X-Git-Url: http://git.annexia.org/?a=blobdiff_plain;f=fish%2Fguestfish.pod;h=bfcec5cc88aac2f36beb8a1af6918435f97be8a7;hb=945e569db64ab2608b21feba0aa94044c9835ac3;hp=86dcf58c7cc2128926ae77f180af843476af97d4;hpb=581a7965faa5bf242ab3f8b7c259ab17c2e967f4;p=libguestfs.git

diff --git a/fish/guestfish.pod b/fish/guestfish.pod
index 86dcf58..bfcec5c 100644
--- a/fish/guestfish.pod
+++ b/fish/guestfish.pod
@@ -530,6 +530,39 @@ it, eg:
 
  echo "~"
 
+=head1 ENCRYPTED DISKS
+
+Libguestfs has some support for Linux guests encrypted according to
+the Linux Unified Key Setup (LUKS) standard, which includes nearly all
+whole disk encryption systems used by modern Linux guests.  Currently
+only LVM-on-LUKS is supported.
+
+Identify encrypted block devices and partitions using L</vfs-type>:
+
+ ><fs> vfs-type /dev/sda2
+ crypto_LUKS
+
+Then open those devices using L</luks-open>.  This creates a
+device-mapper device called C</dev/mapper/luksdev>.
+
+ ><fs> luks-open /dev/sda2 luksdev
+ Enter key or passphrase ("key"): <enter the passphrase>
+
+Finally you have to tell LVM to scan for volume groups on
+the newly created mapper device:
+
+ ><fs> vgscan
+ ><fs> vg-activate-all true
+
+The logical volume(s) can now be mounted in the usual way.
+
+Before closing a LUKS device you must unmount any logical volumes on
+it and deactivate the volume groups by calling C<vg-activate false VG>
+on each one.  Then you can close the mapper device:
+
+ ><fs> vg-activate false /dev/VG
+ ><fs> luks-close /dev/mapper/luksdev
+
 =head1 WINDOWS PATHS
 
 If a path is prefixed with C<win:> then you can use Windows-style