my encrypted installation doesn't boot properly!

Questions about Grub, UEFI,the liveCD and the installer
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
Meander
Level 1
Level 1
Posts: 35
Joined: Fri Mar 23, 2018 7:01 am

my encrypted installation doesn't boot properly!

Post by Meander »

How can I repair it, or copy my files for new installation?
(Cinnamon x64, latest)
Last edited by LockBot on Thu Oct 19, 2023 10:00 pm, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Cosmo.

Re: my encrypted installation doesn't boot properly!

Post by Cosmo. »

You can copy your files from inside of the crippled encrypted system, because it is unlocked in this case.

Repairing such a thing? Have fun and much luck.
haploikos
Level 1
Level 1
Posts: 20
Joined: Thu Nov 10, 2022 7:38 am

Re: my encrypted installation doesn't boot properly!

Post by haploikos »

The clever and helpful people who provide advice here will need more information from you to try and help you.

A good start would be quoting exactly any error messages you are getting, and when in the boot sequence things go wrong, what things are different to how you expect the boot to proceed, and what the end result is.

Note that if a system is not booting properly, it is often possible to boot from a USB flash memory drive and (a) manually recover data, so long as you know the encryption password/passphrase; and (b) remedy whatever is causing the boot to fail in the first place.
Meander
Level 1
Level 1
Posts: 35
Joined: Fri Mar 23, 2018 7:01 am

Re: my encrypted installation doesn't boot properly!

Post by Meander »

It boots up to a blank and full of errors about applets, desktop. I will reinstall but my encrypted home directory is not accessible, I boot with CD and cant access to home dir,
I click on ecryptfs-mount-privatr.desktop but get "This is disabled due to security consideration"
Cosmo.

Re: my encrypted installation doesn't boot properly!

Post by Cosmo. »

The known trouble of encryption.
I do not know an advanced user who uses a system or home encryption. Really sensible data should get stored either on an external drive or in an encrypted container.

Nobody can help you to break the existing encryption. If this would be possible, encryption would not be worth to get mentioned at all.

Besides that: Every data, which is not regularly backed up, is supposed to be superfluous data. I have the suspicion, that you only have superfluous data. So why care about them? In case you have a backup you can simply install the system new.
User avatar
MikeNovember
Level 7
Level 7
Posts: 1965
Joined: Fri Feb 28, 2020 7:37 am
Location: Nice, Paris, France

Re: my encrypted installation doesn't boot properly!

Post by MikeNovember »

Hi,

It is useless, and risky, to encrypt the system.

To fully encrypt your home is also risky (in your home, there are configuration files; if unavailable because of wrong encryption, your computer will not work well).

You can install your system without encryption, then use Veracrypt, https://veracrypt.eu/en/ to create an encrypted container in your home, in which you will put your most sensitive files.

If you just want to reinforce the control access to your computer you can:
- set your EFI / BIOS to ask for a user password, and to ask for a different password (admin one) to edit EFI / BIOS content,
- protect your GRUB with a password, see https://fostips.com/password-protect-gr ... enu-linux/

If your computer is a desktop, you can also put disk on a caddy, remove caddy after shutdown, and put caddy in a safe.

If your computer is a laptop, you can also put the whole desktop in a safe after shutdown.

If you are an activist, journalist, whistleblower, cryptocurrency user etc. you can use Tails, https://tails.boum.org, on an USB key. Tails is a live ISO, that you can install on a bootable USB key; it is fully based on encryption and uses Tor network for anonymity. You can create with Tails an encrypted container on the USB key, where you can save what you want.

Regards,

MN
Last edited by MikeNovember on Fri Apr 21, 2023 2:58 am, edited 3 times in total.
_____________________________
Linux Mint 21.3 Mate host with Ubuntu Pro enabled, VMware Workstation Player with Windows 10 Pro guest, ASUS G74SX (i7-2670QM, 16 GB RAM, GTX560M with 3GB RAM, 1TB SSD).
Meander
Level 1
Level 1
Posts: 35
Joined: Fri Mar 23, 2018 7:01 am

Re: my encrypted installation doesn't boot properly!

Post by Meander »

data was not Important at all, but I didn't know this.
Thanks, I will be causious next time.
Cosmo.

Re: my encrypted installation doesn't boot properly!

Post by Cosmo. »

Meander wrote: Thu Apr 20, 2023 7:47 am data was not Important at all
In this case I wonder especially, why you encrypted unimportant things. Curiosity? Follow the suggestion by MikeNovember.
Meander
Level 1
Level 1
Posts: 35
Joined: Fri Mar 23, 2018 7:01 am

Re: my encrypted installation doesn't boot properly!

