How to mount encrypted LVM logical volume

Some time ago, I have recovered an old hard drive only to learn that it contained encrypted LVM logical volume.

Initial notes

These simple instructions will work on Ubuntu Vivid Vervet and Debian Jessie. Although, you do not need to activate LVM logical volumes on Ubuntu.

Please do not use graphical user interface utilities available in Ubuntu as these do not provide an easy way to safely remove encrypted LVM member.

Prerequisites

Install cryptsetup package to access LUKS encrypted volumes.

$ sudo apt-get install cryptsetup

Install lvm2 package to use Logical Volume Manager.

$ sudo apt-get install lvm2

Identify encrypted device

Identify encrypted device - /dev/sdb5 partition in this example.

$ sudo lsblk -f /dev/sdb
NAME   FSTYPE      LABEL UUID                                 MOUNTPOINT
sdb                                                           
├─sdb1 ext2              763b1a31-0a41-453c-aebb-8f28e45b19db 
├─sdb2                                                        
└─sdb5 crypto_LUKS       92e4fc6c-eac0-434e-9d4c-316449a0f122 
$ sudo file -s /dev/sdb5
/dev/sdb5: LUKS encrypted file, ver 1 [aes, xts-plain64, sha1] UUID: 92e4fc6c-eac0-434e-9d4c-316449a0f122

Open LUKS device

Open encrypted /dev/sdb5 device and set up encrypted_device mapping.

$ sudo cryptsetup luksOpen /dev/sdb5 encrypted_device
Enter passphrase for /dev/sdb5: ****************

Identify volume group

Identify volume group - mint-vg in this example.

$ sudo vgdisplay --short
  "mint-vg" 74.29 GiB [74.29 GiB used / 0     free]

List logical volumes

List logical volumes on identified mint-vg volume group.

$ sudo lvs -o lv_name,lv_size -S vg_name=mint-vg
  LV     LSize
  root   66.39g
  swap_1  7.89g

Activate logical volumes

Activate desired (root on mint-vg) volume group.

$ sudo lvchange -ay mint-vg/root

Alternatively, activate every logical volume on this volume group.

$ sudo lvchange -ay mint-vg

This step will be performed automatically on Ubuntu.

Access encrypted file system

Attach the encrypted file system.

$ sudo mount /dev/mint-vg/root /media/some_mount_point

Freely access encrypted file system and perform desired tasks.

Detach the encrypted file system.

$ sudo umount /dev/mint-vg/root 

You can safely use graphical user interface utilities to perform this step.

Deactivate logical volumes

You can list active logical volumes on specified volume group using the following command.

$ sudo lvs -S "lv_active=active && vg_name=mint-vg"
  LV   VG      Attr       LSize  Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  root mint-vg -wi-a----- 66,39g                

Deactivate active volume group.

$ sudo lvchange -an mint-vg/root

Alternatively, deactivate every logical volume on this volume group.

$ sudo lvchange -an mint-vg

Close LUKS device

Remove the encrypted_device mapping and wipe the key from kernel memory.

$ sudo cryptsetup luksClose encrypted_device

Now you can disconnect hard drive.

Milosz Galazka's Picture

About Milosz Galazka

Milosz is a Linux Foundation Certified Engineer working for a successful Polish company as a system administrator and a long time supporter of Free Software Foundation and Debian operating system.

Gdansk, Poland https://sleeplessbeastie.eu