Decrypt and remove full disk encryption


I‘ve got a UCS VM with full disk encryption enabled. (UCS 4.4)
Now I would like to migrate the VM to another hypervisor and before that, I would like to decrypt and remove the encryption.
Is there any safe way to remove the full disk encryption completely?



you should ask the guy who enabled encryption. He might tell you what he did.

Up to now we can not even tell you which type of encryption you are talking about (disk encryption, traffic encrpytion, …) and how it was set up.

Sorry of not being a fortune teller…


Hi Christian,

well, I am the guy who did it :wink:

The VM has one disk, and I configured full disk encryption (as mentioned) with pre boot authentication during the initial setup of UCS.


Any ideas? Need more info? Or just impossible?


it is of course doable. You will need a lot of Linux knowledge do do so (image-base copying, re-write of the boot sector and so on).
And I can not guide you step by step as there are too many things to check before doing but as a rough draw:

  • Attach an additional disk (USB or whatever)
  • Boot the system in single use mode
  • Do image-based copying (dd) from the encrypted device to the new disk (if LVM you might use pvmove).
  • perform fsck on copied image
  • boot rescue disk
  • move image from additional disk to primary one, mount it and change /etc/fstab
  • Edit grub-configuration
  • re-write boot sector
    Reboot and hopefully thumbs up!


Oh, as an addition:

In case you are annoyed by the password requirement at power-on you might use a key instead- you can store this key on the /boot partition (unsecure!) or on an USB stick (somehow unsecure as well) but as you want to remove encryption I assume you do not care about this.

Check Linux documentation how to add a passphrase-less key and your boot will not stop for a passphrase.