======LUKS Encrypted Partition======

----

=====Change LUKS Partition Password=====
  * Find the drive with the luks headers:<code bash>
cat /etc/crypttab
</code>
  * Find the partition using the disk label from the previous command:<code bash>
sudo fdisk -l /dev/sda
</code>
    * If it is listed by uuid, use:<code bash>
ls -l /dev/disk/by-uuid/{insert your uuid here}
</code>
  * Verify the Keyslots used:<code bash>
sudo cryptsetup luksDump /dev/sda5
</code>

  * Test passphrase:<code bash>
sudo cryptsetup --verbose open --test-passphrase /dev/sda5
</code>
  * Change Keyslot 0's key:<code bash>
sudo cryptsetup luksChangeKey /dev/sda5 -S 0
</code>
  * Verify new passphrase:<code bash>
sudo cryptsetup --verbose open --test-passphrase /dev/sda5
</code>

----

=====Unlock LUKS Partition from GRUB=====
  * Insert luks module:<code bash>
grub rescue> insmod luks
</code>
  * List all divices:<code bash>
grub rescue> ls
</code>
  * Mount encrypted ''%%/boot/%%'' partition:<code bash>
grub rescue> cryptomount (hd0,gpt2)
</code>
    * To use uuid instead, use the ''%%-u%%'' option:<code bash>
grub rescue> cryptomount -u 8f5fc81c-41bb-11ec-81d3-0242ac130003
</code>
  * Enter passphrase:<code bash>
Attempting to decrypt master key...
Enter passphrase for hd0,gpt2 (<disk uuid>):
</code>
  * Output on success:<code bash>
Slot 3 opened
</code>
  * Insert LVM Module:<code bash>
grub rescue> insmod lvm
</code>
  * Load module for normal boot:<code bash>
grub rescue> insmod normal
</code>
  * Boot:<code bash>
grub rescue> normal
</code>

----

=====Links=====
  * https://www.gnu.org/software/grub/manual/grub/html_node/Commands.html#Commands
  * https://www.gnu.org/software/grub/manual/grub/html_node/GRUB-only-offers-a-rescue-shell.html#GRUB-only-offers-a-rescue-shell