Please note that following approach works only when Linux was installed previously with a separate /home partition

This guide assumes you know how to install the Linux already. If not, please refer to previous article.

I'm using the Kali installer but steps should be same regardless the Linux flavour

Background

Story starts when I tried to get my CUDA working with a hashcat. I have installed video card drivers and tools with apt get install nvidia-driver nvidia-cuda-tools which leads to some serious issues that prevent me from logging into my installation.

I haven't found the complete guide on how to reinstall the system, leaving the /home (or simply any other) partition intact. So, whoever may want to do the same, here is what I did.

Unlock the LVM

1. Boot the system with Live CD Kali installation.

   Verify the checksum of downloaded file with the one presented on the download page

2. Boot into Rescue mode.
3. Follow through the installation the usual way.

   Can't confirm if you have to choose the same values as it was on original installation, but it shouldn't matter. Let me know in the comments if that causes some issues on you

4. On Detecting disks step, installer should detect the encrypted volume and ask you for the passphrase. Enter it.

Partitioning

1. When asked to choose root do not use any, instead click Go Back to display the installation steps.
2. Skip the Enter rescue mode and select the Partition disks step.
3. Choose the manual partitioning. Now configure mounting points as it was done before. To not lose the /home data, leave the volumes size as it is. Choose to format every partition, but do not format home.
4. Mount home partition as /home, make double sure you are not formatting it.
5. Select boot partition, choose Ext4 and /boot mount point.

   You can keep the existing data, because the encrypted volume itself does not change, only the LVM it contains.

This is how the partitioning schema looks like before changes are committed. Now continue with the installation.

Update crypttable

After the booting on fresh system, Grub won't recognize/discover the encrypted volume, and it fails booting. It can show that device is not available or simply show initramfs prompt. Reason is that installer is not updating the /etc/crypttab file - probably because during the partitioning step, we actually didn't configure the encrypted partition; it was unlocked already before we entered the partitioning screen. To fix that, perform the following steps. Original author of this is Halacs from superuser.com.

1. Boot the Live CD again, but this time actually start the Live System.

   At the time of writing default credentials are kali/kali.

2. Open terminal. Enter root shell by typing sudo su.
3. Find out what is the volume path for /boot and encrypted LVM. You will recognize file system by its size.
4. Unlock the encrypted volume.

   $ cryptsetup luksOpen /dev/sda6 gabor2-crypt
   

   If you care of naming your encrypted volume (it will be visible on passphrase prompt each boot) change the gabor2-crypt to your liking and use that name consistently during further steps.

5. After decryption, LVM content should be visible in both fdisk -l and lsblk
6. Use /mnt to mount all new system and boot partitions. You will be switching root to the /mnt later, so it is important to keep all mount points in the single folder.

   mount /dev/mapper/kali--vg-root /mnt
   mount /dev/mapper/kali--vg-home /mnt/home
   mount /dev/mapper/kali--vg-var /mnt/var
   mount /dev/mapper/kali--vg-tmp /mnt/tmp
   mount /dev/sda5 /mnt/boot
   

7. Verify that mount points are correct using lsblk
8. Now mount other critical directories, without this further commands will fail.

   mount --bind /dev /mnt/dev
   mount --bind /run /mnt/run
   mount --bind /proc /mnt/proc
   mount --bind /sys /mnt/sys
   

9. Switch the root to /mnt.

   chroot /mnt
   

   From now on, until leaving the chrooted scope, all commands are performed on the newly installed system
10. Get the UUID of the encrypted volume to write to crypttab.

    blkid /dev/sda6
    

    
11. Place these in the crypttab.

    $ nano /etc/crypttab
    gabor2-crypt UUID="f8da3b2d-c0d4-4d02-b45d-9917adf31931" none luks
    

    Please note that this is not copy-paste from previous step.

12. Update initramfs and grub.

    update-initramfs -u
    update-grub
    

    Watch out for warning messages, when device label in /etc/crypttab does not match current label of decoded LUKS. If that happen, please ensure the name in /etc/crypttab and name of encrypted volume are the same.

13. Now exit chroot scope, unmount all devices and close LUKS.

    exit
    umount -R /mnt
    vgchange -a n
    cryptsetup luksClose gabor2-crypt
    

14. Restart.

Now your system should show passphrase prompt and boot to login screen. Unfortunately, you can't login to your user because it does not exist yet on the new system.

If you are using the system that doesn't block root account password login, you can skip the next section.

Boot into root shell

1. Boot the system. Stop on GRUB loader. Highlight the "Kali" entry.
2. Press E. Search for the line starting with linux.
3. Change the ending to rw quiet init=/bin/bash. Press F10.
4. Unlock the LUKS.

Add user back

1. Add user, add to sudoers.

   useradd --no-create-home -d /home/asentinn -s /bin/bash asentinn 
   chown -R asentinn:asentinn /home/asentinn
   sudo -l -U asentinn
   passwd asentinn
   

2. Reboot. Now you can login as sudo user with your old home partition.

Additional readings

• How to dual boot encrypted Kali Linux with Windows 11
• Superuser: How can I reinstall Ubuntu focal 20.04 on an existing LUKS encrypted system?
• Superuser: No mouse/keyboard input on Linux
• chroot(1) - Linux man page