cryptdisks_stop

cryptdisks_stop [-f] [-v] [mapper-name]

-f, --force
    Force unmapping even if device is busy or mounted

-v, --verbose
    Enable verbose output for debugging

mapper-name
    Specific device-mapper name to stop (e.g., crypt-root); omit to stop all

cryptdisks_stop is a helper script in Debian-based systems for safely tearing down dm-crypt (LUKS) device mapper mappings. Typically invoked during shutdown or reboot, it reverses the actions of cryptdisks_start, ensuring encrypted volumes are closed securely to prevent data leaks or corruption.

It scans for active mappings (named like crypt-root or from /etc/crypttab), attempts to unmount any filesystems on them, syncs data, detaches the device-mapper table via dmsetup, and closes the LUKS container with cryptsetup luksClose. This wipes decrypted data from RAM.

Running manually requires root privileges. Without arguments, it stops all eligible mappings; specify a mapper name to target one. Verbose mode aids debugging, while force option bypasses checks for busy devices (use cautiously).

Ideal for scripted shutdowns or recovery, it integrates with initramfs-tools and systemd for automated encrypted disk management.

Requires root privileges. May fail if devices are in use without -f, risking data loss. Not for non-LUKS dm-crypt setups.

cryptdisks_stop # Stop all
cryptdisks_stop -v crypt-home # Verbose stop specific
cryptdisks_stop -f crypt-swap # Force stop swap

Developed for Debian's cryptsetup package (circa 2007) to handle /etc/crypttab mappings in initramfs and shutdown scripts. Evolved with LUKS2 support in cryptsetup 2.0+.

cryptdisks_start, cryptsetup(8), dmsetup(8), luksClose(8)