Decrypt and mount LUKS disk from GRUB rescue mode
I am running a Linux installation with an encrypted boot partition using LUKS and GRUB. From time to time I enter the wrong password to GRUB which dumps me into grub rescue mode. There is no help, nor any tab completion to get when in that prompt, so you better know your way around. The only other option, which may actually be faster, is to reboot to get another shot. Anyway, here’s how to open a LUKS volume from grub rescue mode and continue booting without rebooting.
Start out by entering an invalid password to GRUB bootloader
Welcome to GRUB! Attempting to decrypt master key... Enter passphrase for hd0,gpt2 (<disk uuid>): error: access denied error: no such cryptodisk found. error: disk `cryptouuid/<disk uuid>` not found. Entering rescue mode...
List all devices found (out of curiosity)
grub rescue> ls
Mount the encrypted /boot partition (as attempted from the start). I know that partition number 2 on the first (and only) disk is mine, hence
grub rescue> cryptomount (hd0,gpt2)
If you want to specify a UUID instead, use the
-u option to cryptomount.
Try to enter the correct passphrase
Attempting to decrypt master key... Enter passphrase for hd0,gpt2 (<disk uuid>):
Output on success:
Slot 3 opened
Load the module for normal boot
grub rescue> insmod normal
Boot normally as GRUB tried to do at first
grub rescue> normal
Now you should be taken to the next step in the boot process, which in my case is the GRUB OS selection menu. Works for me!
The rescue shell does not have a whole lot of commands. It doesn’t even have a
help command. For some more information about the available functions, consult
the GRUB manual section for “Commands” and
the subsection “GRUB only offers a rescue shell”.