[dm-crypt] Shipping/Cloning encrypted disks

Robert Nichols rnicholsNOSPAM at comcast.net
Thu May 18 20:24:39 CEST 2017


On 05/18/2017 08:26 AM, vasili at keemail.me wrote:
> 1.: Filesystem image with non-encrypted boot and encrypted main filesystem.
>       The image should be dd'ed to a hdd or usb drive and resized to fill the whole drive. Then the master key will be changed with cryptsetup-reencrypt.

That's going to take at least 3 times as long as it needs to. The cryptsetup-reencrypt operation is slow. Because it's reading and writing the same disk, it takes about 2X the time it took to copy the original image.

Format the LUKS destination container, then open the source and destination containers and "dd" from one to the other. You've already got a new master key and whatever passphrase you chose at the destination. You can resize the filesystem after you've done the copying.

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.



More information about the dm-crypt mailing list