1

I have an laptop running 22.04 LTS with encrypted ZFS that won't boot. The system doesn't ask for a passphrase like it used to, it now drops to an initramfs prompt with:

Key load error: Failed to open key material file: No such file or directory

Command: mount.zfs -o zfsutil rpool/ROOT/ubuntu_XXXXXX /root//
Message: zfs_mount_at() failed: encryption key not loaded
Error: 2


Failed to mount rpool/ROOT/ubuntu_XXXXXX on /root//.
Manually mount the filesystem and exit.


BusyBox v1.30.1 (Ubuntu 1:1.30.1-7ubuntu3.1) built-in shell (ash)
Enter 'help' for a list of built-in commands.


(initramfs) _

The kernel that won't boot is 6.12.10-76061203-generic. My workaround is to boot 5.15.0-67-generic with GRUB: Luckily that one still works.

With the working 5.x kernel I get a prompt: "Please unlock disk keystore-rpool" at the graphical splash screen. I enter the passphrase and the boot continues as expected.

While booted to the 5.x kernel, I tried to fix the 6.x kernel like so:

sudo update-initramfs -d -k 6.12.10-76061203-generic
sudo update-initramfs -c -k 6.12.10-76061203-generic

but that didn't help. I think that worked for me in the past, so I'm not sure what changed.

zfs get keystatus,keylocation bpool rpool shows:

NAME   PROPERTY     VALUE                                  SOURCE
bpool  keystatus    -                                      -
bpool  keylocation  none                                   default
rpool  keystatus    available                              -
rpool  keylocation  file:///run/keystore/rpool/system.key  local

Should that rpool keylocation be changed to prompt? That's how another computer I have is set up--it also uses only ZFS along with full-disk encryption. I don't remember how I initially installed Ubuntu on either machine though, and I'm afraid to change rpool keylocation and make my laptop unbootable.

Adam Monsen
  • 2,161

1 Answers1

0

This post may contain helpful information:

How to mount an encrypted Ubuntu 20.10 ZFS file system from an Ubuntu live CD?

$ sudo cryptsetup open /dev/zvol/rpool/keystore zfskey

You may need to make sure the kernel options are configured for booting ZFS.

enuentry 'Ubuntu 25.04' --class ubuntu --class gnu-linux --class gnu --class os ${menuentry_id_option} 'gnulinux-rpool/ROOT/ubuntu_o2wv5p-6.14.0-15-generic' {
    recordfail
    load_video
    gfxmode ${linux_gfx_mode}
    insmod gzio
    if [ "${grub_platform}" = xen ]; then insmod xzio; insmod lzopio; fi
    insmod part_gpt
    insmod zfs
    search --no-floppy --fs-uuid --set=root d3f2aface3853e8a
    linux   "/BOOT/ubuntu_o2wv5p@/vmlinuz-6.14.0-15-generic" root=ZFS="rpool/ROOT/ubuntu_o2wv5p" ro quiet splash intel_pstate=enable crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M ${vt_handoff}
    initrd  "/BOOT/ubuntu_o2wv5p@/initrd.img-6.14.0-15-generic"
}

I don't think changing your keystore to prompt will fix your issue, as the system is currently using a file based key. once you have the key, you could change it, but you would probably have to reinstall to not use the LUKS partition and go with native ZFS encryption.

Thystra
  • 363