ENIGMA CURRY

• Encryption

Mounting an (Ubuntu) encrypted disk

Ubuntu, starting with Gutsy, now has the option to encrypt your entire disk at install time. Gentoo has had this for a long time, but you had to follow a long guide to do it. Ubuntu's setup is dirt simple.

But, suppose you need to access data on that disk when you are booted into another version of Linux, say a LiveCD? I couldn't find any ubuntu specific documentation on the subject, but I knew basically how it's done because I've done this before in Gentoo.

Using a disk image?

Probably, you just want to get some files off of your encrypted disk. If your goal is that simple, you can skip this section completely. However, if you are doing any kind of forensic work, or if you are trying to recover lost files, etc.. Don't operate on the hard drive itself. Instead, make an image/copy of the hard drive instead. That way you won't be changing the hard drive at all in case something goes wrong, or if you need to use the hard drive as evidence.

To make a backup copy of the encrypted filesystem, identify which device contains it, then use dd to copy it to a different disk.

• dd if=/dev/your_encrypted_device of=/path/to/somewhere/else/encrypted_fs.backup.dd

After a while, you should have a gigantic file called encrypted_fs.backup.dd which is a bit for bit copy of the filesystem.

Just like the original hard drive, this backup copy is still encrypted. But now we can use this file instead of the hard drive itself for mounting:

• losetup /dev/loop0 encrypted_fs.backup.dd

Use /dev/loop0 for the rest of this howto instead of the original device name.

Decrypt the device:

• apt-get install cryptsetup
• modprobe aes
• modprobe dm-crypt
• modprobe sha256
• cryptsetup luksOpen /dev/sdx# root

Now you should have an unencrypted device created called /dev/mapper/root

Mounting an LVM unit

If, like me, you installed not only encrypted, but an encrypted LVM, you need to activate the volume as well:

• apt-get install lvm2
• vgchange -a y

Now you should have new devices created for the sub-partitions of the LVM, for instance:

• /dev/mapper/ubuntu-root
• /dev/mapper/ubuntu-swap

Mounting the filesystem

Now just mount the filesystem. If you used LVM, use the device called /dev/mapper/ubuntu-root. If you installed to a normal partition, just use /dev/mapper/root.

• mkdir /media/ubuntu-root
• mount /dev/mapper/ubuntu-root /media/ubuntu-root