[dm-crypt] cryptsetup FAQ montly posting 8/2011

Yves-Alexis Perez corsac at corsac.net
Tue Aug 2 09:35:44 CEST 2011

On mar., 2011-08-02 at 01:53 +0200, Arno Wagner wrote:
>  * Can I resize a dm-crypt or LUKS partition?
>   Yes, you can, as neither dm-crypt nor LUKS stores partition size.
>   Whether you should is a different question. Personally I recommend
>   backup, recreation of the encrypted partition with new size,
>   recreation of the filesystem and restore. This gets around the
>   tricky business of resizing the filesystem. Resizing a dm-crypt or
>   LUKS container does not resize the filesystem in it. The backup is
>   really non-optional here, as a lot can go wrong, resulting in
>   partial or complete data loss. Using something like gparted to
>   resize an encrypted partition is slow, but typicaly works. This
>   will not change the size of the filesystem hidden under the
>   encryption though.
>   You also need to be aware of size-based limitations. The one
>   currently relevant is that aes-xts-plain should not be used for
>   encrypted container sizes larger than 2TiB. Use aes-xts-plain64
>   for that. 

It might be worth mentioning LVM setups for this?

What I do is (exactly like the Debian installer “setup encrypted LVM”

- /dev/sda1 = /boot
- /dev/sda2 -> dm-crypt -> /dev/mapper/sda2_crypt
- /dev/mapper/sda2_crypt = physical volume for LVM

then create a volume group in /dev/mapper/sda2_crypt and logical volumes
in there. My advice would be to not use the full volume group space (I
usually do 10G for /, 10G for /home and 1-2G for swap), then you can
lvextend and resize2fs the stuff. Encryption doesn't get in the way.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20110802/33f4365d/attachment.asc>

More information about the dm-crypt mailing list