Interrupt the boot process

During the boot process of any computer, you must transition from a firmware (UEFI or BIOS) process to the loading of a kernel, and then finally to the user environment. When booting a POSIX system, you can choose to interrupt the boot process to adjust settings or even to log in using a chroot environment. This is a useful troubleshooting and maintenance technique, but it's also the reason it's so important to utilize full disk encryption when installing your OS. When a drive is encrypted, nothing on the drive is accessible without your passphrase, even from a pre-boot environment. Assuming you do have the passphrase to decrypt your drive, you can interrupt the boot process of a Linux system, and access the drive without booting into a full operating system.

GRUB

The hand-off from firmware to boot loader ends in the grand unified bootloader (GRUB) screen. GRUB is a text menu allowing you to select which operating system and which kernel version you want to boot into. By default, it assumes you want to boot to the latest version of Linux installed on the machine. However, it also provides you the ability to modify how you want to boot the OS.

GRUB menu [IMG]

To prepare your computer to have its boot process interrupted, press **e** on your keyboard when you see the GRUB startup screen. This reveals the boot parameters assigned to the default menu selection.

load_video
set gfx_payload=keep
insmod gzio
linux ($root)/vmlinuz-x.y.z-aa.el9.x86_64 root=/dev/mapper/rhel-root ro resume=\
/dev/mapper/rhel-swap rd.lvm.lv=rhel/boot rd.lvm.lv=rhel/swap rhgb quiet
initrd ($root)/initramfs-x.y.z-aa.el9.x86_64.img $tuned_initrd

After the string `quiet`, add the parameter `rd.break` and then press **Ctrl**+**X** to exit the parameters editor and continue booting. The `rd.break` parameter causes the initial RAM disk containing the parts of the Linux kernel required to boot to "break" in the same sense that a debugger places "break points" in an application to pause its execution. The initial RAM disk (also known as the initrd) is likely located within the encrypted portion of your hard drive, however, so before you can continue to boot, you must enter your passphrase.

Full disk encryption [IMG]

If your computer continues to boot without prompting you for a passphrase, then you have not activated full disk encryption.

Maintenance mode

Because you've instructed the initrd to break, the boot process stops in an emergency maintenance mode. If you have nothing you need to do, you can press **Ctrl**+**D** to continue booting as normal. Otherwise, press **Enter** for a minimal but interactive shell.

Disk repair

Once you're at a shell prompt, you're the root user of that machine. Your next actions depend entirely on what kind of maintenance you need to perform.

You might run a disk check on your drive using the `xfs_repair` or `fsck` command:

sh# xfs_repair /dev/sda1

Chroot

Alternately, you might need to remount the drive (it's already mounted in read-only mode to `/sysroot` as part of the boot process) to recover a password. The `remount,rw` options mount a location on a drive with *write* permissions. This can be extremely dangerous: You have full root privileges, with no guardrails, and a writable drive. The less time you spend in this mode, the better, and it should only be used in true emergencies.

sh# mount -o remount,rw /sysroot

To make the remounted drive your active environment, you must use the `chroot` command. This replaces your current `/` partition with `/sysroot`, which sets all paths to the ones you'd be used to when you log in to a system.

For instance, before a `chroot` action:

sh# which sh
which: command not found

After a successful `chroot`:

sh# chroot /sysroot
sh# which sh
/usr/bin/sh

From here, you're mostly logged in to the system. You can run commands as usual, recover files, passwords, and perform whatever maintenance you may need to do. Some conveniences are lacking. For instance, there's no `/proc` or `/sys` mounted unless you mount them yourself (`mount -t proc proc /proc`, for instance). The point isn't to make this session a fully interactive multi-user experience, though, this is maintenance mode and it's meant as a temporary environment for emergencies.

Boot

When you've finished maintenance, set a flag so that SELinux relabels the system as needed on the next boot. This isn't always strictly necessary, depending on what kind of maintenance you've done, but it's not a bad idea given that you've likely made changes to the system. Once you've done that, exit the chroot environment and then exit the shell to continue booting.

sh# touch /.autorelabel
sh# exit
sh# exit

As your compture continues to boot, SELinux relabels the system as required.

Interrupting boot

The boot process isn't meant to be interrupted, and it's rarely necessary. In times of trouble, though, this is an important troubleshooting technique. Use it wisely, and use full disk encryption to ensure that there's no interactive shell available without decryption.