Hello World !

I know, I know, they all say "I didn't do it", but I swear on Muprhy's grave that all I noticed was that my sound wasn't working no more, so I played around a bit with the KDE settings to fix it.
Then after the next reboot my encrypted XFS logical partition is no longer mountable, no matter what I try.

So I create a rescue CD with gparted and look around a bit with it - BAD MISTAKE.

Running the xfs utils totally scrambles my MBR and all seems lost.
But I've already been infected with the Linux geek virus and actually manage to restore most of my partition info via gparted, fdisk and dd - next thing I have to start wearing glasses

But now my remaining problem is twofold.
First, I lost whatever info caused GRUB to load and now all I can do is boot straight into my Windoze partition.
My layout is primary Windoze part, Linux SWAP and then the rest is "hidden" in one extended partition.
One partition with my Linux kernel & progs on it and then one encrypted data partition with XFS, all located within my extended partition.

I'm truly at a loss on how to get GRUB back w/o causing any more damage to my Linux partitions - so far they all seem to be there as I can mount at least my kernel partition OK in the gparted CD.

But my encrypted XFS partition made a big dissapearance act, as that used to be formated with ReiserXF, and now gparted insisted on marking the whole extended partition as ReiserXF.
I can not list any of the logical drives contained in there, much less change their file system type.

So how can I get GRUB back to manage by boot options and how can I access/rescue my encrypted logical XFS partition?

Thankz for any help with this one.

You need to be able to figure out what your partition table looked like before you didn't do anything

There may be some utilities that go through the drive and figure this out but I always tell anyone who will listen to keep printed snapshots of fdisk -l somewhere safe. If you have that, you can use fdisk to rebuild the partition table manually if you need to. If you can't figure out how to straighten out the partition table then nothing else matters.

If you can fix your partition table, then you can use a Linux live CD, chroot to your root partition and then you will be running as if you booted your system normally (pretty much but not exactly). Then install grub from the menu.lst and you should be ok.

Here is a howto for recovering partition tables:
http://tldp.org/HOWTO/Partition/recovering.html

That will only work for ext2/3.
Try testdisk - great piece of work.

Hi Folks !

Unfortunately none of the many disk repair tools I tried is able to handle the fact that I got more than one logical drive in my extended partition.
They all insist to turn my extended partition into one big ReiserFS drive.
Yet I had one boot and my encrypted(!) Data file system stored in that extended partition.

Now I am able to access my boot file system from the Windows partition with a data resuce tool.
When I go into the /boot dir I find a bunch of 512byte long files, among them backup_mbr, boot and grub.
They all have the same time stamp and I wonder if any of them can be used to restore my originel MBR (and the main partition table) with it?
And if yes, which one?

And finally, my biggest worry is the encrypted XFS file system.
How does that encryption work?
I know it involves the loop device, but I can't figure out if this encrypts "only" the files or if it obscures the file system structure as well.
Meaning the decrypted FS isn't even "Visible" as a normal XFS file system anymore.
Because in that case I might not even be able to detect it with scan tools like gpart.

I believe that an encrypted partition has each block encrypted. Look for an /etc/crypto.conf file. It is what the kernel uses when you boot up. The begin and end points of the partition won't change however. With luck, it may contain the start and end sectors of the partition being encrypted. If it does, that info may be useful to reconstruct the MBR.

Were you running KDE as root when this happened? KDE shouldn't be able to corrupt the MBR.

For no audio on SuSE, it defers the audio configuration until after the installation. Running "alsaconf" and then YaST2's audio configuration will usually give you audio. After a kernel or alsa security update, you may need to repeat the process.

This article might help, however, if you can get the partition info restored you should be able to mount the partition on boot provided you didn't scramble it up with the xfs utils. If they accessed the partition through the loop device then it may be OK.

Yes, I was KDE'ing as "root" at the time - don't lecture me I know I shouldn't have.

Can u provide me a link to that article?

I was able to access all my ext3 partitions via UFS Explorer Pro.
I'm now in the process of downloading those to image files onto a safe drive.

One of my problems is that this tool found more partitions than I knew I had, so if someone could give me a hint how to put that Humpty Dumpty back together again, I'd appreciate it.

I know I had a 1GB swap, and I also found my kernel partition already.
But I also have a 25GB slob listed there that contains nothing else than a dir named after my user account with a bunch of .* config files and user profile settings in it.
And I'll be damned if I know why that takes up 25GB - or maybe its just recognized wrong?

In any case, I was able to resuce a file named "backup_mbr" from the "/boot" dir and I wonder if I could just use that to restore my old MBR.

