18

My Ubuntu 11.04 machine uses LUKS encryption for root, swap and home. A routine fsck -n revealed a set of errors I need to repair. fsck requires to unmount the partitions. Before luks I would simply boot from a USB stick and fix run fsck from there. What are the steps to do that for LUKS encrypted partitions?

stwissel
  • 640
  • 2
  • 7
  • 21

3 Answers3

32

The exact method depends on how you have setup luks, and if you have LVM on top of luks or if you just have a filesystem within the luks volume.

If you don't have LVM in addition to luks then you would probably do something like this.

cryptsetup luksOpen /dev/rawdevice somename
fsck /dev/mapper/somename

# or

cryptsetup luksOpen /dev/sda2 _dev_sda2
fsck /dev/mapper/_dev_sda2

If you used the LVM on LUKS option providied by the Debian/Ubuntu installer, then you'll need to start up LVM. So vgchange -aly after opening the encrypted volume, then run fsck against the /dev/mapper/lvname.

(If commands are missing, you may need to do apt-get install cryptsetup first. Similarly if you need vgchange do apt-get install lvm.)

chicks
  • 3,639
  • 10
  • 26
  • 36
Zoredache
  • 128,755
  • 40
  • 271
  • 413
  • 2
    For whatever reason `cryptsetup luksOpen /dev/rawdevice somename` wasn't working out to give me something to run `fsck` on, although it was showing up with `vgscan` just fine after `vgchange -ay` as 'active'... I had to create the raw devices manually with `vgscan --mknodes` and then `fsck` on the logical volume showing up in `vgscan` with `fsck /dev/cryptVG/root` - Hope this helps someone else out there – Dmitri DB Nov 02 '14 at 18:30
  • Hm, no matter if I use `cryptsetup` or `cryptdisk_start`, I get the same result when I try `fsck`: `/dev/mapper/ext_crypt is in use`. I checked `mount` and it is *not mounted* anywhere. – Nikodemus RIP May 14 '16 at 08:27
10

You need to open the LUKS volume first.

cryptsetup luksOpen /dev/(whatever) someName

This'll ask you for the password, then create /dev/mapper/someName, which is the plaintext device that you can run fsck on. When you're done,

cryptsetup luksClose someName

will remove the /dev/mapper/someName plaintext device, .

Wyzard
  • 1,143
  • 6
  • 13
1

The procedure should be the same.

Using a Debian (7.7.0 amd64 netinst, in my case) USB stick, one can go into rescue mode, which should identify the LUKS partition, prompt for a password, and map it. It also identifies and maps any LVM partitions contained therein. If you don't mount the root partition, from the shell prompt you can just e2fsck -f -c /dev/system_name/partition_name, etc.

This question is four years old, but I don't think that the procedure has changed.

I should point out, though, that doing a fsck -n on a mounted filesystem is almost sure to report errors that won't actually exist when you fsck it unmounted!

Mike
  • 247
  • 1
  • 7