[dm-crypt] cryptsetup-reencrypt: Specifying device size

Karol Babioch karol at babioch.de
Wed Jul 22 15:46:04 CEST 2015


Hi list,

I'm wondering how safe it is to specify a device size when re-encrypting
a block device using cryptsetup-reencrypt. In particular I would like to
know if specifying a size smaller than the underlying block device might
actually corrupt data?

The man page mentions some warnings in regards to this option. In our
use case the underlying block device is ~ 100G, while only 11G are
actually used by filesystems on top of the block device. To speed things
up we were thinking about a device size, e.g. something like 16G, so not
the whole device needs to be re-encrypted.

I'm not familiar enough with the LUKS internals, but I'm pretty sure
that it is not filesystem aware, so it will only reencrypt the first
16GB of the device, while LVM and any filesystems may actually put data
anywhere on the device.

So am I right in assuming that providing a device size smaller than the
actual block device size might lead to data corruption or is it safe to
use it in the way described above?

Best regards,
Karol Babioch

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20150722/2b9e679a/attachment.asc>


More information about the dm-crypt mailing list