I'll start off by saying that I had found a temporary fix but need a permanent one, which I don't have sufficient expertise to do it. My temporary fix is just a lucky guess that worked the first try, here is the full journey of what had happened. By the way, I decided to add emotions to it to not be too monotonous and write as if I am telling a story. Please don't criticize too much if I do not follow the guidelines to the T.
I decided to install Peppermint OS on a really old computer, Compaq Presario V3000 Intel Core 2 Duo (codename Merom) which is 64 bits (as of writing date, PeppermintOS only has 64bit version and is still working on 32bit version), RAM 2GB and 150GB storage.
I downloaded the latest version available (as of April 4th, 2022) and made a live USB to install the OS. I went through the setup as normal and decided to choose disk encryption, the installation went smoothly and was quite fast for the machine (less than 10 minutes). After that was the time to reboot.
On the boot process, the bios ask first for the encryption key (on other distro it was GRUB first, encryption key later, this one was encryption key first GRUB later), after the key was given, it launch to GRUB and the boot process begin.
Here is where the problem begins : The Peppermint logo was show for a while, after that the screen enter the terminal displaying
BusyBox v1.30.1 (Debian 1:1.30.1-6+b3) built-in shell (ash)
Enter 'help' for a list of built-in commands.
(initramfs) _
I'll skip the unnecessary part, in the end I just type exit to see why it refuse to boot
exit
then I got the message
Gave up waiting for root file system device. Common problems:
- Boot args (cat /proc/cmdline)
- Check rootdelay= (did the system wait long enough?)
- Missing modules (cat /proc/modules; ls /dev)
ALERT! /dev/mapper/luks-UUID1 does not exist. Dropping to a shell!
BusyBox v1.30.1 (Debian 1:1.30.1-6+b3) built-in shell (ash)
Enter 'help' for a list of built-in commands.
(initramfs) _
My natural instinct is to of course verify if the disk to boot exist.
ls dev
sda, sda1, sda2 exist so the machine can see it connect after all (I don't need to use / because I am in it already in the first place)
ls dev/mapper
ls: dev/mapper: No such file or directory
OK! I said, so the drive isn't decrypt yet, that why there is no mapper. So I research a bit about what is available to me at the moment and how to use it. Skipping. After I found what I need :
cryptsetup open dev/sda1
Command requires device and mapped name as arguments.
So I search for a way to obtain the UUID (I can skip it but it is for those who have same problem who had no idea of how to obtain the UUID)
blkid
/dev/sda1: UUID="UUID1" TYPE="crypto_LUKS" PARTUUID="PUUID1"
/dev/sda2: UUID="UUID2" TYPE="crypto_LUKS" PARTUUID="PUUID2"
now time to decrypt
cryptsetup open dev/sda1 UUID1
Enter passphrase for dev/sda1:
(initramfs) _
cryptsetup open dev/sda2 UUID2
Enter passphrase for dev/sda2:
(initramfs) _
That should do it right?
exit
wrong !
Gave up waiting for root file system device. Common problems:
- Boot args (cat /proc/cmdline)
- Check rootdelay= (did the system wait long enough?)
- Missing modules (cat /proc/modules; ls /dev)
ALERT! /dev/mapper/luks-UUID1 does not exist. Dropping to a shell!
BusyBox v1.30.1 (Debian 1:1.30.1-6+b3) built-in shell (ash)
Enter 'help' for a list of built-in commands.
(initramfs) _
(I could have skip this part too, but I choose not to) Okay let's see what went wrong
ls dev/mapper
UUID1 UUID2 control
Great ! it lacks "luks-" before the UUID.... COME ON! (the next part can be skip too if you want, but I'll still put it here)
I then decided to look into the config file
cat /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-5.10.0-13-amd64 root=UUID=UUIDR ro quiet cryptdevice=UUID=UUID1:luks-UUID1 root=/dev/mapper/luks-UUID1 splash resume=/dev/mapper/luks-UUID2
That's the problem, I think, so just modify the file right?
