Debian Wheezy (7.5): Accessing the Encrypted Partition From the Recovery System
Continued from my previous post, Debian Wheezy (7.5): Encrypted Root Filesystem on laptop.
In my previous post, I created an extra partition for recovery system that could be used to repair the main system in a situation where it becomes corrupted or un-bootable. But how exactly can I access it from the recovery system? Well, steps described below is something I would try, in other words, just a theory. If you know a better (correct) way, or if I'm doing wrong, please feel free to comment!
Disclaimer:
The information in this site is the result of my researches in the Internet and of my experiences. It is solely used for my purpose and may not be suitable for others. I will NOT take any responsibility of end result after following these steps (although I will try to help if you send me your questions/problems).
Booting Into the Recovery System
At the GRUB menu, choose the Recovery system. In my case it's on /dev/sda2.
Accessing Encrypted Device with `cryptsetup luksOpen`
First, let's see my partition layout:
# parted
(parted) p
Model: ATA WDC WD3200BEKT-6 (scsi)
Disk /dev/sda: 320GB
Sector Size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
1 1049kB 310GB 310GB
2 310GB 320GB 10.1GB ext4
(parted) q
Since /dev/sda1 is encrypted with crypt-luks, normal mount command would not work.
# mount /dev/sda1 /mnt/main
mount: unknown filesystem type 'crypto_LUKS'
So it needs to be opened to access the encrypted device. This process requires your passphrase. This will create /dev/mapper/unlocked.
# cryptsetup luksOpen /dev/sda1 unlocked
Enter passphrase for /dev/sda1:
Can we mount the device now? Nope. Because it's LVM.
Accessing LVM
First install lvm2.
# apt-get install lvm2
SIDE NOTE:
If you get the following warnings after executing above command:
update-initramfs: Generating /boot/initrd.img-3.2.0-4-amd64
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168f-2.fw for module r8169
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168f-1.fw for module r8169
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8105e-1.fw for module r8169
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168e-3.fw for module r8169
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168e-2.fw for module r8169
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168e-1.fw for module r8169
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168d-2.fw for module r8169
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168d-1.fw for module r8169
You need to add contrib and non-free repositories to /etc/apt/sources.list:
# vim /etc/apt/sources.list
--------------------------------------
deb http://ftp.us.debian.org/debian wheezy main contrib non-free
# apt-get update
Then install the firmware-realtek package:
# apt-get install firmware-realtek
Then load the necessary module.
# modprobe dm-mod
Scan the system for LVM volumes and identify the volume group name in the output.
# vgscan
Reading all physical volumes. This may take a while...
Found volume group "debian" using metadata type lvm2
Activate the volume.
# vgchange -ay debian
2 logical volume(s) in volume group "debian" now active
Then find the logical volume that has the root filesystem
# lvs
LV VG Attr LSize Pool Origin Data% Move Log Copy% Convert
root debian -wi-a--- 284.98g
swap debian -wi-a--- 3.72g
Mounting It Now!
Now all the preparation is done. It's time to mount it.
# mount -o ro,user /dev/debian/root /mnt/unlocked
# ls mnt/unlocked
bin etc lib media proc sbin sys var
boot home lib64 mnt root selinux tmp vmlinuz
dev initrd.img lost+found opt run srv usr
VoilĂ ! Successfully mounted!
That's all!
-gibb