How to fix boot for restored Leap 15.2 install with LUKS?

I found out that a stick of RAM went bad, but not before my 15.3 install got messed up and I needed to fall back to a 15.2 Clonezilla / backup from June (home is on a separate partition).

My system is set up with LUKS and uses keyfiles so that I only need to enter the password once (using the instructions from here).

When I restored the backup, it kept giving an error after typing in the LUKS password. I figured this was because GRUB was set up for 15.3, so my 15.2 install wasn’t compatible. It never occurred to me that I should also be backing up the EFI partition at the same time as my root partition.

To get around that I installed 15.2 (recreating /boot/efi partition), restored over it and tried again - similar issue, kept giving an error after entering the LUKS password. I figured this time that the GRUB setup was too early (months before my backup).

Then I tried installing 15.2 again, updated it (which also updated GRUB), restored over it, and tried again. This time I could get past the first LUKS password prompt, and reached the GRUB menu.

After selecting the OS from the GRUB menu, an error is visible for a few seconds: no such cryptodisk found.

After that, it asks for the LUKS password again (root, home, and swap are encrypted) and the system hangs until it times out and I reach the Emergency Shell.

When I run journalctl I see a systemd-cryptsetup error that says:

Failed to activate with key file ‘/.root.key’: Operation not permitted.

Anyone know how I can go about correcting this?

I’m currently trying to figure out how to undo the keyfile setup described here while booted into a 15.2 live environment.

I can remove/rename the keyfiles, remove mention of them in crypttab (step 4), but I don’t know how to configure dracut to remove the key file from initrd (step 5).

The command to add them was:
echo -e ‘install_items+=" /.root.key "’ | sudo tee --append /etc/dracut.conf.d/99-root-key.conf > /dev/null

I’m not sure if anything needs to be done about step 6 (making /boot root-accessible only) and I’m not sure how to rebuild the initrd

I think that’s possible with chroot but am unfamiliar with its usage.

Managed to successfully remove the usage of keyfiles from intrd and rebuild it from a live environment.

  • Opened the encrypted root partition in dolphin and noted the path
  • Removed **/etc/dracut.conf.d/99-root-key.conf **
    (the only thing it contained was the line install_items+=" /.root.key) thinking that if it’s no longer present, when I rebuilt initrd, it would remove anything related to the keyfile. - Mounted a number of system directories to corresponding places in the path (tmp, sys, dev, proc, and var) using sudo mount -o bind /folder /PathToMountedRoot/folder
  • sudo chroot /PathToMountedRoot/ /bin/bash
  • sudo mkinitrd

Mounting /var didn’t seem to work, so mkinitrd wasn’t successful at first - it failed saying a few files and folders in /var weren’t accessible. To get around that I manually created the files and folders it mentioned and ran mkinitrd again (which was successful).

When booting after this new errors came up about mounting drives (some NTFS drives, swap, and efi partitions)

After removing the NTFS drives from fstab and correcting the UUIDs for swap the and efi partitions, I got to the login screen, but logging in takes me to a black screen with just a mouse pointer. I suspect there are permission issues but don’t know if they can cause that.

I am able to work from a virtual terminal and log in as root, if needed, though, so will hopefully be able to figure out the rest.

Got everything back up and running.

A simple ** chown -R username:users /home/username** and I was able to log back into my desktop.

While reinstalling 15.2, I reformatted both EFI and swap partitions, so they had different UUIDs from what my old system was configured to look for. Changed those in fstab.

Boot was very slow, waiting for a partition. Found out that there was also a kernel parameter pointing to the old swap file UUID. Boot speed was good after correcting that.

The ntfs drives wouldn’t mount in Dolphin, so I tried from a command line and it showed some errors. Still dual-boot Windows, so ran chkdsk on them to correct the errors. Most of the errors related to invalid filenames in ntfs - I never noticed that you’re not prevented from using illegal characters when saving to ntfs partitions in Linux. I should really change them to a Linux file system, as I only log into Windows once every few months these days.

Just need to upgrade again to 15.3, install a few programs and things will be back to where they were before this mess.