Removing System Encryption

From ArchWiki
Revision as of 03:39, 29 October 2008 by Aarcane (Talk | contribs) (backup your data)

Jump to: navigation, search

Okay, I'm writing this prior to install, I'll update it after and make it pretty.

prerequisites

  • an encrypted root filesystem or other filesystem you cannot umount while booted into your operating system
  • enough drive space somewhere to store a backup
  • a few hours

boot into a live environment

Download and burn the latest archlive cd, stick it in, reboot your system and boot to cd

identify and activate your partitions

TODO: enter lvm command to activate volume groups/lvs. TODO: enter cryptsetup commands to unencrypt drive Note: do not mount the partitions you intend to operate on except the backup partition. if you've already mounted a partition other than your backup partition, you can safely umount it now. Once you've identifed and activated your partitions, you're ready to move on to step 3

note about different setups

I'm using a setup that looks like this:

disk
ntfs lvm ntfs
other os vol0 vol1 Shared
luks luks
swap root(xfs)

Disregard the grey stuff, it only adds a frame of reference. The green partitons are the ones we're going to be modifying. you should make sure any green text matches your system's setup. the yellow parition is the one we're going to be using as storage space. you should feel free to change this at will.

on my system, I have myvg contains lvs called cryptroot and crtpyswap. they are located at /dev/mapper/myvg_cryptroot and /dev/mapper/myvg_cryptswap. Upon boot, luks is used along with a few crypttab entries to create /dev/mapper/root and /dev/mapper/swap. I won't be unencrypting my swap as part of this guide, as undoing the swap encryption doesn't require any complex backup or restoration.

Your setup WILL be different. different filesystems require different tools to effectively backup and restore their data. Most of you will not be using LVM and can ignore that part. XFS requires xfs_copy to ensure an effective backup and restore. DD is insufficient. you can use DD with ext2,3,and 4. (Someone please comment on jfs, reiserfs and reiser4fs)

backup your data

using xfs_copy:

xfs_copy -db /dev/mapper/root /media/Shared/backup_root.img

note: -d tells xfs_copy to preserve uuids and -b tells xfs_copy to work with filesystems that don't allow direct io (like ntfs-3g) using dd:

dd if=/dev/mapper/root of=/media/Shared/backup_root.img

Now walk away, get yourself something to eat or drink, or do some homework. this will take a while.

undo encryption

Now the crucial moment, the point of no return if you will. Make sure you're ready to do this, if you plan to un-do this later, you'll have to almost start from scratch. you know how fun that is.

cryptsetup luksClose root
lvm lvremove myvg/cryptroot

restore data

now we have to create a new logical volume to house our root filesystem and restore our filesystem.

lvm lvcreate -l 100%FREE -n root myvg
xfs_copy -d /media/Shared/backup_root.img /dev/mapper/myvg-root

reconfigure the operating system

you need to boot into your operating system and edit /etc/crypttab /etc/mkinitcpio.conf and possibly /boot/grub/menu.lst (only if you're not using lvm)