No fun (or luck) with LUKS

Voluntary · October 11, 2025, 12:11am

I’m paying the price for not taking extra precaution with LUKS… Very soon after getting my Librem14 I installed Ubuntu over PureOS. I used the default encrypted partition option offered by the install and never had a problem with it - I barely gave it a second thought. I also failed to research any typical measures to help with restoration in the event of file system corruption etc.

About a month ago I was happily browsing when the browser did something odd - as I switched from tab to tab they were all empty. I assumed I’d suspended the session too many times so I attempted to power down - it seemed like there was no response to that action. I might have waited 20 seconds before forcing a shutdown by holding down the power button. The system failed to restart. I think there was a firmware generated message about SMART something… Booting from an Ubuntu Live USB and using the Disks utility I am still presented with a partitioned device and I can unlock the LUKS container - but that only reveals an unknown partition type. I searched for and attempted to follow recovery instructions but may have made the situation worse.

Last week I salvaged the internal storage device from my (quite worse for wear) Librem 13 and did a fresh install of Ubuntu (24.04.03) - again opting for the encrypted partition option. All was well until I booted a TailsOS live USB (v7) and naively attempted to unlock the internal LUKS partition and mount the Ubuntu filesystem within. LUKS seemed to unlock but attempting to mount the filesystem didn’t work. I didn’t think anything of it - I just finished my Tails session and attempted to reboot into Ubuntu - the boot sequence doesn’t even get as far as the LUKS password prompt. Booting from the Ubuntu live USB and using the Disk utility shows the internal storage is still properly partitioned and I can successfully unlock the LUKS container but again the revealed partition is unrecognised.

Can anyone recommend better recovery software and / or instructions?
I’m also more than willing to pay for professional help - for data recovery but maybe also for mental recovery… Can anyone recommend such a service? I’m in Mexico City but I’m planning a trip to the States before too long.

JCS · October 11, 2025, 12:15am

What error(s) did you encounter when attempting to mount the unencrypted filesystem from within a live desktop environment?

What instructions did you follow? What got worse? Do you have/recall any error(s) you encountered?

Voluntary · October 11, 2025, 7:02pm

Thank you for responding. This issue really consumed my thoughts for the first few weeks but now I feel burned out - it’s been overwhelming to be abruptly unable to access my files and certain online accounts - such as Facebook. I guess this is the digital equivalent of going cold-turkey…

Concerning the first instance… To be honest, my approach at the start was pretty frantic - I tried a number of how-to instuctions… But this one may actually have started to work - https://kollitsch.dev/blog/2023/patrick-vs-the-bad-super-block/ I looked away from the screen for a couple of minutes, when I looked back it was full of weird numbers - quite unlike the initial progress display. I panicked and interrupted the command with Ctrl-C - that’s why I think I made the situation worse.

Concerning the more recent second instance… When I attempted to mount the unencrypted filesystem from within TailsOS it appeared as if the Disks untility hung - the operation simply didn’t complete.

irvinewade · October 13, 2025, 12:47am

The importance of this message depends on whether it was just an informational message or it was an error message. SMART as an error message could indicate a failing or failed disk and that could make recovery difficult or impossible.

I think the general recommendation in the scenario that you present is

don’t do anything with the problematic disk i.e. shutdown and leave it, except that
you or a professional should attempt to image the problematic disk isolated from the original computer, and then
seek professional help.

Voluntary · October 13, 2025, 4:41pm

Thank you. I know it’s not such a big deal these days but, currently, I’m going to have difficulty trying to image this partition - it’s almost 1TB…

btw I just got some feedback from a friend of a friend (with an IT background) here in Mexico City - is he correct to think that the TPM chip will complicate data recovery? (C&P of his message)

It’s a bit complicated.
First, if the laptop has a TPM chip, the drive can’t be opened on another machine to recover the data. If it’s only disk encryption and you have the key, then it’s possible to connect the drive to another computer and try to recover the files.

However, there’s another issue — since some recovery operations were already interrupted, that probably damaged any remaining recovery options. At this point, the best option is to use a professional data recovery service, as they have the right tools and experience for cases like this.

It’s not a good idea to keep experimenting with free tools, especially after the disk has already been handled manually. Even the license for specialized recovery software costs around $679.95, and if everything started with a reboot, there’s a good chance the disk has deeper issues than just a lost partition — which professional services are better equipped to handle.

The original goal should’ve been to recover, not to repair. The right approach would have been to connect the drive to another computer, extract the data, and then reformat it for a clean reinstall to check for hardware damage.

irvinewade · October 13, 2025, 10:05pm

I don’t think so but I don’t have experience with your specific set up. Looking at LUKS on PureOS on the Librem 5 … the LUKS partition mounts just fine on another computer. As long as you can unlock at least one slot, typically by knowing the LUKS passphrase, it works. So I would guess that

If it’s only disk encryption and you have the key, then it’s possible to connect the drive to another computer and try to recover the files.

covers it.

So just to clarify, when I wrote

image the problematic disk isolated from the original computer

that means for me typically: physically remove the disk from the original computer, put it in an enclosure (usually USB), and attach it to a working computer.

In some cases you may have another working computer that allows two internal disks (of an appropriate type), in which case you can bypass the use of an enclosure if you wish.

The text that you quote kind of covers both configurations / approaches.

You do that immediate image so as to preserve the disk exactly as it is immediately post the disaster in case your efforts to repair make things worse rather than better - and to allow the rescue of selected current files even if the overall disk cannot be recovered and has to be restored from a potentially old backup.

As an aside, I would image the entire disk, not just one partition.

As a further aside, the truth of which you are now appreciating, if you want to have N TB of active storage then you need to afford and own at least 3×N TB of storage in total because you need to be imaging it as part of a backup regime and you should cycle between at least 2 backup copies, in case something goes horribly wrong during the carrying out of one backup.

Regardless of anything written in this topic so far … I think you are definitely at the stage of seeking professional help.