I reboot PC now and OpenSuse Login screen appears but it should go to disk encryption log in. I can not log in now since my root directory is encrypted. This problem started after I made changes with VeraCrypt inside system.
Do I need to edit Grub bootloader to somehow fix this?
-edit:
also note I can boot into Read Only Snapshot but I dont if this relates to my problem.
I use LUKS encryption. I have no experience with VeraCrypt.
You probably need some sort of rescue media – either a live 15.1 CD or boot the installer to the rescue system.
From there, you would need to mount your broken system if possible, and try to find out what is broken.
I am able to boot to read-only mode snapshot. Is that the same as a recovery USB? I do not know what to do here because I am in read only mode and also somehow I am not in the mode of unencrypted entire disk that usually starts before OpenSuse.
I think problem is I used Vera Disk and mounted a container file to /dev/sda1 or sda 2 or sda 3 and now maybe that moved something that GNU tries to find bootloader in wrong location because container file is no longer mounted but bootloader location is wrong?
because I do not understand how I skip to OpenSuse login screen when my entire disk used encryption, now I do not encounter full disk encryption login screen.
I guess the snapshots are stored alongside OpenSuse but not on the encryption, and that I need to get a recover USB… then to mount the file and guess what to do after that.
If you are getting a login prompt, then your issue is not with grub.
The job of grub is to load the kernel into memory and to start it running appropriately. If you are getting a login prompt, then that part is working.
Beyond that, you haven’t provided much information.
If you made encryption changes, did you also update “/etc/crypttab” to match? And if so, then did you remake the “initrd”? Those are really questions for you to ask yourself.
If everything is encrypted, then you should never get as far as a login prompt without giving the encryption key. If only “/home” is encrypted, then you could get to a login prompt but be unable to actually login.
I am unsure what is happening because I thought my entire Linux was encrypted. I am at first Log In screen but I thought my entire disk was encrypted. I am at the screen that asks for user name and password. I did not mean to change any encryption settings.
You can try using CTRL-ALT-F1 to get a terminal (virtual console). And then see whether you are able to login there.
You can get back to the graphic login screen with CTRL-ALT-F7
I am unable to boot to disk even using OpenSuse usb recovery option. It gives error.
Only thing I can do successfully is “Start bootloader from a read-only snapshot”
From this snapshot I can see: no directory in /ect/crypttab
I am also able to edit boot loader options in Yast it seems, but I don’t know what to do. I have currently chosen all three systems sda1 sda2 and sda3 to boot from?
I installed software reps too as well, some of which may have been Yast encryption that has taken control of my encryption? What happened to my full disk encryption if I am able to use snapshot and OpenSuse username and files?
My understanding is Snapshot directory is stored along another partition that I did not encrypt; this was a security oversight by me. I must not be able to write to the root directory, only save current changes in my Snapshot partition. I do not understand what caused this. There is an error about ACHI something and other errors that flash quickly when booting.
I have mostly avoided “btrfs” (except for occasional testing), so I have little experience with read-only snapshots. There might be a way to rollback to a working version, but that’s beyond my experience level. Maybe someone else is able to give advice.
is it possible my issue lies in the Bios because it thinks my drive is a different size now than it actually is? (accounting for the negative space on the sda2 drive because the container is currently dismounted/hidden since VeraCrypt is closed? I do not know how to prevent this from happening again if I reinstall.
This is what happens when I start my computer:
-Computer starts up
-Displays error messages about ACPI (I have Windows on another drive) and invalid PCI header signature
-Skips full disk encryption Log In (for unknown reason)
-OpenSuse User name and Log In display, but when I log in nothing happens
I doubt that it is a BIOS issue.
Let me describe my setup. I use LUKS encryption, with an encrypted LVM. I do not use “btrfs”. I do have a separate unencrypted “/boot”.
On bootup, I am prompted for the encryption key by the kernel. The kernel itself comes from the unencrypted “/boot”.
The code that produces the login screen is all part of what is encrypted. So it just is not possible to get a login screen without the encryption key.
Now I do have another system, this time running in a KVM virtual machine. For that system, there is no separate unencryted “/boot”. So the boot prompt already requests the encryption key before I see the grub boot menu. Grub2 then loads the kernel and initrd from inside the encrypted LVM. I do have an alternative encryption key stored in the “initrd”, so that I won’t be prompted a second time for the encryption key.
In that second system, if somehow the kernel and “initrd” were copied to some place outside of the encrypted space, then it is conceivable that it could boot without me providing the key. The only place outside the encrypted space is the EFI partition. And if the kernel and initrd were copied there, my security would be compromised (but this is only a virtual machine, so not a big concern for me).
With those as comparison, I try to understand what you are seeing. Here are the two possibilities that I can think of:
(1) your crypto is compromised, and something containing the encryption key is in unencrypted space.
or
(2) only yoiur “/home” is actually encrypted, and you are booting to the login prompt which therefore does not require encryption. But you cannot login to your desktop because your home directory is still in encrypted space.
However, in case of (2), you should be able to login at a command line, but be unable to do anything because your home directory is not accessible.
Maybe something different is happening. I am not at all familiar with the veracrypt setup.
Updates:
I am logged into my system from terminal. I have su access. I thought my full disk was encrypted but somehow I think it is not any more, but it was before. I understand the Linux kernal must not be encrypted some how, possibly from Yast Administrative encryption or another update I did before restart.
I do not know what to do now. Log in at GUI does nothing when I enter password. I am not able to log in GUI, only terminal.
Then possibly your “/home” is encrypted.
That would allow you to login at the terminal, but not at the GUI. However, the diretory that you see when you login at the terminal would not be writable by you.
Login as yourself at terminal (command line).
pwd
touch x
ls -l x
and post the results here (should be only a few lines so pencil and paper copying is good enough).
Encrypting a whole disk would take a good amount of time and does not happen spontaneously. No magic involved. If you can get to any login without a password then the whole disk was not encrypted… Note by default now a days on BTRFS /home is a sub-partition of root not a separate partition unless you set it to a separate partitiion . This may confuse veracrypt maybe??? Maybe check how things are mounted. From terminal login look at cat /etc/fstab
I am logged in to terminal and have discovered some RED color files in /s/bin/ and they are:
mount.nfs
unix2_chkpwd
unix_chkpwd
I am in / directory, I type pwd to show this. I type touch x, it says touch: cannot touch ‘x’ : Permission denied
Okay. But I’m not sure what that means. I turn off the colored “ls” because it is hard to read. So I don’t remember what the colors stand for. Here, those programs show a executables that run with root permissions.
I am in / directory, I type pwd to show this. I type touch x, it says touch: cannot touch ‘x’ : Permission denied
That’s fairly normal for “/”. However, if that is where you landed after the terminal login, then it indicates that your home directory is not available. So you probably have encrypted “/home” and that has not been unencrypted.
If you know the command to decrypt “/home”, you can try that at the command line as root (or with “sudo”). Again, I have not experience with veracrypt/truecrypt, but I think you would probably use the “cryptsetup” command for that. Maybe
man cryptsetup
will give some useful hints.
My /home/ must be encrypted because I go to the home directory using the terminal and it is empty.
‘man cryptsetup’ showed a full screen of lines, but I do not know how to proceed.
Be sure that home partition is mounted to /home. An empty home list probably indicates that home partition is not mounted but the /home mount point exists.
**mount **with no parameters will show existing mounting scheme. Also examine /etc/fstab
I will continue this tomorrow with everyone’s advice. right now I dont know what it all means.
and I am locked out of my other computer now. I think I deleted the partition using kde partition manager, if that is possible I accidentally selected my hard drive instead of a USB flash drive to format…