man7.org > Linux > man-pages

Linux/UNIX system programming training

cryptsetup-erase(8) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | REPORTING BUGS | SEE ALSO | CRYPTSETUP 

CRYPTSETUP-ERASE(8)       Maintenance Commands       CRYPTSETUP-ERASE(8)

NAME         top

       cryptsetup-erase, cryptsetup-luksErase - erase all keyslots

SYNOPSIS         top

       cryptsetup  erase [<options>] <device>
       cryptsetup luksErase [<options>] <device>

DESCRIPTION         top

       Erase all keyslots and make the LUKS container permanently
       inaccessible. Unless the device is configured with HW OPAL
       support you do not need to provide any password for this
       operation.

       WARNING: This operation is irreversible.

       WARNING: with --hw-opal-factory-reset ALL data is lost on the
       device, regardless of the partition it is ran on, if any, and
       regardless of any LUKS2 header backup, and does not require a
       valid LUKS2 header to be present on the device to run.

       <options> can be [--header, --disable-locks,
       --hw-opal-factory-reset, --key-file].

OPTIONS         top

       --batch-mode, -q
           Suppresses all confirmation questions. Use with care!

           If the --verify-passphrase option is not specified, this
           option also switches off the passphrase verification.

       --debug or --debug-json
           Run in debug mode with full diagnostic logs. Debug output
           lines are always prefixed by #.

           If --debug-json is used, additional LUKS2 JSON data
           structures are printed.

       --disable-locks
           Disable lock protection for metadata on disk. This option is
           valid only for LUKS2 and ignored for other formats.

           WARNING: Do not use this option unless you run cryptsetup in
           a restricted environment where locking is impossible to
           perform (where /run directory cannot be used).

       --header <device or file storing the LUKS header>
           Use to specify detached LUKS2 header when erasing HW OPAL
           enabled data device.

       --help, -?
           Show help text and default parameters.

       --hw-opal-factory-reset
           Erase ALL data on the OPAL self-encrypted device, regardless
           of the partition it is ran on, if any, and does not require a
           valid LUKS2 header to be present on the device to run. After
           providing correct PSID via interactive prompt or via
           --key-file parameter the device is erased. PSID is usually
           printed on the OPAL device label (either directly or as a QR
           code).

       --key-file, -d name (LUKS2 with HW OPAL only)
           Read the Admin PIN or PSID (with --hw-opal-factory-reset)
           from file depending on options used.

           If the name given is "-", then the secret will be read from
           stdin. In this case, reading will not stop at newline
           characters.

       --usage
           Show short option help.

       --version, -V
           Show the program version.

REPORTING BUGS         top

       Report bugs at cryptsetup mailing list
       <cryptsetup@lists.linux.dev> or in Issues project section
       <https://gitlab.com/cryptsetup/cryptsetup/-/issues/new>.

       Please attach output of the failed command with --debug option
       added.

SEE ALSO         top

       Cryptsetup FAQ
       <https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions>

       cryptsetup(8), integritysetup(8) and veritysetup(8)

CRYPTSETUP         top

       Part of cryptsetup project
       <https://gitlab.com/cryptsetup/cryptsetup/>. This page is part of
       the Cryptsetup ((open-source disk encryption)) project.
       Information about the project can be found at 
       ⟨https://gitlab.com/cryptsetup/cryptsetup⟩. If you have a bug
       report for this manual page, send it to dm-crypt@saout.de. This
       page was obtained from the project's upstream Git repository
       ⟨https://gitlab.com/cryptsetup/cryptsetup.git⟩ on 2024-06-14. (At
       that time, the date of the most recent commit that was found in
       the repository was 2024-06-11.) If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       man-pages@man7.org

cryptsetup 2.8.0-git           2023-12-22            CRYPTSETUP-ERASE(8)

Pages that refer to this page: cryptsetup(8)

HTML rendering created 2024-06-26 by Michael Kerrisk, author of The Linux Programming Interface.

For details of in-depth Linux/UNIX system programming training courses that I teach, look here.

Hosting by jambit GmbH.

Cover of TLPI