Hardware: Framework 16
OS: Fedora 40, 41 and 42, Kernel 6.13, 6.14 and 6.15
After updating Fedora to both 41 and 42, which entailed kernel updates to 6.14 and 6.15, the system fails to boot with a “VFS unable to mount root filesystem on unknown block” kernel panic. This occurs before the encryption password prompt appears. This appears to be a recurring issue with Fedora kernel updates on encrypted systems, particularly during major version transitions.
I don’t fully understand how or why this is happening, but I wanted to share how I fixed it so that people who understand the kernel can fix it upstream.
- Boot into a working older kernel
- Add cryptographic drivers for dracut to the most recently installed kernel:
sudo dracut -f --add-drivers="dm-crypt aes" --kver $(rpm -q kernel | sort | tail -n 1 | sed 's/kernel-//')
- Reboot and select the newer kernel from GRUB menu
- System should now prompt for encryption password and boot normally
Claude’s theory is that “the newer kernel’s initramfs is missing the necessary crypto modules (dm-crypt and aes) required to handle encrypted filesystems during early boot”. This seems to be supported by some stuff I’ve found:
- Fedora DEAD after Kernel 6.15.3-200 update
- Fedora documentation on debugging dracut
- I think this is the Bugzilla post of this problem, which contain a bunch of other links to people having this problem
Hope this helps someone!