Finally, I need a tool that allows me to re-create the XFS partition in recovery mode, meaning w/o overwritting any of the suberblock or inode structures in there.

Anyone know such a tool?

And one last thing: I remember now that I used the darn Windoze "System Restore" function just before this all started, to undo some registry changes I had made (just loading a hive in there the wrong way).
That should not have messed with the MBR, but who knows with Windoze!

Ha!

Its all still there - I was able to verify with PartEd-RescueCD that all the partitions are still there.
I needed to utilize the "DeepScan" function of TestDisk to get a full list of Partitions on the disk, gpart was way to clumsy for that with its cmd line interface.
Then I had to carefully analyze the output, as it turned out that my actual partition layout was way different than what my delluional mind had imagined.
Looking carefully for the next partition that started where the last valid one ended, I was able to piece them all together like perls on a chain.

But I'm still out of GRUB. I'm able to mount the non-LVM GRUB volume unter gparted and I can read/write and list everything in there.

But when I try to re-install GRUB via "grub-install" I receive the following error msg back:
>root@PartedMagic:~/grubme/grub# grub-install --root-directory=. --recheck /dev/sda
>Probing devices to guess BIOS drives. This may take a long time.
>The file ./boot/grub/stage1 not read correctly.
root@PartedMagic:~/grubme/grub#

I was able to check all my LVM volumes as well, so by now I'm almost certain that I can boot up Linux again as soon as I get GRUB installed once more.

I already tried the SuSE install disk, but it complains about an invalid disk setup when I try to reinstall GRUB with it.
Maybe it has problems with the same "stage1" file, which is only 512 bytes long anyway.

Unfortunately "grub-install" doesn't actually install grub. It's merely a wrapper to save you having to type the commands to update the MBR.
Don't worry about the stage1 being only one sector - that's the way it is.

If it were me, I'd re-install (as in delete completely and re-install) grub and then re-do the MBR code; via grub-install if you wish.
However I don't know the sanctioned means of doing that under Suse.

As for restoring an old MBR backup, I don't think I'd want to do that after all that messing with your partitions. The MBR contains the partition table, and the bootcode in the MBR is sensitive to the location of the boot stage files (and menu).

Now I seem to have narrowed down my final problem with re-installing GRUB with SuSE's Yast2.
My /root partition seems to have suffered some kind of subtle damage in the super block.

The partition is there, I can mount it, look around it and see all the files.
I can even manually mount it rw and write to it (but I only did very, very minute stuff there to proof thew concept).

Yet during "boot into installed OpSys" from the SuSE CD I always get the error msg that the root FS is dirty and can not be fsck'ed automatically.
Its an ext3 FS and when I try to fsck it manually I get the error msg "Bad SuperBlock" and some cryptic stuff that makes no sense to me.

Now as I said, almost all of my stuff seems to be there, but I didn't do a file by file count yet.
Yast2 of course insists on a clean FS and tries to fsck them all, and since it fails on the /root partition and then the whole screen get garbled and that's it.

By now I don't even want to manually mount the /root partition in read mode, as I'm afraid I'll damage stuff.
But how can I repair that FS while doing the least amount of damage to it?

I think the same reason prevents "grub-install" from working, but I read somewhere that "grub-install" is not the sharpest tool in the shed anyway.

So how do I fix a bad Superblock on an ext3 root partition with the least amount of damage to my beloved files?

I refuse to use Suse, but if you can run that CD as a liveCD, you can do the fsck from there. Else use something like Knoppix.
Use a backup superblock.

There is never a guarantee that fsck won't expose damage in the filesystem. Usually it'll fix things o.k., but there's always that chance.

I tried half a dozen rescue CD distros and none of them can access my root volume, because its in the LVM partition.
And now I saw that little message in the sidebar of cmd line Yast2 that tells you not to LVM the root & swap partitions.
Somehow seems to make sense to me now :-(

So I can only access my root partition when I "boot into installed OpSys" from the SuSE install CD.

Now I need a simple cmd line level tool to back up my entire partition, settings for links, access rights and all, to my USB rescue disk.
I want to use "cp", but I'm afraid I might end up missing stuff (e.g. link settings).

Does anyone know a simple command or tool (nothing that requires installation or configuration as I'm walking on thin ice in my "Bad Superblock" root partition as it is) that I can use to back up my entire root partition to then restore it properly once I recreated that partition correctly?

Latest Knoppix is LVM aware - probably just need to do pvscan, "vgchange -a y" for it to see the data.

As for the question, use "cp -a ..." - it'll get everything. I use it in preference to disk imaging for moving partitions around.