Recover an encrypted-lvm-root system from broken boot partition

I just fiddled this out after I accidentally deleted the content of my /boot partition on a UBuntu Jaunty system that I installed with an encrypted LVM root and home volumes. Although the problem occured just with a play and testing system which I had a full backup off, and could have easily recovered or reinstalled, I was curious about how to solve this problem - just in case it will happen to me some day when I can not just throw away the inaccessible system (whichg now, that I know how to solve it, will never happen ;) ).

It turned out to be a bit tricky. You will defintely need some more knowledge of how grub and the Linux boot process works than I want to describe here now. And not everything here might be totally accurate, because I had some other problems due to the nature of the "play and testing system" and some other things being not totally in order (e.g., the latest Kernel and initrd I wanted to use first, was broken and not correctly installed - so there wasn't any crypto support in it at all, but the initrd decryption scripts did not tell me about this, just said they couldn't find a key...).

Here's the essence what I did to get the system running again:

  • copy /boot data from another system that runs with an encrypted root filesystem to a usb stick or make it available with scp or some other way ( make sure that the kernel versions from this copy and from the broken system match!)
  • boot a rescue distribution (e.g. GRML) - mount the boot partition, and put the copied /boot data in there (without the /boot prefix)
  • Change the menu.lst - you need to set groot variable correctly - e.g. for a default debian/ubuntu install install, (hd0,4) will do
  • to the kernel entry you want to boot, add "cryptopts=target=sda1_crypt,source=/dev/sda1,key=none" as kernel command line parameter (you could as well to this on the grub prompt, if you like)
  • reboot - chode the right grub entry
  • Now, the system should boot quite fine again, and prompt you for the encryption password!

Still, you need to recreate your initrd: "update-initramfs -d -k "

The background of the cryptopts parameter and intrd recreation is, the initrd contains some information - the uuid, that is - about which partition needs to be decrypted to make the logical volumes available in which the installer placed your installation. Therefore, you have to override this info at the first start with the cryptopts kernel command line parameter.