You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The following guide will tell you how to install WSL 2, Debian and how to mount and access drives encrypted with Linux Unified Key Setup (LUKS).
1.[Install](https://learn.microsoft.com/en-us/windows/wsl/install) Windows Subsystem for Linux 2 (WSL 2)
1.[Install](https://wiki.debian.org/InstallingDebianOn/Microsoft/Windows/SubsystemForLinux) Debian on WSL 2
1. Run **Powershell** as administrator and list your physical drives by entering:
```cmd
GET-CimInstance -query "SELECT * from Win32_DiskDrive"
# How to Access LUKS-Encrypted Drives on Windows
This guide provides step-by-step instructions on how to install Windows Subsystem for Linux 2 (WSL 2), set up Debian, and mount LUKS-encrypted drives on a Windows system.
## Prerequisites
- A **LUKS-encrypted drive** that you want to access.
-**Windows 10 (version 2004 and later) or Windows 11** with support for WSL 2.
- Administrator privileges on your Windows system.
-**Basic knowledge of command-line operations** in PowerShell and Linux.
## Step 1: Install Windows Subsystem for Linux 2 (WSL 2)
Open **PowerShell as administrator** and run:
```powershell
wsl --install
```
If WSL 2 is already installed, ensure it is updated:
## Step 3: Identify Your LUKS-Encrypted Drive in Windows
1. Open **PowerShell as Administrator**.
2. Run the following command to list all physical drives:
```powershell
Get-CimInstance -query "SELECT * from Win32_DiskDrive"
```
3. Identify the LUKS-encrypted drive from the list.
- Note down its **DeviceID** (e.g., `\\.\PHYSICALDRIVE4`).
- Make sure you choose the correct drive to avoid mounting the wrong disk.
## Step 4: Mount the Drive in WSL 2
1. Use the following command in PowerShell to mount the drive in WSL 2 (**replace `<DeviceID>` with your actual DeviceID**):
```powershell
wsl --mount <DeviceID> --bare
```
- The `--bare` option ensures that WSL does not automatically attempt to mount file systems, which is necessary for LUKS-encrypted drives.
## **Step 5: Enter Debian on WSL 2**
1. Open Debian with the following command in PowerShell:
```powershell
wsl -d Debian -u <username>
```
- Replace `<username>` with the Linux user you created during Debian installation.
- If you're unsure, you can try `wsl -d Debian` and switch users manually.
## **Step 6: Install Cryptsetup (If Not Installed)**
1. In Debian, install **cryptsetup**, which is required to unlock LUKS-encrypted drives:
```bash
sudo apt update && sudo apt install cryptsetup
```
## **Step 7: Identify the LUKS-Encrypted Partition**
1. List all available partitions:
```bash
sudo fdisk -l
```
2. Find the LUKS-encrypted partition.
- Look for a **Linux partition** that is not automatically mounted.
- Usually, it's something like `/dev/sda1`, `/dev/nvme0n1p1`, or `/dev/sdb1`.
-**Do NOT use the whole drive (e.g., `/dev/sda`), only use the partition (e.g., `/dev/sda1`).**
Example output:
```
Note the `DeviceID` of the drive you want to access (*Example: `\\.\PHYSICALDRIVE4`*)
1. Mount the drive using the following command (*replace `<DeviceID>` with the before noted `DeviceID`*):
```cmd
wsl --mount <DeviceID> --bare
Device Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 499711 497664 243M 83 Linux
```
1. Enter Debian with the following command (*replace `<username>` with the username you have selected when installing Debian on WSL 2*)
```cmd
wsl -d Debian -u <username>
```
1. If cryptsetup is not installed, install it with the following command:
```bash
sudo apt install cryptsetup
```
1. List all partitions on your system with the following command. Note the `Device` that holds your encrypted partition (*e.g. /dev/sda1 but **not** /dev/sda*)
```bash
sudo fdisk -l
```
1. Decrypt the volume by entering the following command (*replace `<device>` with the `Device` noted the step before and replace `<name>` with a name of your choice*)
```bash
sudo cryptsetup luksOpen <device> <name>
```
1. Create a folder from where your drive is accessible in Windows Explorer (*replace `<folder>` with the folder name from where you want it to be accsessible*)
```bash
sudo mkdir /mnt/<folder>
```
1. Finally, mount the drive (*to the before mentioned folder or elsewhere - replace `<name>` with the name you gave in step 8 and replace `<folder>` with the folder name you have chosen just before*)
```bash
sudo mount /dev/mapper/<name> /mnt/<folder>
```
In this case, the **LUKS partition** is `/dev/sda1`.
## **Step 8: Unlock the LUKS-Encrypted Drive**
1. Run the following command to decrypt the drive (**replace `<device>` with your partition and `<name>` with an arbitrary name**):
```bash
sudo cryptsetup luksOpen <device> <name>
```
- This will prompt you for the LUKS passphrase.
## **Step 9: Create a Mount Point**
1. Create a folder where the decrypted drive will be mounted (**replace `<folder>` an arbitrary folder name**):
```bash
sudo mkdir -p /mnt/<folder>
```
## **Step 10: Mount the Decrypted Volume**
1. Mount the decrypted LUKS volume to the before created folder:
```bash
sudo mount /dev/mapper/<name> /mnt/<folder>
```
2. Check if the drive is accessible:
```bash
ls /mnt/<folder>
```
3. The contents of the decrypted LUKS drive should now be visible.
## **Step 11: Access the Drive from Windows Explorer**
1. Open **Windows Explorer** and navigate to:
```
\\wsl.localhost\Debian\mnt\<folder>
```
You should see the decrypted contents of your LUKS drive.
## **Step 12: Unmounting and Locking the Drive**
When you are done, it's important to unmount and lock the drive securely.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The following guide will tell you how to install WSL 2, Debian and how to mount and access drives encrypted with Linux Unified Key Setup (LUKS).
1.[Install](https://learn.microsoft.com/en-us/windows/wsl/install) Windows Subsystem for Linux 2 (WSL 2)
1.[Install](https://wiki.debian.org/InstallingDebianOn/Microsoft/Windows/SubsystemForLinux) Debian on WSL 2
1. Run **Powershell** as administrator and list your physical drives by entering:
```cmd
GET-CimInstance -query "SELECT * from Win32_DiskDrive"
```
Note the `DeviceID` of the drive you want to access (*Example: `\\.\PHYSICALDRIVE4`*)
1. Mount the drive using the following command (*replace `<DeviceID>` with the before noted `DeviceID`*):
```cmd
wsl --mount <DeviceID> --bare
```
1. Enter Debian with the following command (*replace `<username>` with the username you have selected when installing Debian on WSL 2*)
```cmd
wsl -d Debian -u <username>
```
1. If cryptsetup is not installed, install it with the following command:
```bash
sudo apt install cryptsetup
```
1. List all partitions on your system with the following command. Note the `Device` that holds your encrypted partition (*e.g. /dev/sda1 but **not** /dev/sda*)
```bash
sudo fdisk -l
```
1. Decrypt the volume by entering the following command (*replace `<device>` with the `Device` noted the step before and replace `<name>` with a name of your choice*)
```bash
sudo cryptsetup luksOpen <device> <name>
```
1. Create a folder from where your drive is accessible in Windows Explorer (*replace `<folder>` with the folder name from where you want it to be accsessible*)
```bash
sudo mkdir /mnt/<folder>
```
1. Finally, mount the drive (*to the before mentioned folder or elsewhere - replace `<name>` with the name you gave in step 8 and replace `<folder>` with the folder name you have chosen just before*)
dreamfarer revised this gist