembering your passphrase correctly?

Check the header info can be read with luksDump.

sudo cryptsetup luksDump [root-partition]

A lower level technique for determining if a luksHeader has been lost.

https://serverfault.com/questions/1032006/how-do-i-know-a-luks-header-is-corrupt

Any damage to a luksHeader can be recovered if you have luks headers backed up.

sudo cryptsetup luksHeaderRestore [luks-partition]

It is also possible that a specific keyslot info has been corrupted, although I don’t know how to specifically test for this. Restoring a luksHeader should remedy this.

If you are positive your password is correct, keymap is correct, and you have no luksHeader backup then re-install would be your only option.

This is the double edged sword of at rest encryption.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.