Comment 15 for bug 1829620

Mark:

With a LUKS encrypted system, when a new kernel is installed "update-initramfs -u -k $KERNEL_VERSION" is executed.

As part of that cryptsetup hooks scripts are called. They examine /etc/fstab and /etc/crypttabto determine if the root file-system, or swap (which may be used for hibernation) are encrypted.

If so cryptsetup and its supporting libraries and scripts are copied into the initrd.img-$KERNEL_VERSION file that is being built.

Additionally, the /etc/crypttab entry for the root file-system device is added to the initialramfs's /conf/conf.d/cryptroot.

At boot-time the initialramfs cryptsetup scripts read this file and should unlock the LUKS container.

As that is not happening you should, when dropped at the initialramfs shell, check for the existence of the config and the tooling:

# ls -l /conf/conf.d/cryptroot /bin/cryptroot-unlock /sbin/cryptsetup /lib/cryptsetup/askpass

If they are present you can manually unlock using:

# cryptsetup open /dev/sdXY sdXY_crypt

Note: identify the LUKS container using:

# blkid | grep crypt_LUKS

and replace my example 'sdXY' with your device name.

After a successful unlock scan for LVM volumes:

# vgchange -ay

Then let the init system resume operations by pressing Ctrl+D or typing:

# exit

If you're not in the initramfs but are looking at the broken system's file system from a LiveISO or similar you can check whether the cryptsetup tools are included in the initrd.img file using this command:

# sudo ls -l /boot/initrd.img*

# sudo lsinitramfs /boot/initrd.img-$KERNEL_VERSION | grep crypt

cryptroot-keyfiles
cryptroot-keyfiles/cryptswap1.key
cryptroot-keyfiles/LUKS_VG02.key
sbin/cryptsetup
usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
conf/conf.d/cryptroot
bin/cryptroot-unlock
lib/cryptsetup
lib/cryptsetup/askpass
lib/x86_64-linux-gnu/libgcrypt.so.20.2.1
lib/x86_64-linux-gnu/libcryptsetup.so.12
lib/x86_64-linux-gnu/libgcrypt.so.20
lib/x86_64-linux-gnu/libcryptsetup.so.12.2.0
lib/modules/5.1.0-050100-lowlatency/kernel/crypto
lib/modules/5.1.0-050100-lowlatency/kernel/crypto/crypto_simd.ko
lib/modules/5.1.0-050100-lowlatency/kernel/crypto/xor.ko
lib/modules/5.1.0-050100-lowlatency/kernel/crypto/cryptd.ko
lib/modules/5.1.0-050100-lowlatency/kernel/crypto/ecdh_generic.ko
lib/modules/5.1.0-050100-lowlatency/kernel/crypto/async_tx
lib/modules/5.1.0-050100-lowlatency/kernel/crypto/async_tx/async_tx.ko
lib/modules/5.1.0-050100-lowlatency/kernel/crypto/async_tx/async_memcpy.ko
lib/modules/5.1.0-050100-lowlatency/kernel/crypto/async_tx/async_raid6_recov.ko
lib/modules/5.1.0-050100-lowlatency/kernel/crypto/async_tx/async_pq.ko
lib/modules/5.1.0-050100-lowlatency/kernel/crypto/async_tx/async_xor.ko
lib/modules/5.1.0-050100-lowlatency/kernel/drivers/md/dm-crypt.ko
lib/modules/5.1.0-050100-lowlatency/kernel/arch/x86/crypto
lib/modules/5.1.0-050100-lowlatency/kernel/arch/x86/crypto/glue_helper.ko
lib/modules/5.1.0-050100-lowlatency/kernel/arch/x86/crypto/aes-x86_64.ko
lib/modules/5.1.0-050100-lowlatency/kernel/arch/x86/crypto/aesni-intel.ko
scripts/local-bottom/cryptopensc
scripts/local-block/cryptroot
scripts/local-top/cryptroot
scripts/local-top/cryptopensc