Skip to content

Mount a LUKS-encrypted partition in WSL Ubuntu

Published by JoeB on January 5, 2023

  1. Find and mount the partition in PowerShell as admin

    GET-CimInstance -query "SELECT * from Win32_DiskDrive"

    Example output:

    DeviceID           Caption                        Partitions Size          Model
--------           -------                        ---------- ----          -----
\\.\PHYSICALDRIVE2 WD My Passport 2626 USB Device 0          5000945564160 WD My Passport 2626 USB Device
\\.\PHYSICALDRIVE1 SAMSUNG MZVPV512HDGL-00000     2          512105932800  SAMSUNG MZVPV512HDGL-00000
\\.\PHYSICALDRIVE0 SAMSUNG MZVL21T0HCLR-00B00     4          1024203640320 SAMSUNG MZVL21T0HCLR-00B00

    In this case, \\.\PHYSICALDRIVE1 is the DeviceID we are looking for.

    Make it available to WSL:

    wsl --mount \\.\PHYSICALDRIVE1 --bare

  2. Find encrypted partition
    Run lsblk to determine partition we want to unlock.

    Example output:

    NAME             MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
sda                8:0    0 363.1M  1 disk
sdb                8:16   0    16G  0 disk  [SWAP]
sdc                8:32   0     1T  0 disk  /mnt/wslg/distro
                                          /
sdd                8:48   0 476.9G  0 disk
├─sdd1             8:49   0   384M  0 part
└─sdd2             8:50   0 476.6G  0 part

    In this case, sdd2 is the partition we are looking for.

  3. Open the encrypted partition using cryptsetup (provided by cryptsetup-bin package)

    sudo cryptsetup open /dev/sdd2 my_crypt

    (The mapped name my_crypt is arbitrary IIUC.)

  4. (optional) Ensure logical volume is active
    Run sudo lvscan. Example result:

    ACTIVE            '/dev/$YOUR_VOL_GROUP_NAME/swap' [32.00 GiB] inherit
ACTIVE            '/dev/$YOUR_VOL_GROUP_NAME/root' [<444.55 GiB] inherit

    If the logical volume is not active, run vgchange -ay to activate it.

  5. (optional) Determine dm number and mount
    If the root logical volume is not available at /dev/mapper/$YOUR_VOL_GROUP_NAME-root, you may need to mount using one of the dm devices. Find which here:

    dmsetup ls

    Example output:

    $YOUR_VOL_GROUP_NAME-root      (252:2)
$YOUR_VOL_GROUP_NAME-swap      (252:1)
my_crypt    (252:0)

    The volume group ID number for root is 252:2, so /dev/dm-2 corresponds to the root volume. (If we were interested in the swap volume, it would be 252:1, and thus /dev/dm-1.)

  6. Mount the volume
    If the volume group is showing under /dev/mapper (may need a restart), you can simply run:

    sudo mount /dev/mapper/$YOUR_VOL_GROUP_NAME-root /mnt/a

    Otherwise, using the /dev/dm-2 determined in optional step 5, run:

    sudo mount /dev/dm-2 /mnt/a
Published inDevelopment

Be First to Comment

Leave a Reply