Disk Encryption not working on recent neon iso's but is working on older images?

Disk Encryption not working on recent neon iso’s but is working on older images?

When I installing neon using the following iso images with disk encryption I’m unable to boot into the system.
neon-user-20231221-0716.iso
neon-user-20240104-0715.iso
neon-unstable-20240107-1119.iso

I’m quite sure that I am entering the right password as I get the message slot 0 open but then I get a message stating that the password is not correct or an option is the cause. Then I get a message that the max tries has been exceeded.
Though I don’t get this issue when installing using
neon-user-20231130-0716.iso

Any ideas?

1 Like

I have the exact same problem! Is there anywhere, where I can download an older KDE Neon install ISO, which is not broken as workaround?

You can try Distrowatch they keep torrent files for older releases of many distros.

I did have a few have a few older iso images on my HDD as I like to keep around the last four neon iso releases. Just is case, this is the first time I’ve needed to use an older image.

I can confirm that iso neon-user-20240104-0715 is broken. A fresh install with full disk encryption is not bootable.

Manually mounting the encrypted partition works, so the passphrase was correctly read and set by the installer.

Edit: I can confirm that iso neon-user-20231206-1454 works as expected.

2 Likes

For anyone wanting to still boot until this is fixed… after it drops you into the shell. Use cat /cryptroot/crypttab and take note of the luks-<uuid> partition.

Then unlock it with

cryptsetup luksOpen /dev/sda2 luks-<uuid>

and enter the password. Then run

exec run-init /root /sbin/init /root/dev/console

and the desktop should start.

2 Likes

There’s a bug report about this here: 480856 – Fresh Neon install can't boot if encryption is used (20240201-0717 iso)

Please chime in to hopefully get the devs to pay attention

2 Likes

That didn’t work for me. It kept saying that the /dev/sda2 (or /dev/sda1 in my case) didn’t exist or that I lacked permissions.

With -0715 I’m getting FAILED Failed to start Snap Daemon
and system boot freezes…

So while it is fixed for new ISOs, I didn’t want to reinstall my system. Basically what I did, from the (initramfs) prompt, I booted manually

cryptSetup luksOpen /dev/nvme0n1p2 luks-<the uuid>`

Make sure to adjust the /dev partition to your drive. And more importantly: make sure the luks- you name it matches up with what your crypttab says your root drive should be! Then boot through (exec run-init or something)

Once booted up, put the Calamares config [1] neon now uses into /usr/share/initramfs-tools/hooks/

Then regenerate your initramfs sudo update-initramfs -u. Pay attention that there is no cryptsetup: WARNING: target ... is not found in /etc/crypttab. If there is, you probably mistyped your luks- above or it doesn’t match up or an encrypted partition you have wasn’t set up properly.

If there are no warnings of the sort, try rebooting. (This message is proudly presented to you by a working neon installed with three weeks old ISO image fixed just this morning)

[1] calamares/src/modules/initramfscfg/encrypt_hook at calamares · calamares/calamares · GitHub

The good news is, neon-user-20240312-2344 encryption works… at least for / I could not get it working with swap also encrypted, but that could be my ignorance.