How to change the LUKS2 disk encryption passphrase

LUKS2 disk encryption

Disk encryption is a crucial aspect of securing sensitive data on your computer. LUKS2 (Linux Unified Key Setup 2) is a popular disk encryption format used by many GNU/Linux distributions. Changing the disk encryption passphrase regularly is an essential practice to maintain data security. In this blog post, we will guide you through the process of how to change the LUKS2 disk encryption passphrase, ensuring your data remains protected.

Option 1: One-line solution to change the disk encryption password

If you are looking for a one-line universal way to change the LUKS2 disk encryption password in the terminal, copy and paste the following phrase in a terminal:

sudo cryptsetup luksChangeKey $(sudo blkid | awk -F':' '/crypto_LUKS/{ print $1 }')


If the commande above doesn’t work for you, you can try the same command but without ‘sudo’ as a root user. Otherwise, you can try to find the encrypted partition manually with the following command.

sudo lsblk | grep crypt

Note the partition name, for example ‘sda2’ or ‘nvme0n1p2’. Then change the encryption password by the following command:

sudo cryptsetup luksChangeKey /dev/nvme0n1p2

Please note that you will need to change ‘nvme0n1p2’ based on the output of the earlier command.

Option 2: Step-by-Step Guide to Changing the LUKS2 Disk Encryption Passphrase (GUI method)

The most popular GNU/Linux operating systems come with gnome-disk-utility (Disks) pre-installed. This includes a simple GUI method to change the disk encryption password. To do so, follow these steps:

Step 1: Open the tool Disks.
Step 2: Search for and click on the LUKS2-encrypted partition you want to change the passphrase for, which you can recognise by the lock icon.
Step 3: Click on the gear icon.
Step 4: Click on ‘Change passphrase …’.
Step 5: Enter the current passphrase and your new passphrase twice as prompted.
Step 6: Confirm the changes by clicking the ‘Change’ button.

Best practices and considerations

When changing your LUKS2 disk encryption passphrase, keep these best practices in mind:

  1. Choose a strong passphrase: Use a combination of uppercase and lowercase letters, numbers, and symbols.
  2. Memorise or securely store the new passphrase: Avoid writing it down in easily accessible places.
  3. Regularly update your passphrase: Set a reminder to change it periodically to maintain data security.


Changing the LUKS2 disk encryption passphrase is a critical step in maintaining the security of your sensitive data. By following the step-by-step guide outlined in this blog post, you know how to change the LUKS2 disk encryption passphrase and enhance the security of your system. Remember to choose a strong passphrase and keep it confidential. Take the necessary precautions to protect your data and enjoy the peace of mind that comes with robust disk encryption. A NovaCustom laptop with Dasharo coreboot firmware and LUKS2 disk encryption is the perfect combination for a more secure computer experience.