Accessing an encrypted full disc image (LUKS;LVM)

So I typically use a full disc encryption with LVM over LUKS. So assume you have got an image from your harddisk via

dd if=/dev/sda of=image.img

You now want to access this data again – maybe you don’t even have the drive anymore. So here is a quick rundown how I did it just now.

First we look at the image:

% fdisk -l -u backup_x220_november_2012_sdb.img                        

Disk backup_x220_november_2012_sdb.img: 80.0 GB, 80026361856 bytes, 156301488 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000589c6

                            Device Boot      Start         End      Blocks   Id  System
backup_x220_november_2012_sdb.img1            2048      499711      248832   83  Linux
backup_x220_november_2012_sdb.img2          501758   156301311    77899777    5  Extended
backup_x220_november_2012_sdb.img5          501760   156301311    77899776   83  Linux

Great! So all partitions are in there! We will use kpartx to map this file to a block device which you can use just as your normal drives.

% sudo kpartx -a -v backup_x220_november_2012_sdb.img
add map loop0p1 (254:3): 0 497664 linear /dev/loop0 2048
add map loop0p2 (254:4): 0 2 linear /dev/loop0 501758
add map loop0p5 : 0 155799552 linear /dev/loop0 501760

Even better, now we have the partitions on the image mapped to /dev/mapper/loop0px. It’s now straightforward to mount the encrypted drive loop0p5:

% sudo cryptsetup luksOpen /dev/mapper/loop0p5 imgroot
Enter passphrase for /dev/mapper/loop0p5:

Now find and open the LVM drives inside:

% sudo vgscan
  Reading all physical volumes.  This may take a while...
  Found volume group "mikrocanonix" using metadata type lvm2

% sudo vgchange -a y mikrocanonix
  2 logical volume(s) in volume group "mikrocanonix" now active

% sudo mount /dev/mikrocanonix/root /mnt/

DONE!

2 thoughts on “Accessing an encrypted full disc image (LUKS;LVM)

  1. Thank you for posting this!!!
    This is critical information for anyone using LVM over LUKS! Even on the LUKS mailing list, no one knows how to do this!

    1. Hi J_Icicle,

      I’m glad it was of help! I really like the kpartx tool. It’s really helpful for loopback mounting of full-disk images.

      Matthias

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>