[dm-crypt] How to backup entire encrypted HDD?
rnicholsNOSPAM at comcast.net
Thu Apr 11 15:47:25 CEST 2013
On 04/10/2013 11:12 PM, John Gomez wrote:
> I have a 500GB HD encrypted with LUKS, partitioned with LVM (I think) and
> formatted ext4. The /boot partition is on a USB stick. I want to make a backup
> of the HDD. Say my first drive is /sda and the backup drive is /sdx and I want
> the backup to go in /sdx3.
> AFAIK, I have two choices;
> 1: Create an encrypted partition on /sdx say, /sdx3, mount and decrypt /sda,
> then use rsync to copy the filesystem from /sda to /sdx3. Not the worst choice
> but there are flaws. What if I want to do this over a network?
Why is that an issue? rsync will, by default, use ssh for the communication.
> What if I want
> to do this on /sdx that is already partitioned? (If /sdx is already partitioned
> I can not encrypt the partition /sdx3. Is this correct?)
Merely partitioned wouldn't be a problem, but if that partition already
contains a filesystem and data you want to preserve, then converting it
to encrypted would be a problem. Recent versions of the cryptsetup
package do have the option to build an experimental cryptsetup-reencrypt
tool that can encrypt an existing partition, but it's a long and
> 2: Use dd (or GNU ddrescue or similar) using the parameters if=/sda
> of=/sdx3/backup.img. Then the problems are: how do I view the files? This post
> describes mounting an image of a partition:
> Does anyone know a better way to do this? Will this work for an image of the
> entire drive?
You can work with the whole drive image, but it's a bit complicated,
and the steps depend on exactly how the source drive was set up and
whether LVM is involved. The basic tools are "losetup" to map a
loop device to a file and "kpartx" to create device maps for the
partitions within a device. I can't comment on the steps needed if
LVM is involved.
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
More information about the dm-crypt