2

I have installed debian on two partitions on a single hard drive. One is on ext4 partition and the other is on luks partition.

Recently I updated grub in the debian on ext4 partition. Since then the debian luks is not detected.

What can I do to add debian on luks partition to boot option?

physu
  • 199
  • What exactly did you do to update GRUB? Did you just install it from Debian packages, or did you manually compile, install and configure a new version of GRUB from source code? Do you have one installation of Debian using two partitions, or two separate installations? – telcoM Jul 31 '20 at 10:51
  • I did "sudo apt upgrade" – physu Jul 31 '20 at 12:13
  • I have two separate installations. – physu Jul 31 '20 at 12:14
  • I have a similar problem here: https://askubuntu.com/q/1265247/231936. Also awaiting a solution. – deadghost Aug 07 '20 at 18:22

1 Answers1

0

OK, so you have two separate installations, fighting for the control of the single Master Boot Record (MBR).

You probably had installed the encrypted one last, and it overwrote the first installation's GRUB in the MBR. The encrypted installation knows about itself, and it can detect the other installation and include it automatically in the GRUB menu if the os-prober package is installed.

Now, when you updated the GRUB on the un-encrypted installation, its update system went on to upgrade its GRUB... overwriting the one currently in the MBR. Now, the update-grub command of the un-encrypted installation cannot detect the encrypted installation, because it's encrypted... unless you unlock the encryption for it manually:

cryptsetup open /dev/<LUKS partition> <LUKS partition>_crypt --type luks

This should make the LUKS partition ready for mounting at /dev/mapper/<LUKS partition>_crypt. Now update-grub will be able to take a peek inside it and find the kernel & initramfs within.

But before that, you would need to enable disk encryption support in the GRUB of the un-encrypted installation:

echo "GRUB_ENABLE_CRYPTODISK=y" >>/etc/default/grub
update-grub
grub-install /dev/sda

(Enabling encryption support will make update-grub check for encrypted disks and add some commands for handling them in /boot/grub/grub.cfg, but it will also require the regeneration of the GRUB core image, so a reinstall of the GRUB component in MBR is required. The grub-install /dev/sda command will do that.)

If I'm reading os-prober's scripts correctly, unlocking the encryption before running update-grub might allow it to auto-detect the second installation. If that's not the case, you might have to write a "custom" GRUB configuration entry for it in /etc/grub.d/40_custom, which will be included into /boot/grub/grub.cfg generated by update-grub.

telcoM
  • 96,466
  • How can I mount the LUKS partition at /dev/mapper/_crypt ? – physu Jul 31 '20 at 15:50
  • You don't mount it there: that device will appear as a result of the "cryptsetup open" command, and through it the os-prober will be able to access your encrypted installation and find out where it keeps its kernel and initramfs. – telcoM Jul 31 '20 at 15:55
  • 1
    No, it didn't work. How can I write the custom GRUB configuration entry? – physu Jul 31 '20 at 16:01