This howto was tested with Debian 7, 8 and 9.

1. Usage scenario

System repair
  1. The system does not boot any more.

  2. Boot from live CD

  3. Follow this howto to mount the encrypted system

Switch to UEFI
  1. Switch a Debian system from legacy boot mode to UEFI boot mode. The procedure is the same as System repair with some additional steps described in how to switch a debian 7-9 legacy boot system to UEFI

Fast file copy from HD to HD
  1. Dismount the harddrive from host disk-system

  2. Connect the harddrive to another host host-system with a SATA-USB3 adapter or any other interface.

  3. Mount disk-system into host-system following this howto.

The recovery mode of the Debian 9 Stretch installer disk automates the following steps. Try this first!

2. Find the device and partition of the to be mounted logical volume

  1. Connect the disk with host-system and observe the kernel messages in /var/log/syslog

     root@host-system:~# tail -f /var/log/syslog
     sd 3:0:0:0: [sdb] 976773168 512-byte logical blocks: (500 GB/465 GiB)
     sd 3:0:0:0: [sdb] Write Protect is off
     sd 3:0:0:0: [sdb] Mode Sense: 43 00 00 00
     sd 3:0:0:0: [sdb] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
      sdb: sdb1 sdb2 sdb3 sdb5
     sd 3:0:0:0: [sdb] Attached SCSI disk

    The to be mounted device is /dev/sdb.

  2. Find the partition

    root@host-system:~# gdisk -l /dev/sdb
    GPT fdisk (gdisk) version 0.8.5
    ...
    Number  Start (sector)    End (sector)  Size       Code  Name
       1            2048          411647   200.0 MiB   8300  Linux filesystem
       2          411648          494821   43.0 MiB    0700
       3          494822          501759   1024.0 KiB  8300  Linux filesystem
       5          501760       976771071   465.5 GiB   8300  Linux filesystem

    The to be mounted logical volume of disk-system resides on /dev/sdb5.

3. Mount encrypted logical volume

  1. Open decryption layer.

    root@host-system:~# lvscan
      ACTIVE            '/dev/host-system/root' [231.03 GiB] inherit
      ACTIVE            '/dev/host-system/swap_1' [7.20 GiB] inherit

    Logical volume is not registered yet. Do so.

    root@host-system:~# cryptsetup luksOpen /dev/sdb5 sdb5_crypt
    Enter passphrase for /dev/sdb5:

    Enter disk password.

    root@host-system:~# lvscan
      inactive          '/dev/disk-system/root' [457.74 GiB] inherit
      inactive          '/dev/disk-system/swap_1' [7.78 GiB] inherit
      ACTIVE            '/dev/host-system/root' [231.03 GiB] inherit
      ACTIVE            '/dev/host-system/swap_1' [7.20 GiB] inherit

    Logical volume of disk-system`is registered now. It contains one `root partition (line 1) and and one swap partition (line 2).

  2. Activate logical volumes

    root@host-system:~# lvchange -a y disk-system

    Check success.

    root@host-system:~# lvscan
      ACTIVE            '/dev/disk-system/root' [457.74 GiB] inherit
      ACTIVE            '/dev/disk-system/swap_1' [7.78 GiB] inherit
      ACTIVE            '/dev/host-system/root' [231.03 GiB] inherit
      ACTIVE            '/dev/host-system/swap_1' [7.20 GiB] inherit
    
    root@host-system:~# ls /dev/mapper
    control  disksystem-root  disksystem-swap_1  hostsystem-root  hostsystem-swap_1  mymapper  sdb5_crypt
  3. Mount logical volume

    root@host-system:~# mount -t ext4 /dev/mapper/disk-system-root /mnt

    Check success.

    root@host-system:~# ls /mnt
    bin   etc         initrd.img.old  lib64       mnt   proc  sbin     sys  var
    boot  home        lib             lost+found  mnt2  root  selinux  tmp  vmlinuz
    dev   initrd.img  lib32           media       opt   run   srv      usr  vmlinuz.old

4. Unmount encrypted logical volume

root@host-system:~# umount /mnt

root@host-system:~# lvscan
  ACTIVE            '/dev/disk-system/root' [457.74 GiB] inherit
  ACTIVE            '/dev/disk-system/swap_1' [7.78 GiB] inherit
  ACTIVE            '/dev/host-system/root' [231.03 GiB] inherit
  ACTIVE            '/dev/host-system/swap_1' [7.20 GiB] inherit

root@host-system:~# lvchange -a n disk-system
root@host-system:~# lvscan
  inactive          '/dev/disk-system/root' [457.74 GiB] inherit
  inactive          '/dev/disk-system/swap_1' [7.78 GiB] inherit
  ACTIVE            '/dev/host-system/root' [231.03 GiB] inherit
  ACTIVE            '/dev/host-system/swap_1' [7.20 GiB] inherit

root@host-system:~# cryptsetup luksClose sdb5_crypt
root@host-system:~# lvscan
  ACTIVE            '/dev/host-system/root' [231.03 GiB] inherit
  ACTIVE            '/dev/host-system/swap_1' [7.20 GiB] inherit