Cannot boot from encrypted USB key

Questions about Grub, UEFI,the liveCD and the installer
Forum rules
Before you post please read how to get help
Post Reply
sunseeker2k5
Level 1
Level 1
Posts: 2
Joined: Fri May 25, 2018 2:57 pm

Cannot boot from encrypted USB key

Post by sunseeker2k5 » Fri May 25, 2018 3:11 pm

I have Linux Mint 18.3 Sylvia and my boot device is a USB key. I have FDE on it and it doesnt want to boot anymore.
error : attempt to read or write outside of partition.

I have access to another 18.3 installation so I was able to run some analysis :

/dev/sdb1 37C0-CE76 vfat
/dev/sdb2 21b6eb0c-48f5-420f-a9b7-8dd0500eb608 ext2
/dev/sdb3 24010ad3-1a36-4f2d-8510-221a8ef78324 crypto_LUKS

lrwxrwxrwx 1 root root 9 May 25 20:25 usb-Kingston_DT_HyperX_3.0_20CF30E11827BF11020A1DFB-0:0 -> ../../sdb
lrwxrwxrwx 1 root root 10 May 25 20:25 usb-Kingston_DT_HyperX_3.0_20CF30E11827BF11020A1DFB-0:0-part1 -> ../../sdb1
lrwxrwxrwx 1 root root 10 May 25 20:25 usb-Kingston_DT_HyperX_3.0_20CF30E11827BF11020A1DFB-0:0-part2 -> ../../sdb2
lrwxrwxrwx 1 root root 10 May 25 20:25 usb-Kingston_DT_HyperX_3.0_20CF30E11827BF11020A1DFB-0:0-part3 -> ../../sdb3

GPT fdisk (gdisk) version 1.0.1

NOTE: Write test failed with error number 30. It will be impossible to save
changes to this disk's partition table!

Partition table scan:
MBR: protective
BSD: not present
APM: not present
GPT: present

Found valid GPT with protective MBR; using GPT.

sudo parted -l

Warning: Unable to open /dev/sdb read-write (Read-only file system). /dev/sdb
has been opened read-only.
Model: Kingston DT HyperX 3.0 (scsi)
Disk /dev/sdb: 63,3GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:

Number Start End Size File system Name Flags
1 1049kB 538MB 537MB fat32 EFI System Partition boot, esp
2 538MB 1050MB 512MB ext2
3 1050MB 63,2GB 62,2GB

sudo fdisk -l

GPT PMBR size mismatch (123469823 != 123600895) will be corrected by w(rite).
Disk /dev/sdb: 59 GiB, 63283658752 bytes, 123600896 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: B7305271-B244-4B51-8967-DFCFA72C7E23

Device Start End Sectors Size Type
/dev/sdb1 2048 1050623 1048576 512M EFI System
/dev/sdb2 1050624 2050047 999424 488M Linux filesystem
/dev/sdb3 2050048 123467775 121417728 57,9G Linux filesystem

I would appreciate some help as I couldn´t repair it with bootrepair and I am too new to Linux to know to proceed.

Thank you
Sunseeker2k5

fabien85
Level 6
Level 6
Posts: 1285
Joined: Tue Mar 11, 2014 4:30 pm

Re: Cannot boot from encrypted USB key

Post by fabien85 » Fri May 25, 2018 5:20 pm

sunseeker2k5 wrote:
Fri May 25, 2018 3:11 pm
Warning: Unable to open /dev/sdb read-write (Read-only file system). /dev/sdb has been opened read-only.
Looks like your USB has worn out and is now read-only.
If I'm correct, you can only backup the data that was there, and then buy another USB to reinstall your system on it.
You could take the occasion to buy one of these new stick-sized SSDs. They are more expensive than USB, but they are real SSD, so with the same lifetime.

sunseeker2k5
Level 1
Level 1
Posts: 2
Joined: Fri May 25, 2018 2:57 pm

Re: Cannot boot from encrypted USB key

Post by sunseeker2k5 » Sat May 26, 2018 12:54 am

Thank you for the answer. The USB key is fairly new (3 months old) but if it´s worn out then it is what it is.

How can i backup the data on it ? and most importantly how do I get to the data since it is encrypted ?

When i try to mount it on another mint machine i can still see the unencrypted partitions (GRUB) just fine, but when trying to mount the encrypted one I get :
Error unlocking /dev/sdb3: Command-line `cryptsetup luksOpen "/dev/sdb3" "luks-24010ad3-1a36-4f2d-8510-221a8ef78324" --readonly' exited with non-zero exit status 1: Device /dev/sdb3 is not a valid LUKS device.

Thank you for the advice in advance
Sunseeker2k5

Mute Ant
Level 13
Level 13
Posts: 4791
Joined: Tue Sep 03, 2013 7:45 pm

Re: Cannot boot from encrypted USB key

Post by Mute Ant » Sat May 26, 2018 5:51 am

The symptoms are those of a drive that has developed an uncorrectable error and has switched itself internally to read-only. The normal error is running out of spare blocks to substitute for those that were defective-from-new or have worn out in service. The abnormal error is that it's a fake 64GB with only 8GB of grade-F storage. You can do a harmless writeability test by reading the boot-sector of a drive and writing it back...
sudo dd if=/dev/sdb of=/dev/sdb bs=512 count=1
If that fails the drive is genuinely read-only, set in firmware. That's not reversible without hacker-grade tools, or simply not reversible full stop. Continuous writing of new data would wear out a 64GB device in 75 days (estimate) so that's possible but improbable. I think you got a bad stick. Almost certainly using the store to run an OS disqualifies you for any warranty replacement, but it's worth asking if you are certain it's a genuine Kingston.

"...how do I get to the data..." I don't think you can. Linux doesn't see a LUKS in /dev/sdb3 so it's probably too late. Something like this is the first step to data recovery...
sudo cryptsetup luksOpen /dev/sdb3 mapper-name

...followed by something like...
sudo pvscan ### Look for LVM Physical Volumes
sudo vgscan ### Look for LVM Volume Groups
sudo lvscan ### Look for LVM Logical Volumes
sudo mount /dev/mapper/mint--vg-root /mnt ### Mount the OS root where you can see it

You are getting "/dev/sdb3 is not a valid LUKS device" at the first hurdle, so there's no hope... FUBAR in fact.
In Chapter One, Boron slays the entire Marketing Department by explaining Asynchronous Protocols.

Post Reply

Return to “Installation & Boot”