lsblk:
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
nvme1n1 259:3 0 465,8G 0 disk
├─nvme1n1p1 259:4 0 334,8G 0 part
├─nvme1n1p2 259:5 0 61M 0 part <-- EFI parition (FAT32)
├─nvme1n1p3 259:6 0 130,5G 0 part <-- LUKS filesystem
└─nvme1n1p4 259:7 0 415M 0 part <-- Boot (ext4)
blkid:
/dev/nvme1n1p1: LABEL="Data" BLOCK_SIZE="512" UUID="3E52942D799CCE70" TYPE="ntfs" PARTLABEL="Data" PARTUUID="f6466353-da7d-4361-987d-72c0b8c58221"
/dev/nvme1n1p2: UUID="B320-DE26" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="3fb4d2e9-21d8-9a4b-9edc-46e08cb599fb"
/dev/nvme1n1p3: UUID="4bb29b56-6a1e-48f4-901e-d95374a775ca" TYPE="crypto_LUKS" PARTLABEL="Crypt" PARTUUID="0970b27c-9324-4100-8ae3-35ea343125e9"
/dev/nvme1n1p4: UUID="bac2547f-f7f7-498a-87df-e60676b9df19" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="077374f7-2564-7e45-964d-78f9d0f072b5"
- nvme1n1p2 filesystem is empty
- nvme1n1p4 filesystem is empty
- system architecture is x86_64
$ modprobe efivars
$ modprobe efivarfs
The mapping name (nvme1n1p3_crypt) must match the name specified in the target system's crypttab (/target/etc/crypttab).
$ cryptsetup luksOpen /dev/nvme1n1p3 nvme1n1p3_crypt
lsblk:
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
nvme1n1 259:3 0 465,8G 0 disk
├─nvme1n1p1 259:4 0 334,8G 0 part
├─nvme1n1p2 259:5 0 61M 0 part
├─nvme1n1p3 259:6 0 130,5G 0 part
│ └─nvme1n1p3_crypt 253:0 0 130,5G 0 crypt
│ ├─CryptLVM-root 253:1 0 46,6G 0 lvm
│ └─CryptLVM-home 253:2 0 83,9G 0 lvm
└─nvme1n1p4 259:7 0 415M 0 part
If the LV are not already open, get the LVG name and activate them:
$ pvs
PV VG Fmt Attr PSize PFree
/dev/mapper/nvme1n1p3_crypt CryptLVM lvm2 a-- <130,45g 0
$ lvchange -ay CryptLVM
$ mkdir /target
$ mount /dev/mapper/CryptLVM-root /target
$ mount /dev/nvme1n1p4 /target/boot
$ mount /dev/nvme1n1p2 /target/boot/efi
$ mount --rbind /dev /target/dev
$ mount --rbind /sys /target/sys
$ mount --rbind /proc /target/proc
Chroot into system:
$ chroot /target
lsblk:
nvme1n1 259:3 0 465,8G 0 disk
├─nvme1n1p1 259:4 0 334,8G 0 part
├─nvme1n1p2 259:5 0 61M 0 part /boot/efi
├─nvme1n1p3 259:6 0 130,5G 0 part
│ └─nvme1n1p3_crypt 253:0 0 130,5G 0 crypt
│ ├─CryptLVM-root 253:1 0 46,6G 0 lvm /
│ └─CryptLVM-home 253:2 0 83,9G 0 lvm
└─nvme1n1p4 259:7 0 415M 0 part /boot
Paths from within chroot. Exact config is dependent on the system. Read the documentation. The following is just for reference.
/etc/default/grub - Docs: Configuring the boot loader
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
GRUB_CMDLINE_LINUX="cryptdevice=UUID=4bb29b56-6a1e-48f4-901e-d95374a775ca:cryptlvm rd.luks.uuid=4bb29b56-6a1e-48f4-901e-d95374a775ca rd.lvm.lv=CryptLVM/root root=/dev/mapper/CryptLVM-root rootfstype=ext4 rootflags=rw,relatime"
GRUB_ENABLE_CRYPTODISK=y
# GRUB_DEFAULT=saved
# GRUB_SAVEDEFAULT=true
/etc/crypttab - Docs: /etc/crypttab
nvme1n1p3_crypt UUID=4bb29b56-6a1e-48f4-901e-d95374a775ca none luks,discard
/etc/fstab
/dev/mapper/CryptLVM-root / ext4 errors=remount-ro 0 1
UUID=bac2547f-f7f7-498a-87df-e60676b9df19 /boot ext4 defaults 0 2
UUID=B320-DE26 /boot/efi vfat umask=0077 0 1
/dev/mapper/CryptLVM-home /home ext4 defaults 0 2
Follow this answer: https://askubuntu.com/a/696653
$ grub-install --target x86_64-efi --boot-directory=/boot --efi-directory=/boot/efi
$ grub-mkconfig -o /boot/grub/grub.cfg
$ exit
$ umount -rl /target
$ reboot