This guide provides step-by-step instructions on how to install Windows Subsystem for Linux 2 (WSL 2), set up Debian, and mount LUKS-encrypted drives on a Windows system.

• A LUKS-encrypted drive that you want to access.
• Windows 10 (version 2004 and later) or Windows 11 with support for WSL 2.
• Administrator privileges on your Windows system.
• Basic knowledge of command-line operations in PowerShell and Linux.

Open PowerShell as administrator and run:

wsl --install

If WSL 2 is already installed, ensure it is updated:

wsl --update

🔗 WSL 2 Installation Guide

Debian will be used to handle the LUKS-encrypted drive.

1. Open PowerShell as administrator.
2. Install Debian using the following command:

   wsl --install -d Debian

3. Set a username and password for your Debian GNU/Linux installation when prompted.
4. If Debian is already installed, ensure it is updated:

   wsl -d Debian --update

🔗 Debian WSL Installation Guide

1. Open PowerShell as Administrator.
2. Run the following command to list all physical drives:

   Get-CimInstance -query "SELECT * from Win32_DiskDrive"

3. Identify the LUKS-encrypted drive from the list.
   • Note down its DeviceID (e.g., \\.\PHYSICALDRIVE4).
   • Make sure you choose the correct drive to avoid mounting the wrong disk.

1. Use the following command in PowerShell to mount the drive in WSL 2 (replace <DeviceID> with your actual DeviceID):

   wsl --mount <DeviceID> --bare

   • The --bare option ensures that WSL does not automatically attempt to mount file systems, which is necessary for LUKS-encrypted drives.

1. Open PowerShell as Administrator.
2. Open Debian with the following command:

   wsl -d Debian -u <username>

   • Replace <username> with the Linux user you created during Debian installation.
   • If you're unsure, you can try wsl -d Debian and switch users manually.

1. In Debian, install cryptsetup, which is required to unlock LUKS-encrypted drives:

   sudo apt update && sudo apt install cryptsetup

1. List all available partitions:

   sudo fdisk -l

2. Find the LUKS-encrypted partition.

   • Look for a Linux partition that is not automatically mounted.
   • Usually, it's something like /dev/sda1, /dev/nvme0n1p1, or /dev/sdb1.
   • Do NOT use the whole drive (e.g., /dev/sda), only use the partition (e.g., /dev/sda1).

   Example output:

   Device        Boot Start      End  Sectors  Size Id Type
   /dev/sda1     *     2048  499711  497664  243M 83 Linux
   

   In this case, the LUKS partition is /dev/sda1.

1. Run the following command to decrypt the drive (replace <device> with your partition and <name> with an arbitrary name):

   sudo cryptsetup luksOpen <device> <name>

   • This will prompt you for the LUKS passphrase.

1. Create a folder where the decrypted drive will be mounted (replace <folder> an arbitrary folder name):

   sudo mkdir -p /mnt/<folder>

1. Mount the decrypted LUKS volume to the before created folder:

   sudo mount /dev/mapper/<name> /mnt/<folder>

2. Check if the drive is accessible:

   ls /mnt/<folder>

3. The contents of the decrypted LUKS drive should now be visible.

1. Open Windows Explorer and navigate to:

   \\wsl.localhost\Debian\mnt\<folder>
   

   You should see the decrypted contents of your LUKS drive.

When you are done, it's important to unmount and lock the drive securely.

1. Unmount the drive:

   sudo umount /mnt/<folder>

2. Close the LUKS device:

   sudo cryptsetup luksClose <name>

3. Unmount the drive from WSL in PowerShell:

   wsl --unmount <DeviceID>