[dm-crypt] cryptsetup FAQ montly posting 8/2011

Arno Wagner arno at wagner.name
Tue Aug 2 11:00:56 CEST 2011

On Tue, Aug 02, 2011 at 09:35:44AM +0200, Yves-Alexis Perez wrote:
> On mar., 2011-08-02 at 01:53 +0200, Arno Wagner wrote:
> > 
> >  * Can I resize a dm-crypt or LUKS partition?
> > 
> >   Yes, you can, as neither dm-crypt nor LUKS stores partition size.
> >   Whether you should is a different question. Personally I recommend
> >   backup, recreation of the encrypted partition with new size,
> >   recreation of the filesystem and restore. This gets around the
> >   tricky business of resizing the filesystem. Resizing a dm-crypt or
> >   LUKS container does not resize the filesystem in it. The backup is
> >   really non-optional here, as a lot can go wrong, resulting in
> >   partial or complete data loss. Using something like gparted to
> >   resize an encrypted partition is slow, but typicaly works. This
> >   will not change the size of the filesystem hidden under the
> >   encryption though.
> > 
> >   You also need to be aware of size-based limitations. The one
> >   currently relevant is that aes-xts-plain should not be used for
> >   encrypted container sizes larger than 2TiB. Use aes-xts-plain64
> >   for that. 
> It might be worth mentioning LVM setups for this?
> What I do is (exactly like the Debian installer ???setup encrypted LVM???
> does):
> - /dev/sda1 = /boot
> - /dev/sda2 -> dm-crypt -> /dev/mapper/sda2_crypt
> - /dev/mapper/sda2_crypt = physical volume for LVM
> then create a volume group in /dev/mapper/sda2_crypt and logical volumes
> in there. My advice would be to not use the full volume group space (I
> usually do 10G for /, 10G for /home and 1-2G for swap), then you can
> lvextend and resize2fs the stuff. Encryption doesn't get in the way.
> Regards,
> -- 
> Yves-Alexis

Well, conceptually it is a cliose topic. But I do not want to
make the "cryptsetup FAQ" redundant with the LVM documentation.
It is large enough as it is. If you have a URL that sums
up LVM (and the usage above) nicely, I could add that to
the FAQ, possibly in the section on RAID vs. encryption.

I am also thinking about doing some restructuring, mainly
to split "Backup" into "Backup" and "Disaster recovery",
but I could maybe add a section on "Encryption, LVM, RAID"
as well.

Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: Digital signature
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20110802/fefb2a94/attachment.asc>

More information about the dm-crypt mailing list