Fix Fedora UEFI Boot with encrypted partitions

I recently upgraded my laptop, a Lenovo X1 Carbon 4th gen, to Fedora 32, which is still in Beta, but with just two weeks until its scheduled release, I deemed it stable enough for my purposes.

The upgrade process went smoothly and everything worked fine. I really like the new lockscreen, it looks really clean.

As usual with the beta releases, there are quite many updates and I usually run a sudo dnf upgrade once a day. I also do not really pay attention to what is actually upgraded, it is simply too much.

One of these upgrades seems to have broken my startup system. After a restart, the Grub selection did not appear at all and instead Windows started immediately. This seemed odd, so I started investigating.

First thing I did was to open the Boot selection menu of the laptop. It lists all the available boot options and still contains the Fedora entry. Selecting it resulted in nothing, instead the very same selection screen reappeared immediately. Windows could be selected and booted up without issues, so I guess that the system automatically tries all entries in order until it finds one that actually works.

My task now was to fix the issue. As this turned out to be a bit trickier due to UEFI and the fact that my Linux partitions are encrypted. Most forum entries and manual pages are considering simpler cases, where either it is not an UEFI system or where everything is unencrypted. Hence, I will list all steps to help anyone and to have a reference in case this happens again.

I started off by downloading the Fedora Media Writer and the Fedora 32 DVD ISO from the Fedora download page. It might have worked with the stable Fedora 31 release as well, but I didn’t want to take any chances. I then created a Live CD on a USB stick.

Next, I booted from the USB stick, started the Live version of Fedora, opened a terminal, made myself a superuser with the

su
command and listed all my disk partitions:

# fdisk -l
Festplatte /dev/nvme0n1: 476,96 GiB, 512110190592 Bytes, 1000215216 Sektoren
Festplattenmodell: SAMSUNG MZVKV512HAJH-000L1              
Einheiten: Sektoren von 1 * 512 = 512 Bytes
Sektorgröße (logisch/physikalisch): 512 Bytes / 512 Bytes
E/A-Größe (minimal/optimal): 512 Bytes / 512 Bytes
Festplattenbezeichnungstyp: gpt
Festplattenbezeichner: 2C4E590F-0E6F-4950-9740-F8C04BCDCC5E

Gerät             Anfang       Ende  Sektoren  Größe Typ
/dev/nvme0n1p1      2048     534527    532480   260M EFI-System
/dev/nvme0n1p2    534528     567295     32768    16M Microsoft reserviert
/dev/nvme0n1p3    567296  362516479 361949184 172,6G Microsoft Basisdaten
/dev/nvme0n1p4 998166528 1000214527   2048000  1000M Windows-Wiederherstellungsumgebung
/dev/nvme0n1p5 362516480  364613631   2097152     1G Linux-Dateisystem
/dev/nvme0n1p6 364613632  998166527 633552896 302,1G Linux-Dateisystem

We can see that the EFI partition is

/dev/nvme0n1p1
the Linux
/boot
partition can be determined by its size of 1 GB and is
/dev/nvme0n1p5
and finally the main Linux partition with all encrypted partitions is
/dev/nvme0n1p6

Next, we need to unlock the encrypted partition:

# udiskctl unlock -b /dev/nvme0n1p6

This prompts us to enter our password for decryting the partition and it provides all the logical volumes under
/dev/mapper
. In my case, the actual partitions can be accessed at
/dev/mapper/fedora-root
,
/dev/mapper/fedora-home
and
/dev/mapper/fedora-swap
, respectively.

Now we can start to mount our real Fedora installation into some directory in order to repair it. First, we need some main directory under which to mount everything:

# mkdir /mnt/root

and now we can mount all directories:
# mount /dev/mapper/fedora-root /mnt/root

# mount /dev/nvme0n1p5 /mnt/root/boot

# mount /dev/nvme0n1p1 /mnt/root/boot/efi

# mount -t proc proc /mnt/root/proc

Although this could already be sufficient, I needed to make the Wireless network from my live instance available in the environment which will be used for chroot:

# mv /mnt/root/etc/resolv.conf \

/mnt/root/etc/resolv.conf.backup<br># cp /etc/resolv.conf /mnt/root/etc/resolv.conf

Finally I could change into my prepared environment

# chroot /mnt/root /bin/bash

… and actually repair the UEFI setup:

# dnf install grub2-efi shim

# dnf reinstall grub2-efi shim

After all of this, the system should be ready to be rebooted.

I hope these steps are helpful to someone else than just me 🙂

Why 2018 won’t be the year of Linux on the desktop – again

The „Year of Linux on the desktop“ seems to be kind of a running gag. For years now, people have predicted that „this is going to be the year where Linux will win the desktop“. I (and others) think, this is not gonna happen in 2018. And I also assume that it won’t happen in 2019.

Before I start my rant about the reasons, let me state a few things. When I say „Linux„, I mean any Linux distribution out there. Fedora, Ubuntu, Arch – you name it. Also: I am a big fan of Linux myself. I’ve been using it since the days of Debian 2.something around 1998, and RedHat/Fedora has been my main desktop (and laptop) operating system for more than 15 years now. By all means I am a huge fan of the whole idea of Linus’s work and everything around it. Nevertheless, I don’t see it going anywhere further on the desktop.

Secondly, the reason for me writing about it now is the continuing dissatifaction around Apple and macOS (aka OS X). At work, I use a MacBook Pro with Retina display and I like the combination of hard- and software! But I hear many colleagues complaining about the ever-increasing price tag on the hardware. For their private hardware, quite a few are switching back to non-Apple choices. I for myself bought a Lenovo X1 Carbon instead of a MacBook Pro, only because of the price. And the experiences with Linux on this machine made me realize, why Linux is not working for the masses.

Here is an unsorted list of reasons which I think are at least part of the reason, why not even 2018 will be the year of Linux on the desktop. „Why 2018 won’t be the year of Linux on the desktop – again“ weiterlesen

Da ist das Ding!

Endlich ist es da, mein neues Handy! Ein HTC Desire, brandneu und mit Android. Sozusagen ein besseres iPhone 🙂
Natürlich hat es so seine Macken, aber insgesamt muss ich doch sagen, dass ich beeindruckt bin. Ich habe jetzt Verständnis für Leute, die ein iPhone haben wollen. Obwohl das Desire nur halb soviel kostet und auch noch echtes Multitasking hat (und Linux) – die grundsätzlichen Funktionalitäten eines solchen Smartphones sind tatsächlich klasse. Verglichen mit meinem E75, das ich vorher hatte macht das Surfen im Internet viel Spaß, auch der E-Mail-Client (dank dem Market gibt es da ja eine große Auswahl) ist sehr viel besser als der des Symbian-basierten E75.
Das Stichwort ist ja gerade schon erwähnt worden: Apps. Apple hat da als Vorreiter definitiv eine geniale Idee gehabt. Der „Market“, wie das Ding bei Android heißt, bietet mit angeblich über 60.000 Programmen für so ziemlich jedes Problem eine Lösung. Verschiedenste E-Mail-Programme, verschiedene Kalender-Widgets, Tools für so ziemlich jeden Anwendungsbereich …

Insgesamt: Ich bin happy, die Investition war es auf jeden Fall wert!