[dm-crypt] Cryptsetup-reencrypt failing with error with option --new reduce-device-size
okozina at redhat.com
Fri Jun 20 15:29:48 CEST 2014
On 06/20/2014 02:36 PM, Abhrajyoti Kirtania wrote:
> I able to build the crypt setup-reencrypt binary and trying to enable
> encryption on a particular partition with this tool, build failing with
> error like:
> *Cannot wipe header on device /dev/loop0. if i pass
> *--reduce-device-size as 1024. But if i pass this size as 4096 then
> getting the error as "Device /dev/loop0 is too small."
> Not sure what might be the root cause of this error. Truly appreciate
> your kind support?
> cryptsetup-reencrypt /dev/sda8 --new --reduce-device-size 1024 --debug
> WARNING: this is experimental code, it can completely break your data.
> # cryptsetup 1.6.4 processing "./abhra_new/sbin/cryptsetup-reencrypt
> /dev/sda8 --new --reduce-device-size 1024 --debug"
you have to create enough space to fit new LUKS header during
reencryption of not yet encrypted device. The LUKS header is
approximately 1MiB in size (it differs and depends also on other
parameters). The default unit for --reduce-device-size is a byte. Try to
use --reduce-device-size 2048S (where 'S' stands for sectors). If I
recall correctly --reduce-device-size must be aligned to 512B (dm-crypt
sector size) or maybe even to page size (4 KiB).
Be extremely careful with the --new option! You have to create unused
space at the end of the original device which is equal in size to
--reduce-device-size option. By term unused I mean there are no real
filesystem data or any data important to you. Otherwise you will you
loose this data. The best to achieve this would be to actually extend
the partion or LV at its end exactly by intended --redude-device-size
More information about the dm-crypt