[dm-crypt] Cryptsetup-reencrypt failing with error with option --new reduce-device-size

Abhrajyoti Kirtania abhrajyoti at gmail.com
Tue Jun 24 18:53:58 CEST 2014


HI Ondrej/ Milan,
I have used gparted to resize the partition and able to create a new LUKS
enabled partition with --new option using reencrypt tool. Though i had used
reencrypt tool, after enabling the encryption, formatting (i.e mkfs.ext4)
is needed to mount that volume. So i loss all the data present onto the
partition.

*I am wondering, Is there any way to enable encryption (in-place) without
losing data from the partition with the help of cryptsetup-reencrypt or any
other option?*

Truly appreciate your kind support and guide please?

Thanks,
Abhrajyoti



On Fri, Jun 20, 2014 at 7:46 PM, Abhrajyoti Kirtania <abhrajyoti at gmail.com>
wrote:

> Thank you for the reply.
>
> How can i create unused space (shrink) at the end of original divide? As
> per the man page "fdisk -u /dev/sdb # move sdb1 partition end + 4096
> sectors" not giving expected result.
>
> Even i tried with resize2fs but not helping
>
> test at ubuntu:~/in-place$ sudo resize2fs /dev/sda8 4M
>
> resize2fs 1.42.5 (29-Jul-2012)
>
> resize2fs: New size smaller than minimum (45572)
>
>
> test at ubuntu:~/in-place$ sudo resize2fs /dev/sda8 8M
>
> resize2fs 1.42.5 (29-Jul-2012)
>
> resize2fs: New size smaller than minimum (45572)
>
>
>
>
>
>
>
>
> On Fri, Jun 20, 2014 at 6:59 PM, Ondrej Kozina <okozina at redhat.com> wrote:
>
>> On 06/20/2014 02:36 PM, Abhrajyoti Kirtania wrote:
>>
>>> HI,
>>> I able to build the crypt setup-reencrypt binary and trying to enable
>>> encryption on a particular partition with this tool, build failing with
>>> error like:
>>>
>>> *Cannot wipe header on device /dev/loop0. if i pass
>>> *--reduce-device-size as 1024. But if i pass this size as 4096 then
>>>
>>> getting the error as "Device /dev/loop0 is too small."
>>>
>>> Not sure what might be the root cause of this error. Truly appreciate
>>> your kind support?
>>>
>>> cryptsetup-reencrypt /dev/sda8 --new --reduce-device-size 1024 --debug
>>>
>>>
>>> WARNING: this is experimental code, it can completely break your data.
>>>
>>> # cryptsetup 1.6.4 processing "./abhra_new/sbin/cryptsetup-reencrypt
>>> /dev/sda8 --new --reduce-device-size 1024 --debug"
>>>
>>
>> Hi Abhrajyoti,
>>
>> you have to create enough space to fit new LUKS header during
>> reencryption of not yet encrypted device. The LUKS header is approximately
>> 1MiB in size (it differs and depends also on other parameters). The default
>> unit for --reduce-device-size is a byte. Try to use --reduce-device-size
>> 2048S (where 'S' stands for sectors). If I recall correctly
>> --reduce-device-size must be aligned to 512B (dm-crypt sector size) or
>> maybe even to page size (4 KiB).
>>
>> Be extremely careful with the --new option! You have to create unused
>> space at the end of the original device which is equal in size to
>> --reduce-device-size option. By term unused  I mean there are no real
>> filesystem data or any data important to you. Otherwise you will you loose
>> this data. The best to achieve this would be to actually extend the partion
>> or LV at its end exactly by intended --redude-device-size parameter first.
>>
>> Kind regards
>> Ondrej
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20140624/ff91731d/attachment.html>


More information about the dm-crypt mailing list