[dm-crypt] LUKS is written to a device with no partition table. Is it possible to add a partition table?

Ralf Ramsauer ralf+dm at ramses-pyramidenbau.de
Tue Apr 19 22:20:18 CEST 2016


Hi,

On 04/19/2016 10:06 PM, Arno Wagner wrote:
> First,
>
> please do not post HTML email to the list. 
>
> Second, while it is possible to add a partition table
> without backup, it is an extremely dangerous operation, 
> dangerous enough that your chances of doing so successfully 
> are near zero if you have to ask how to do it. I strongly
> recommend against trying. 
>
> Now, if you want to lose all data, here is what you can try:
> 1. Resize filesystem in LUKS container to half device size.
Joe has 2.8/4 TiB in use. I think it only works in-situ which is at
least as double as dangerous as your approach :-)
> 2. Move LUKS container to end
> 3. Create partition table and a partition that covers 1st half 
>    of the device. Create LUKS container and in it a 
>    filesystem in that partition.
> 4. Mount LUKS container in 2nd half of disk (using offset)
>    and LUKS conteiner in partition. 
> 5. Copy all data from filesystem in LUKS container in 2nd half 
>    of disk to filesystem in LUKS conteiner in 1st half.
> 6. Unmap container in 2nd half of disk.
> 7. Create 2nd partition covering 2nd half of disk and
>    put filesystem in there.
I second, this sounds a bit safer than my idea. Maybe it is possible to
backup 800GiB of data to follow Arnos solution.

  Ralf
>
> If you make one tiny mistake anywhere, chances are your 
> data is gone. Do not try this without full, current backup.
>
> Regards,
> Arno
>
>
> On Tue, Apr 19, 2016 at 21:08:37 CEST, Joe Hillenbrand wrote:
>>    I posted this to [1]https://gitlab.com/cryptsetup/cryptsetup/issues/292
>>    but now I'm worried that might not be the appropriate place to ask
>>    questions.
>>    I have a 12TB hardware RAID5 external hard drive array.
>>    I had initially planned to only ever encrypt data to the device, but
>>    now I need about half encrypted and half not.
>>    The device is `/dev/sdd`. It mounts as `fatty`.
>>    There is no partition table.
>>    Â Â Â  # dd if=/dev/sdd | hexdump -C | head -1
>>    Â Â Â  00000000Â  4c 55 4b 53 ba be 00 01Â  61 65 73 00 00 00 00 00Â
>>    |LUKS....aes.....|
>>    Â Â Â  # parted /dev/sdd
>>    Â Â Â  GNU Parted 3.2
>>    Â Â Â  Using /dev/sdd
>>    Â Â Â  Welcome to GNU Parted! Type 'help' to view a list of commands.
>>    Â Â Â  (parted)
>>    print                                Â
>>    Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  Â
>>    Â Â Â  Error: /dev/sdd: unrecognised disk label
>>    Â Â Â  Model: ORICO H/ W RAID5
>>    (scsi)Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
>>     Â Â Â Â Â Â Â Â  Â
>>    Â Â Â  Disk /dev/sdd: 12.0TB
>>    Â Â Â  Sector size (logical/physical): 512B/4096B
>>    Â Â Â  Partition Table: unknown
>>    Â Â Â  Disk Flags:
>>    As you can see LUKS starts at the first byte of the device.
>>    There is a btrfs filesystem on the LUKS device and I resized it down to
>>    4TB.
>>    Â Â Â  # cryptsetup status fatty
>>    Â Â Â  /dev/mapper/fatty is active.
>>    Â Â Â Â Â  type:Â Â Â  LUKS1
>>    Â Â Â Â Â  cipher:Â  aes-xts-plain64
>>    Â Â Â Â Â  keysize: 256 bits
>>    Â Â Â Â Â  device:Â  /dev/sdd
>>    Â Â Â Â Â  offset:Â  4096 sectors
>>    Â Â Â Â Â  size:Â Â Â  23441764352 sectors
>>    Â Â Â Â Â  mode:Â Â Â  read/write
>>    Â Â Â  # btrfs filesystem show /dev/mapper/fatty
>>    Â Â Â  Label: 'fatty'Â  uuid: XXX-XX-XX-XX-XXXXXXXXX
>>    Â Â Â Â Â Â Â  Total devices 1 FS bytes used 2.75TiB
>>            devid    1 size 4.00TiB used 2.80TiB path
>>    /dev/mapper/fatty
>>    I can't really move the data anywhere, because it's too big and would
>>    require buying more hardware.
>>    Is it possible to add a partition table without losing the data?
>>
>> References
>>
>>    1. https://gitlab.com/cryptsetup/cryptsetup/issues/292
>> _______________________________________________
>> dm-crypt mailing list
>> dm-crypt at saout.de
>> http://www.saout.de/mailman/listinfo/dm-crypt
>



More information about the dm-crypt mailing list