2024-08-12

You can mount Linux Ext or LUKS disks on Mac, Windows!

This is exciting! I’ve been looking for a disk format that works seamlessly across Mac, Windows, and Linux.  Something like a USB or disk image that mounts on all three desktop platforms.

The obvious choice is exFAT, but what if I want a modern disk format with journaling for data safety?

Ext4 is one option, although it used to be read-only on Macs (see Mounting Ext2/Ext3/Ext4 USB Flash Drives on Mac: Read Only Success). Maybe things have gotten better in the last 10 years?

And what if I want disk encryption?

VeraCrypt with an exFAT disk works: see Sharing TrueCrypt USB volume on 3 platforms: Mac, Windows, Linux.

But what if you want both encryption and a modern file system? I couldn't find a solution to this, until I found… 

 

linsk

In summary, linsk is an easy way to run an Alpine Linux VM using qemu to mount a disk within it, and then share that disk back out to your local host machine via a networking protocol.

So now you can mount an Ext4 disk, or a LUKS encrypted Ext4 disk, on your Mac or Windows machine!

The usage notes are so good, you can just look there for how to install and use.

Here's a quick use reference, more for my own reference than anything

How to use linsk to mount a Ext4 disk within a LUKS encrypted disk on macOS

Note: If you're not me, please read the linsk documentation first and understand it completely before proceeding below!  This assumes you installed linsk correctly, including qemu!


1. With the disk plugged into your Mac, make sure to unmount all volumes that macOS auto-mounts!!!

Warning Danger Caution Danger: If you don't unmount all volumes first, the following may delete, nuke, and destroy all your disk data.  macOS likes to repeatedly auto-mount any volume it sees, so after every step below, make sure to unmount those volumes again!!!  You'll see warnings to this effect from linsk in the terminal as well.


2. In Terminal, run: $ diskutil list

Find your disk and note its path: e.g. `/dev/diskX`

The value of `X` in `diskX` may change every time your Mac encounter the disk!

However, the LVM group/volume/luks-container names within that disk should be stable (unless intentionally changed), so in the future, you can skip down to the `linsk run` step 5 below if you're just re-mounting the same volume.


3. Find the LUKS volume to mount within diskX.  Run: $ sudo linsk ls dev:/dev/diskX

Note the `vda` drive you'd see are the system drives within Alpine Linux, so ignore those.

For this example, suppose: `vdb1` is the `crypto_LUKS` volume you're interested in.


4. Find the Ext4 volume inside the LUKS volume by running: $ sudo linsk ls dev:/dev/diskX --luks-container vdb1

Now suppose that `cryptcontainer` is the ext4 volume you want to mount.


5. Mount the ext4 volume. Run: $ sudo linsk run dev:/dev/diskX --luks-container vdb1 mapper/cryptcontainer


6. Alternatively, mount the ext4 volume and open a debug shell.  Run: $ sudo linsk run --debug-shell dev:/dev/diskX --luks-container vdb1 mapper/cryptcontainer

This will mount that volume and open a shell within the Alpine Linux VM so you can do whatever you want to that disk volume from within Linux.  Good for changing disk ownership or permissions as needed so your Mac can access it.


7. Mount the volume from macOS.

You can use Cmd+k to connect to the network volume that linsk / Alpine Linux sets up for you locally.

You can also use the Mac Terminal.  Run: $ mount_afp -i -o noowners afp://linsk@127.0.0.1:9000/linsk /Path/to/mountpoint

`sudo` is not needed and unhelpful here!

You might find the folders in the mounted volume do not have the right permissions for you to open them up.  You might try using `sudo chown` or `chmod`, etc., and find they don't work to fix this.  You might try `umask` on your Mac, and find they don't work.

If it's your own disk you want access to, you might as well just tell linsk to open up a debug shell into the Alpine Linux VM and change the permissions on the disk from there.

i.e. Run: $ sudo linsk run --debug-shell dev:/dev/diskX --luks-container vdb1 mapper/cryptcontainer

Then use the Linux chown/chmod tools as needed.

No comments: