List All Cryptsetup Encrypted Partitions
In order to know which devices are encrypted, we need to list them out crisp and clear. This section guides you on how to list all Cryptsetup encrypted partitions, be in internally setup or external devices.
Listing Devices
To list the devices, you need the command "lsblk
".
By Graphical Representations
The very basic command would be:
$ lsblk --fs
This command will list all the devices and partitions, something like the following:
loop30 squashf /snap/shellc
loop31 squashf /snap/shellc
loop32 squashf /snap/atom/2
sda
├─sda1 ext2 <-UUID->-UUID-UUID-UUID-<---UUID---> /boot
└─sda5 crypto_ <-UUID->-UUID-UUID-UUID-<---UUID--->
└─sda5_crypt LVM2_me <-UUID->-UUID-UUID-UUID-<---UUID--->
├─hostname--vg-root
│ ext4 <-UUID->-UUID-UUID-UUID-<---UUID---> /
└─hostname--vg-swap_1
swap <-UUID->-UUID-UUID-UUID-<---UUID---> [SWAP]
You're highly interested with the partition with the label "crypto_LUKS
" or "crypto_
" (the latter is due to the display spacing cutoff). Those with these labels signifies that partition is encrypted with LUKS.
If there is any decrypted / open LUKS partition, it has a child directory. In this case, you want to look for sda5_crypt
partition name. Depending on what is the partition manager inside the encrypted volumes, you'll see all the listed partition insides.
If you just want to list only the encrypted partition, pipe it with grep crypto_LUKS
. This will give you the list of encrypted partitions, regardless it is open or otherwise.
$ lsblk --fs | grep crypto_LUKS
└─sda5 crypto_LUKS <-UUID->-UUID-UUID-UUID-<---UUID--->
By Command Line Parsing
To scan and read by parsing, simply attach the --list
argument. The command is as follows:
$ lsblk --fs --list
This will output:
loop30 squashf /snap/shellc
loop31 squashf /snap/shellc
loop32 squashf /snap/atom/2
sda
sda1 ext2 <-UUID->-UUID-UUID-UUID-<---UUID---> /boot
sda5 crypto_ <-UUID->-UUID-UUID-UUID-<---UUID--->
sda5_crypt LVM2_me <-UUID->-UUID-UUID-UUID-<---UUID--->
hostname--vg-root
ext4 <-UUID->-UUID-UUID-UUID-<---UUID---> /
hostname--vg-swap_1
swap <-UUID->-UUID-UUID-UUID-<---UUID---> [SWAP]
Similarly, you're interested in label "crypto_LUKS
" or "crypto_
" so you may filter it using grep
and uniq
. An example command would be:
lsblk -fs --list | grep crypto_LUKS | uniq | grep -o '^\S*'
Which yields:
sda5
sdb2
That's all about listing all encrypted partitions in an operating system.