Blog

How to Mount LUKS Encrypted Drive Partitions in Linux

Failed to auto mount an encrypted partition in Linux? Don’t worry, there are several ways to manually mount a LUKS encrypted drive partition in Linux. 

There might be a chance that you are facing some problems with your computer, and to fix that you have booted your system into rescue mode using a bootable thumb drive.

Usually, if you are using a file partition system like ext4, btrfs, or xfs without any encryption, then you can easily access your root drive and mount it on the system.

But it’s not like that when you have encrypted your partition using LUKS (Linux Unified Key Setup).

Things get different if you want to mount an encrypted drive partition into your system, especially when you are not getting prompted to enter passwords for encrypted partitions.

Therefore, we have come up with another topic where you will learn how to mount and unmount encrypted drive partitions in Linux, which will also resolve the cryptLuks filesystem not found.

Mount Encrypted Partitions in Linux

If you have ever mounted a storage drive on a system, you know how simple and easy it is to mount a drive on a Linux system, but when it comes to an encrypted partition, you need to run a couple of extra commands compared to non-encrypted partitions.

Of course, if you have encrypted the partition or drive, then there has to be an additional mechanism to handle the drive.

This is all handled by LUKS, which uses the device mapper crypt (dm-crypt) as a kernel module to handle encryption at the block device level.

Install Cryptsetup

First of all, we will start this guide with the installation of the Cryptsetup utility, which is used to manage disk encryption.

Most likely, your system will have a cryptsetup.

For any reason, if it’s not available, then execute the following command according to your distributions.

$ sudo apt install cryptsetup -y                  // Ubuntu or Debian based distrbutions
$ sudo yum -y install cryptsetup                 // RHEL based derivatives

Once the installation is complete, proceed to the next section to mount the encrypted drive.

Decrypt LUKS partition or drive

If you are aware of the partition that is encrypted, then you can directly follow the mounting steps.

Some of the users may not be able to recognize exactly which partition is encrypted using LUKS.

If you are also one of them and are not able to identify the partition, then you should use the blkid command line utility tool with a combination of grep, which will show you the file system of the attached drive to your system.

Find an Encrypted Partitions

To find the device partition that uses the crypto_LUKS file system, execute the below code with the grep command to suppress any other drive information, which is unnecessary for the moment.

$ blkid | grep "crypto_LUKS"

The output of the above command

ubuntu@trendoceans:~$ blkid | grep "crypto_LUKS"
/dev/sda12: UUID="644686c7-d453-4ea2-b790-9a677a1325bc" TYPE="crypto_LUKS" PARTUUID="c6864223-c836-4931-96b2-7708bddef9801"
/dev/sda6: UUID="ed1637ef-7e4e-4506-b12d-9b9edecbd05d" TYPE="crypto_LUKS" PARTUUID="3c072d0e-7697-bcaq-4931-80b2-590b7641ab9a"

From the above output, I’m able to understand that /dev/sda12 and /dev/sda6 are encrypted, and the rest of the partitions are not encrypted.

Decrypt Partition using cryptsetup Command

After getting information about the partition, let decrypt the above partition using the below command.

$ sudo cryptsetup luksOpen /dev/sda12 encrypted_partition_12

Once you execute the above command, you will be prompted to enter the passphrase for the particular partition, and I believe you already know the passphrase.

Otherwise, you’ll be in a lock state where your only option will be to format the disk, which you and I don’t want to happen to anyone.

You will find your screen looking like the below snippet, where you just need to enter a password, and once the password is accepted, you will not get any message on the screen.

ubuntu@trendoceans:~$ sudo cryptsetup luksOpen /dev/sda12 encrypted_partition_12
Enter passphrase for /dev/sda12:

So, how do I know whether a device is decrypted or not? Simply execute the lsblk command, which will show you the virtual block name that you have set while decrypting.

According to the below output, /dev/sda12 is mapped to “encrypted_partition_12”.

ubuntu@trendoceans:~$ lsblk
NAME				MAJ:MIN		RM	SIZE	RO	TYPE 	MOUNT	
sda                   		8:0   		 0   	512G  	0 	disk
├─sda1                		8:1    		 0     	1M  	0 	part
├─sda2                		8:2  		 0   	513M  	0 	part 	/boot/efi
└─sda3                		8:3   		 0  	511.5G 	0 	part	/
 	********* SNIPPED ************
└─sda12               		8:12   		 0  	50.G  	0 	part
  └─encrypted_partition_12   	253:0  		 0  	50.G  	0 	crypt

Mount the Drive to your Desired Path

After performing the above steps, you can mount the encrypted drive on your system by running just a couple of commands.

To explain it better, let me mount /dev/sda12 on my system.

Therefore, let’s get back to the terminal window and create a mount point where you want to mount a drive or partition on your system.

I have already created a mount point in the /mnt directory by running the below command.

$ sudo mkdir /mnt/sda12_content

After that, run the other command, which will mount the encrypted partition to your desired location. Make sure to use the correct virtual block name and mount point to avoid any unknown errors.

$ sudo mount /dev/mapper/encrypted_partition_12  /mnt/sda12_content

Once the above command is executed successfully, execute the lsblk command to check the mount location.

The output of the above command. 

ubuntu@trendoceans:~$ lsblk
NAME				MAJ:MIN		RM	SIZE	RO	TYPE 	MOUNT	
sda                   		8:0   		 0   	512G  	0 	disk
├─sda1                		8:1    		 0     	1M  	0 	part
├─sda2                		8:2  		 0   	513M  	0 	part 	/boot/efi
└─sda3                		8:3   		 0  	511.5G 	0 	part	/
 	                          ********* SNIPPED ************
└─sda12               		8:12   		 0  	50.G  	0 	part
  └─encrypted_partition_12   	253:0  		 0  	50.G  	0 	crypt 	/mnt/sda12_content

That’s all for mounting encrypted partitions in Linux, and if you want to learn how to umount encrypted partitions after completion of your work, then read the next section.

Unmount and Close Encrypted Partitions in Linux

Above, you have learned how to mount encrypted partitions at a particular mount point, and we will use the same mount point to unmount the partition that is currently mounted on your system.

So, to unmount, use the below command and replace the argument data with the correct one.

$ sudo umount /mnt/sda12_content

And once the file system is unmounted, run the below command to remove the mapped device.

$ sudo cryptsetup luksClose encrypted_partition_12

Command summary

Run the following command to mount a LUKS encrypted Linux filesystem. Before that, install the Crypsetup utility from the above section and then follow the below command.

$ sudo cryptsetup luksOpen [ partition_name ] [ mapping_name ] 
$ sudo mkdir [ mount_path ]
$ sudo mount /dev/mapper/[ mapping_name ] [ mount_path ]

For unmounting and closing the LUKS file system.

$ sudo umount [ mount_path ]
$ sudo cryptsetup luksClose [ mapping_name ]

Wrap up

That’s all it takes to mount and unmount encrypted partitions on Linux.

If you find any difficulty while following this guide, do let me know in the comment section, and of course, don’t forget to leave a comment if this article helped you 🙂 

See you in the next article…spread peace and love.

This Post Has 2 Comments

  1. Tomas March 8, 2023 Reply

    Good guide! Helped me open my encrypted sdcard partition on a phone that needed OS reflashing anyway. Thanks!

    1. Gagan Mishra March 8, 2023 Reply

      🙂

Leave a Reply