Removing System Encryption
Okay, I'm writing this prior to install, I'll update it after and make it pretty.
- an encrypted root filesystem or other filesystem you cannot umount while booted into your operating system
- enough drive space somewhere to store a backup
- a few hours
boot into a live environment
Download and burn the latest archlive cd, stick it in, reboot your system and boot to cd
identify and activate your partitions
TODO: enter lvm command to activate volume groups/lvs. TODO: enter cryptsetup commands to unencrypt drive Note: do not mount the partitions you intend to operate on except the backup partition. if you've already mounted a partition other than your backup partition, you can safely umount it now. Once you've identifed and activated your partitions, you're ready to move on to step 3
note about different setups
I'm using a setup that looks like this:
Disregard the grey stuff, it only adds a frame of reference. The green partitons are the ones we're going to be modifying. you should make sure any green text matches your system's setup. the yellow parition is the one we're going to be using as storage space. you should feel free to change this at will.
on my system, I have myvg contains lvs called cryptroot and crtpyswap. they are located at /dev/mapper/myvg_cryptroot and /dev/mapper/myvg_cryptswap. Upon boot, luks is used along with a few crypttab entries to create /dev/mapper/root and /dev/mapper/swap. I won't be unencrypting my swap as part of this guide, as undoing the swap encryption doesn't require any complex backup or restoration.
Your setup WILL be different. different filesystems require different tools to effectively backup and restore their data. Most of you will not be using LVM and can ignore that part. XFS requires xfs_copy to ensure an effective backup and restore. DD is insufficient. you can use DD with ext2,3,and 4. (Someone please comment on jfs, reiserfs and reiser4fs)
backup your data
xfs_copy -db /dev/mapper/root /media/Shared/backup_root.img
note: -d tells xfs_copy to preserve uuids and -b tells xfs_copy to work with filesystems that don't allow direct io (like ntfs-3g) using dd:
dd if=/dev/mapper/root of=/media/Shared/backup_root.img
Now walk away, get yourself something to eat or drink, or do some homework. this will take a while.
Now the crucial moment, the point of no return if you will. Make sure you're ready to do this, if you plan to un-do this later, you'll have to almost start from scratch. you know how fun that is.
cryptsetup luksClose root lvm lvremove myvg/cryptroot
now we have to create a new logical volume to house our root filesystem and restore our filesystem.
lvm lvcreate -l 100%FREE -n root myvg xfs_copy -d /media/Shared/backup_root.img /dev/mapper/myvg-root
reconfigure the operating system
you need to boot into your operating system and edit /etc/crypttab /etc/mkinitcpio.conf and possibly /boot/grub/menu.lst (only if you're not using lvm)