After upgrading I cannot unlock and boot from my luks encrypted disk

After an upgrade I cannot unlock my system on boot. It asks for and accepts the password but won’t let me log in because of a “Dependency” error. I tried to unlock it from Live Boot but it fails with “No such device” error.

From the terminal, I tried the following command: sudo cryptsetup luksOpen /dev/sde3 fedora --debug but got stuck with this error: device-mapper: reload ioctl on fedora (253:0) failed: Invalid argument

I noticed that the disk uses 512 byte sectors but Luks tries to use it with 4096 bytes.

fdisk:

Disk /dev/sde3: 117,65 GiB, 126329396736 bytes, 246737103 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes

luksDump:

Data segments:
  0: crypt
	offset: 16777216 [bytes]
	length: (whole device)
	cipher: aes-xts-plain64
	sector: 4096 [bytes]
...

I don’t want to format it because I have important data on it, but I don’t know what should I do next.
I couldn’t really find a working solution on the internet so I thought this is the best place to ask for help.

It looks like this error and may be caused by some problem loading the dm-crypt module, which is specifically mentioned in the Fedora documentation for setting up chroot:

sudo modprobe dm-crypt

If the issue persists, collect the full luksOpen output.

Modeprobe command does not return anything.

The error remains. I also found the gitlab discussion you linked but I don’t have the same error.

This is the error in the gitlab discussion: Command failed with code -1 (wrong or missing parameters).

And this is the error I have: Command failed with code -4 (wrong device or file specified).

Anyway, here is the full debug output:

# cryptsetup 2.4.3 processing "cryptsetup luksOpen /dev/sde3 fedora --debug"
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/sde3.
# Trying to open and read device /dev/sde3 with direct-io.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device /dev/sde3.
# Crypto backend (OpenSSL 3.0.2 15 Mar 2022 [default][legacy]) initialized in cryptsetup library version 2.4.3.
# Detected kernel Linux 5.19.0-32-generic x86_64.
# Loading LUKS2 header (repair disabled).
# Acquiring read lock for device /dev/sde3.
# Opening lock resource file /run/cryptsetup/L_8:67
# Verifying lock handle for /dev/sde3.
# Device /dev/sde3 READ lock taken.
# Trying to read primary LUKS2 header at offset 0x0.
# Opening locked device /dev/sde3
# Verifying locked device handle (bdev)
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:a8291fec73845efeb0d6b1b26e79cf6623d9b1857f7f7d81317e404575c8f2c3 (on-disk)
# Checksum:a8291fec73845efeb0d6b1b26e79cf6623d9b1857f7f7d81317e404575c8f2c3 (in-memory)
# Trying to read secondary LUKS2 header at offset 0x4000.
# Reusing open ro fd on device /dev/sde3
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:3ac473130eb32c6ddb173a7b295b7b49fd3a65284df6d082698ceee701bf472e (on-disk)
# Checksum:3ac473130eb32c6ddb173a7b295b7b49fd3a65284df6d082698ceee701bf472e (in-memory)
# Device size 126329396736, offset 16777216.
# Device /dev/sde3 READ lock released.
# PBKDF argon2id, time_ms 2000 (iterations 0), max_memory_kb 1048576, parallel_threads 4.
# Activating volume fedora using token (any type) -1.
# dm version   [ opencount flush ]   [16384] (*1)
# dm versions   [ opencount flush ]   [16384] (*1)
# Detected dm-ioctl version 4.47.0.
# Detected dm-crypt version 1.24.0.
# Device-mapper backend running with UDEV support enabled.
# dm status fedora  [ opencount noflush ]   [16384] (*1)
No usable token is available.
# Interactive passphrase entry requested.
# Activating volume fedora [keyslot -1] using passphrase.
# dm versions   [ opencount flush ]   [16384] (*1)
# dm status fedora  [ opencount noflush ]   [16384] (*1)
# Keyslot 0 priority 1 != 2 (required), skipped.
# Trying to open LUKS2 keyslot 0.
# Running keyslot key derivation.
# Reading keyslot area [0x8000].
# Acquiring read lock for device /dev/sde3.
# Opening lock resource file /run/cryptsetup/L_8:67
# Verifying lock handle for /dev/sde3.
# Device /dev/sde3 READ lock taken.
# Reusing open ro fd on device /dev/sde3
# Device /dev/sde3 READ lock released.
# Verifying key from keyslot 0, digest 0.
# Loading key (64 bytes, type logon) in thread keyring.
# dm versions   [ opencount flush ]   [16384] (*1)
# dm status fedora  [ opencount noflush ]   [16384] (*1)
# Calculated device size is 246704335 sectors (RW), offset 32768.
# DM-UUID is CRYPT-LUKS2-3f97af960d504048800c4951a2776b62-fedora
# Udev cookie 0xd4dccda (semid 1) created
# Udev cookie 0xd4dccda (semid 1) incremented to 1
# Udev cookie 0xd4dccda (semid 1) incremented to 2
# Udev cookie 0xd4dccda (semid 1) assigned to CREATE task(0) with flags DISABLE_LIBRARY_FALLBACK         (0x20)
# dm create fedora CRYPT-LUKS2-3f97af960d504048800c4951a2776b62-fedora [ opencount flush ]   [16384] (*1)
# dm reload   (253:0) [ opencount flush securedata ]   [16384] (*1)
# Udev cookie 0xd4dccda (semid 1) decremented to 1
# Udev cookie 0xd4dccda (semid 1) incremented to 2
# Udev cookie 0xd4dccda (semid 1) assigned to REMOVE task(2) with flags DISABLE_LIBRARY_FALLBACK         (0x20)
# dm remove fedora  [ opencount flush securedata ]   [16384] (*1)
# Uevent not generated! Calling udev_complete internally to avoid process lock-up.
# Udev cookie 0xd4dccda (semid 1) decremented to 1
# dm versions   [ opencount flush ]   [16384] (*1)
# dm status fedora  [ opencount noflush ]   [16384] (*1)
# Udev cookie 0xd4dccda (semid 1) decremented to 0
# Udev cookie 0xd4dccda (semid 1) waiting for zero
# Udev cookie 0xd4dccda (semid 1) destroyed
# Requesting keyring logon key for revoke and unlink.
# Releasing crypt device /dev/sde3 context.
# Releasing device-mapper backend.
# Closing read only fd for /dev/sde3.
# Unlocking memory.
Command failed with code -4 (wrong device or file specified).

