#3474 Issue open: Migrate LUKS disk as is, without setting a password phrase at the time of recovery¶

Labels: support / question

prontok opened issue at 2025-05-27 08:06:¶

Requesting support or just a question¶

BACKUP=NETFS

Platform¶

Linux x64

Output¶

Hello,
I use LUKS encryption on my server.
Maybe it is possible to get a copy of the operating system
and later restore it as is (with existing slots).
Is it possible without setting the LUKS password phrase
at the time of the restoration process?
I tried different options with values ​​in the
LUKS_CRYPTSETUP_OPTIONS variable,
but this did not give results.

Additional information¶

No response

jsmeix commented at 2025-05-27 14:07:¶

From what I see in the code in
https://github.com/rear/rear/blob/master/usr/share/rear/layout/prepare/GNU/Linux/160_include_luks_code.sh#L91
it seems there is support for some predefined password value.

As far as I understand the code that predefined password value
can be specified in the disklayout.conf file
in the crypt entries, see
https://github.com/rear/rear/blob/master/doc/user-guide/06-layout-configuration.adoc#luks-devices

LUKS Devices

crypt /dev/mapper/<name> ... [password=<password>] ...

Because I hope it is not possible to get a LUKS password
out of a running system, I assume it is not possible to store
a LUKS password during "rear mkrescue" in the disklayout.conf file.

So to provide a predefined LUKS password for "rear recover"
you would have to manually add it to disklayout.conf
from inside the running ReaR recovery system
before you launch "rear recover".

So this is likely not what you mean with "without setting the
LUKS password phrase at the time of the restoration process"
because you would have to manually add it to disklayout.conf
at the time of the restoration process.

Therefore I think the only way out could be
using the BLOCKCLONE backup method
which does basically 'dd' of a whole block device, see
https://github.com/rear/rear/blob/master/doc/user-guide/12-BLOCKCLONE.adoc

The BLOCKCLONE backup method is meanwhile rather old,
e.g. see in its documentation

GPT not supported (work in progress)
No UEFI support (work in progress)

and - as far as I can tell - it is likely not much used
(otherwise I would expect at least a few user issue reports)
so certain things may no longer work or may need some
adaptions and enhancements to make it work again.

I have no personal experience with the BLOCKCLONE backup method
so I cannot help much when there are issues in this area.

prontok commented at 2025-05-27 21:19:¶

@jsmeix Thank you for your response. I will try to study the code in the script 160_include_luks_code.sh
Thanks a lot again.

---

[Export of Github issue for rear/rear.]