How to recover data from an encrypted LVM disk?

Hello,

I need help recovering my home directory data from an encrypted LVM disk (Btrfs file system); I do not have a separate home partition.

I connected the disk to another computer and unlocked it (cryptsetup luksOpen) and mounted it. The problem is that in the file explorer several directories, including the home directory, appear empty. To check for possible data corruption, I installed openSUSE Tumbleweed again, with the same configuration (encrypted LVM + Btrfs) and the same thing happened. Obviously, there must be some procedure missing. I know the LUKS password + username + user password. Needless to say, I need my data very badly.

Thank you in advance for any help.

The “btrfs” file system is structured into subvolumes. You need to mount those subvolumes.

I don’t use “btrfs”, so I’m not an expert in this. However, at one point I did experiment with “btrfs”, and I have an old commented-out script segment that I used:


## for sv in $SUBVOL
## do
##      mount -o subvol=$sv $ROOTDEV $MOUNTWHERE/$sv
## done

Here, $SUBVOL is a list of subvolumes that I extracted from “fstab”. And $ROOTDEV is the device special file, while “$MOUNTWHERE” is where it is mounted.

You can probably do that one at a time for the subvolumes you need to access (mostly “home”).

Note that this was from several years ago, so things might have changed.

On rethinking, my first reply might seem too abstract.

Assuming that you went with the defaults for setting up the LUKS encrypted LVM, then you mount that file system at “/mnt”
with:

mount /dev/mapper/system-root /mnt

and then, to access the “home” subvolume, you also need:

mount -o subvol=home /dev/mapper/system-root /mnt/home

I hope that’s more helpful.

I’m so glad I found this thread, this is exactly the same situation I ran into yesterday.

I followed nrickert’s instructions but sadly it didn’t work. After a bit of head scratching I made a slight change to his command line and it worked perfectly:

mount -o subvol=**/@/home** /dev/mapper/system-root /run/media/liveuser/95ba78c9-5ee1-4657-9250-d86fe281d75c/home

I simply added the entire subvol name that I found in fstab, and was shocked that I actually worked something out for myself!

Here’s my “Idiot’s Guide” (which is more for my own use once I’ve forgotten all this tomorrow!)


  1. Boot from a Linux Live Distro (I used Fedora KDE as sadly there’s no OpenSuse Live).

  2. Unlock & mount the encrypted disk with KDE Partition Manager (or any other Disk tool).

  3. Find the encrypted volume’s info with the following command:

sudo mount -l | grep system-root

It should spit the following info out:

**/dev/mapper/system-root** on **/run/media/liveuser/95ba78c9-5ee1-4657-9250-d86fe281d75c** type btrfs (rw,..........
  1. Extract your subvol names from the encrypted volume’s fstab file
sudo cat /run/media/liveuser/95ba78c9-5ee1-4657-9250-d86fe281d75c/etc/fstab | grep subvol

(for a complete listing)
or

cat /run/media/liveuser/95ba78c9-5ee1-4657-9250-d86fe281d75c/etc/fstab | grep home

(if you only want home)

You should see something like:

/dev/system/root  /var                    btrfs  subvol=/@/var                 0  0
/dev/system/root  /usr/local              btrfs  subvol=/@/usr/local           0  0
/dev/system/root  /srv                    btrfs  subvol=/@/srv                 0  0
/dev/system/root  /root                   btrfs  subvol=/@/root                0  0
/dev/system/root  /opt                    btrfs  subvol=/@/opt                 0  0
/dev/system/root  /home                   btrfs  subvol=**/@/home**                0  0
/dev/system/root  /boot/grub2/x86_64-efi  btrfs  subvol=/@/boot/grub2/x86_64-efi  0  0
/dev/system/root  /boot/grub2/i386-pc     btrfs  subvol=/@/boot/grub2/i386-pc  0  0
/dev/system/root  /.snapshots             btrfs  subvol=/@/.snapshots          0  0
      or
/dev/system/root  /home                   btrfs  subvol=**/@/home**                0  0
  1. Create your mount line using the above underlined info:
mount -o subvol=**/@/home** **/dev/mapper/system-root** **/run/media/liveuser/95ba78c9-5ee1-4657-9250-d86fe281d75c/home**
  1. You should now be able to access your data from
/run/media/liveuser/95ba78c9-5ee1-4657-9250-d86fe281d75c/home

Fine it worked for you. But why the

/run/media/liveuser/95ba78c9-5ee1-4657-9250-d86fe281d75c/home

Isn’t /mnt (or /mnt/home after you created that) easier. Types easier, found back and working on easier, does not get lost on shutdown (with the whole of /run).

Or do I miss something crucial here?

This was meant mainly for recovering files in an emergency situation, not permanently re-mounting.

The live distro in this case automatically mounts external devices under /run/media. It saves me having to create an entry in /mnt, and for me personally it’s easier and more convenient to have the files actually appear in their home folder where they belong in the original disk structure. YMMV. And of course I copy and paste, don’t type all that guff out.

I don’t have the time or patience to go searching through the root filesystem of a live distro to find them, only to then get confused later when trying to back up the files.

I get lost/confused very easily, it comes with age!