[dm-crypt] cryptsetup-reencrypt: Specifying device size

Arno Wagner arno at wagner.name
Thu Jul 23 05:36:41 CEST 2015


Milan needs to answer that. Let me just reming you that 
doing an operation like that without current backup is
asking for trouble up to and including loss of all data.

Arno


On Wed, Jul 22, 2015 at 15:46:04 CEST, Karol Babioch wrote:
> Hi list,
> 
> I'm wondering how safe it is to specify a device size when re-encrypting
> a block device using cryptsetup-reencrypt. In particular I would like to
> know if specifying a size smaller than the underlying block device might
> actually corrupt data?
> 
> The man page mentions some warnings in regards to this option. In our
> use case the underlying block device is ~ 100G, while only 11G are
> actually used by filesystems on top of the block device. To speed things
> up we were thinking about a device size, e.g. something like 16G, so not
> the whole device needs to be re-encrypted.
> 
> I'm not familiar enough with the LUKS internals, but I'm pretty sure
> that it is not filesystem aware, so it will only reencrypt the first
> 16GB of the device, while LVM and any filesystems may actually put data
> anywhere on the device.
> 
> So am I right in assuming that providing a device size smaller than the
> actual block device size might lead to data corruption or is it safe to
> use it in the way described above?
> 
> Best regards,
> Karol Babioch
> 



> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier


More information about the dm-crypt mailing list