Display current mappings for encrypted devices (LUKS) .
List block devices
Use lsblk list mode to display encrypted devices.
$ lsblk --list | awk '$6 == "TYPE" || $6 == "crypt" {print}'
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda4_crypt 253:0 0 445,9G 0 crypt luks-0e17b44c-a9af-4da1-8f98-062552e1df7a 253:3 0 1,8T 0 crypt /media/milosz/5a7dd0ba-8137-4416-82dd-fc4bcf982ec9
Use lsblk tree-like format, which is a default mode to display encrypted volumes.
$ lsblk --tree /dev/mapper/sda4_crypt
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda4_crypt 253:0 0 445,9G 0 crypt ├─vgubuntu-root 253:1 0 444,9G 0 lvm / └─vgubuntu-swap_1 253:2 0 980M 0 lvm [SWAP]
$ lsblk --tree /dev/mapper/luks-0e17b44c-a9af-4da1-8f98-062552e1df7a
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT luks-0e17b44c-a9af-4da1-8f98-062552e1df7a 253:3 0 1,8T 0 crypt /media/milosz/5a7dd0ba-8137-4416-82dd-fc4bcf982ec9
Combine lsblk list and tree mode to display encrypted volumes.
$ lsblk --list --output NAME,TYPE --noheading | awk '$2 == "crypt" {print $1}' | xargs -I{} lsblk --tree /dev/mapper/{} | column -t | sed '2,${/^NAME/d}'
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda4_crypt 253:0 0 445,9G 0 crypt ├─vgubuntu-root 253:1 0 444,9G 0 lvm / └─vgubuntu-swap_1 253:2 0 980M 0 lvm [SWAP] luks-0e17b44c-a9af-4da1-8f98-062552e1df7a 253:3 0 1,8T 0 crypt /media/milosz/5a7dd0ba-8137-4416-82dd-fc4bcf982ec
Use lsblk JSON output to extract this information.
$ lsblk --json --output-all| jq --raw-output '[.. | select(.fstype?) | select(.children[]?) | {parent:{name,fstype,path},device:(.children[]| {name,fstype,path})}] | unique | group_by(.parent.name) | .[] | {parent: .[0].parent,device:[.[].device]}'
{
"parent": {
"name": "sda4",
"fstype": "crypto_LUKS",
"path": "/dev/sda4"
},
"device": [
{
"name": "sda4_crypt",
"fstype": "LVM2_member",
"path": "/dev/mapper/sda4_crypt"
}
]
}
{
"parent": {
"name": "sda4_crypt",
"fstype": "LVM2_member",
"path": "/dev/mapper/sda4_crypt"
},
"device": [
{
"name": "vgubuntu-root",
"fstype": "ext4",
"path": "/dev/mapper/vgubuntu-root"
},
{
"name": "vgubuntu-swap_1",
"fstype": "swap",
"path": "/dev/mapper/vgubuntu-swap_1"
}
]
}
{
"parent": {
"name": "sdc1",
"fstype": "crypto_LUKS",
"path": "/dev/sdc1"
},
"device": [
{
"name": "luks-0e17b44c-a9af-4da1-8f98-062552e1df7a",
"fstype": "ext4",
"path": "/dev/mapper/luks-0e17b44c-a9af-4da1-8f98-062552e1df7a"
}
]
}
Low level logical volume management
Use dmsetup list mode to display encrypted devices.
$ sudo dmsetup ls --target crypt
sda4_crypt (253, 0) luks-0e17b44c-a9af-4da1-8f98-062552e1df7a (253, 3)
Use dmsetup tree mode to display encrypted devices and volumes.
$ sudo dmsetup ls --tree
vgubuntu-root (253:1)
└─sda4_crypt (253:0)
└─ (8:4)
vgubuntu-swap_1 (253:2)
└─sda4_crypt (253:0)
└─ (8:4)
luks-0e17b44c-a9af-4da1-8f98-062552e1df7a (253:3)
└─ (8:33)
Use dmsetup to inspect specific volume.
$ sudo dmsetup info --major 253 --minor 1
Name: vgubuntu-root State: ACTIVE Read Ahead: 256 Tables present: LIVE Open count: 1 Event number: 0 Major, minor: 253, 1 Number of targets: 1 UUID: LVM-UZH27ydsKGowhUzXdj5FCH30d0KvLdIOEkV3CCZDS4SISA7ZOnVpcty16K6QnM3M
Use dmsetup list mode to list LVM volumes on an encrypted device.
$ sudo dmsetup ls --target linear
vgubuntu-root (253, 1) vgubuntu-swap_1 (253, 2)
Use dmsetup to display encrypted volumes with dependencies.
$ sudo dmsetup deps
sda4_crypt: 1 dependencies : (8, 4) vgubuntu-root: 1 dependencies : (253, 0) vgubuntu-swap_1: 1 dependencies : (253, 0) luks-0e17b44c-a9af-4da1-8f98-062552e1df7a: 1 dependencies : (8, 33)
Use dmsetup to inspect encrypted device.
$ sudo dmsetup info --major 253 --minor 0
Name: sda4_crypt State: ACTIVE Read Ahead: 256 Tables present: LIVE Open count: 2 Event number: 0 Major, minor: 253, 0 Number of targets: 1 UUID: CRYPT-LUKS2-67369c73f0a04ead907c507246c0c43b-sda4_crypt
Use dmsetup to determine parent of the encrypted volume.
$ sudo dmsetup info -c --noheadings -o name --major 253 --minor 0
sda4_crypt
Use dmsetup to inspect volumes that depend on encrypted devices.
$ sudo dmsetup ls --target linear | sudo awk '{CMD="dmsetup deps " $1; CMD |getline RES; close(CMD); match(RES,/([0-9]+) dependencies[ \t]+: \(([0-9]*), ([0-9]+)\)/,arr); CMD2="dmsetup info -c --noheadings -o name --major " arr[2] " --minor " arr[3]; CMD2| getline RES2; close(CMD2); print $0 " -> " RES2 " (" arr[2] ", " arr[3] ")"}' | column -t
vgubuntu-root (253, 1) -> sda4_crypt (253, 0) vgubuntu-swap_1 (253, 2) -> sda4_crypt (253, 0)
Use dmsetup to inspect all encrypted devices and volumes.
$ sudo dmsetup deps | sudo awk -F: '{CMD="dmsetup deps " $1; CMD |getline RES; close(CMD); match(RES,/([0-9]+) dependencies[ \t]+: \(([0-9]*), ([0-9]+)\)/,arr); RES2="";CMD2="dmsetup info -c --noheadings -o name --major " arr[2] " --minor " arr[3] " 2>/dev/null"; CMD2| getline RES2; close(CMD2); print $0 " -> " RES2 " (" arr[2] ", " arr[3] ")"}' | column -t
sda4_crypt: 1 dependencies : (8, 4) -> (8, 4) vgubuntu-root: 1 dependencies : (253, 0) -> sda4_crypt (253, 0) vgubuntu-swap_1: 1 dependencies : (253, 0) -> sda4_crypt (253, 0) luks-0e17b44c-a9af-4da1-8f98-062552e1df7a: 1 dependencies : (8, 33) -> (8, 33)
Not all information is available here.
$ sudo dmsetup info --major 8 --minor 33
Device does not exist. Command failed.
Use udevadm to get identify this device.
$ udevadm info --root --query name /sys/dev/block/8:33
/dev/sdc1