vi /proc/cmdline
it is read only so no chance to modify anything whatsoever, sigh! (end of skippable part)
That was only the problem part, now on to the solution part (temporary solution)
I decide to grab the installation disk that I used to install Peppermint and live boot to read the content on the disk I need to decrypt it first
sudo apt install cryptsetup
(the modification to the live boot is persistent so no need to install again after the first time)
sudo cryptsetup open /dev/sda1 UUID1
Enter passphrse for /dev/sda1:
sudo mount /dev/mapper/UUID1 /mnt
cd /mnt/boot/grub
(I do cd and ls for each layer but decide to skip it and put on the full path, as for why I choose this path is just random guess which happens to work)
the live boot don't have nano or emacs (yay vim/vi for the win, yes I am team vim) for those who don't know how to use vim and exit properly, please research and learn the basics before using it, you have been warned.
sudo vi grub.cfg
There are 6 "luks-" to remove, two lines, three in each line
line 151 and line 175
:wq!
to force quit
(retrospection, I should have read the warning because this will avoid me to do this step again and again, I have done this step more than once which is totally unnecessary, but at least I'll be able to provide others of where to edit instead)
That was my stupid mistake that I realized the second time, lol, so this is what I do the second time to avoid doing it again
cd /mnt/etc/default
sudo vi grub
I remove all the "luks-" in the line 9 which is 3
:wq
The reason that I modified the file in /mnt/boot is that I don't have expertise in GRUB (you can say that I am a novice when it comes to GRUB) and I don't know the command to directly update the GRUB config in /mnt/boot (the command provided was for /boot meaning that it will update /boot from /etc/default and not update /mnt/boot from /mnt/etc/default
I change /mnt/etc/default/grub the second time because I read the warning, so I have to repeat this unnecessary step again instead of doing it just once, for those reading this, if you done properly you will be doing this step once only
Now the recurring part to accomplish at each boot
Reboot the device, the BIOS ask for encryption key, then GRUB and then
BusyBox v1.30.1 (Debian 1:1.30.1-6+b3) built-in shell (ash)
Enter 'help' for a list of built-in commands.
(initramfs) _
exit
Gave up waiting for root file system device. Common problems:
- Boot args (cat /proc/cmdline)
- Check rootdelay= (did the system wait long enough?)
- Missing modules (cat /proc/modules; ls /dev)
ALERT! /dev/mapper/UUID1 does not exist. Dropping to a shell!
BusyBox v1.30.1 (Debian 1:1.30.1-6+b3) built-in shell (ash)
Enter 'help' for a list of built-in commands.
(initramfs) _
blkid
/dev/sda1: UUID="UUID1" TYPE="crypto_LUKS" PARTUUID="PUUID1"
/dev/sda2: UUID="UUID2" TYPE="crypto_LUKS" PARTUUID="PUUID2"
cryptsetup open dev/sda1 UUID1
Enter passphrase for dev/sda1:
(initramfs) _
cryptsetup open dev/sda2 UUID2
Enter passphrase for dev/sda2:
(initramfs) _
ls dev/mapper
UUID1 UUID2 control
That should do it!
exit
At last the system boot!
The problem with this fix is that I need to manually decrypt the partitions at each boot manually, the second partition is the swap partition which didn't mount at all (I use htop to verify). So i want to ask if anyone can provide me a permanent fix, which I don't have to manually decrypt each partition at each boot and that the swap partition is mount properly.
I'll also write to the developer of Peppermint so that the can sort the issue for their next release. I highly suspect that it was because they decrypt the disk in BIOS before GRUB so that GRUB don't know how to decrypt it, the other distro (Quebes,I can't use it because my machine doesn't have VT-X) I tried launch GRUB before asking for the disk encryption key so that might be the difference, btw a remark for the both distro what if the person using the encryption decided to use non latin character base as their encryption key? In Qubes you can't change the keyboard layout, and in Peppermint it is in BIOS level, so the person who define the disk encryption key have to set the key in US keyboard standard when they are installing the OS, or that might lead to major complications.