Okay, upon further debugging I found out that it wasn’t the update that made the error. It’s been since I upgraded to windows 11, it has been running smoothly in dualboot with windows 10. After the windows 11 upgrade, for some reason windows put the bootloader in the Linux EFI partition. I noticed this when I was looking in the bios and saw that both Windows and Linux bootloaders are on the same disk. Now, I still don’t know what to do.

From there, I think it’s hopeless:

ubuntu@ubuntu:~$ sudo LANG=C grep -obUaP "\x4C\x55\x4B\x53\xBA\xBE" /dev/sde3
0:LUKS��

What I don’t understand is, if the header is not there, why does it unlock and how does it know if I give it the wrong password?

Hmm, looks like it’s there.

image1920×1080 257 KB

Okay. The 512 byte sector size must be the cause of the problem.

Enter passphrase for key slot 0: 
Device size is not aligned to requested sector size.
Creation of LUKS backup headers failed.

Try explicitly specifying the sector size:

sudo cryptsetup luksOpen /dev/sde3 fedora --debug --sector-size 512 

• cryptsetup-luksOpen(8) — Arch manual pages
• crypttab(5) — Arch manual pages

Thanks, I tried it and unfortunately got the same error.

Probably because 512 is the default value.

Set encryption sector size for use with plain device type. It must be power of two and in range 512 - 4096 bytes. The default mode is 512 bytes

The problem was solved with some difficulty, but it was continued here in case anyone else had a similar problem: Command failed with code -4 (wrong device or file specified) (#807) · Issues · cryptsetup / cryptsetup · GitLab