Post by Meander »

The default installation process is encryption isn't it?
The good thing is nobody would be able to see your browsing, desktop, download, etc. and I make a bckup online for real important stuff.
Cosmo.

Re: my encrypted installation doesn't boot properly!

Post by Cosmo. »

Meander wrote: Thu Apr 20, 2023 8:17 am The default installation process is encryption isn't it?
No.
Meander wrote: Thu Apr 20, 2023 8:17 am The good thing is nobody would be able to see your browsing, desktop, download, etc. and I make a bckup online for real important stuff.
A typical misunderstanding. As soon as you are logged in, your system is as good or as bad visible from the outside as an not encrypted system. You are not the first one, who stepped into this trap. If an attacker should find a way for directly accessing your drive online (very(!) unlikely), the encryption will not give you the least amount of protection.

Encryption means, that as long, as you are not logged in, the drive is unreadable, for example from a live system. And exactly there is the problem: In case of trouble you have nothing than a drive with bits and bytes without any meaning for anybody (inclusive yourself).
haploikos
Level 1
Level 1
Posts: 20
Joined: Thu Nov 10, 2022 7:38 am

Re: my encrypted installation doesn't boot properly!

Post by haploikos »

Encryption makes 'data at rest' inaccessible to people who do not have the encryption key. The encryption key is usually generated from a password or passphrase.

This means that so long as your computer is not powered up in some way (and that includes when it is 'sleeping', when the RAM is still powered to preserve its contents), then the data is inaccessible. So, if your computer is lost or stolen, or otherwise removed from your possession, the data is inaccessible to people, unless you tell them your encryption password. In these days of identity theft, this can be a useful protection,

However, when the computer is operating, you will have already entered your encryption password, and the computer holds this in memory (RAM) so that it can decrypt the data held on the computer's long term storage devices. A 'hacker' who has access to your computer, or a malicious program, will be able to gain access to the encryption key held in memory. So encryption 'protects' your data while the computer is turned off, but does little to protect it when it is turned on once someone has entered the encryption password and the encryption key is accessible.

Microsoft Windows systems routinely encrypt their contents using Bitlocker encryption, and make the process relatively painless. Systems running Linux can be configured in many ways to encrypt some or all of their contents, but the set up is more complicated. Windows gives less choice, but is relatively simpler to set up, Linux gives you more options.

Two of the options that Linux enables are so-called 'Full Disk Encryption' (LUKS), and 'filesystem encryption' (fscrypt/eCryptfs). My understanding is that filesystem encryption, as implemented by Ubuntu and Mint, is more difficult to deal with if things go wrong, whereas if you put your data (which is usually held under /home) on a separate partition and encrypt that partition using 'Full Disk Encryption' (LUKS), so long as you remember your encryption password, you can replace the operating system, recover from backups and so on with relative ease.

It looks like you have ended up using eCryptfs filesystem encryption. I don't use this, and have no experience with it, so I can't help you recover: but it looks like you had no important data saved (which is good).

If you decide you do want to investigate encryption of your data (which, in my opinion, is a good thing), then I suggest that, if you have the time, you try building some test set-ups that don't contain any data that matters and make sure you understand what is going on. Once you get your head around the basic concepts, it is not difficult (you don't need to be a 'rocket surgeon'). The important thing is not 'how to get it working', but 'how to recover when things go wrong'. I would gently suggest to not trust any valuable data to encryption until you have a thorough understanding, including encryption of backups and how to recover.

You've made a good choice to look at Linux Mint, so I hope you carry on.
Meander
Level 1
Level 1
Posts: 35
Joined: Fri Mar 23, 2018 7:01 am

Re: my encrypted installation doesn't boot properly!

Post by Meander »

I use Linux Mint for many years now and totally comfortable with it.

I was trying to experience with this kindda encryption and encrypted seperate Home dir in installation. Unfortunately didn't have time to investigate the recoverying scenario and reinstalled.

But encryption is much safer than none, if your file are always accesible to you with password.
I was getting disk errors and thought my HDD was broke, is it something prevalent for encryption?
Is there any proceture for recoverying next time?
Cosmo.

Re: my encrypted installation doesn't boot properly!

Post by Cosmo. »

The procedure is to backup your user data (seems to be not relevant in your case) and install new.

But before you do this, the disk error problem must get solved. This deserves a new topic.
Locked

Return to “Installation & Boot”