table of contents
CRYPTSETUP-ERASE(8) | Maintenance Commands | CRYPTSETUP-ERASE(8) |
NAME¶
cryptsetup-erase, cryptsetup-luksErase - erase all keyslots
SYNOPSIS¶
cryptsetup erase [<options>]
<device>
cryptsetup luksErase [<options>]
<device>
DESCRIPTION¶
Erase all keyslots and make the LUKS container permanently inaccessible. Unless the device is configured with HW OPAL support you do not need to provide any password for this operation.
WARNING: This operation is irreversible.
WARNING: with --hw-opal-factory-reset ALL data is lost on the device, regardless of the partition it is ran on, if any, and regardless of any LUKS2 header backup, and does not require a valid LUKS2 header to be present on the device to run.
<options> can be [--header, --disable-locks, --hw-opal-factory-reset, --key-file].
OPTIONS¶
--batch-mode, -q
If the --verify-passphrase option is not specified, this option also switches off the passphrase verification.
--debug or --debug-json
If --debug-json is used, additional LUKS2 JSON data structures are printed.
--disable-locks
WARNING: Do not use this option unless you run cryptsetup in a restricted environment where locking is impossible to perform (where /run directory cannot be used).
--header <device or file storing the LUKS header>
--help, -?
--hw-opal-factory-reset
--key-file, -d name (LUKS2 with HW OPAL only)
If the name given is "-", then the secret will be read from stdin. In this case, reading will not stop at newline characters.
--usage
--version, -V
REPORTING BUGS¶
Report bugs at cryptsetup mailing list <cryptsetup@lists.linux.dev> or in Issues project section <https://gitlab.com/cryptsetup/cryptsetup/-/issues/new>.
Please attach output of the failed command with --debug option added.
SEE ALSO¶
Cryptsetup FAQ <https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions>
CRYPTSETUP¶
Part of cryptsetup project <https://gitlab.com/cryptsetup/cryptsetup/>.
2024-09-03 | cryptsetup 2.7.5 |