[dm-crypt] expanding encrypted volume/growing the volume
ross at biostat.ucsf.edu
Tue Sep 9 23:52:03 CEST 2014
My system uses LVM, with LUKS encryption on top of individual logical
volumes. The volume group has some free space, and I would like to
extend the volume and then grow the encrypted container and then the
file system on it.
When expanding I'll use free space that I don't believe has ever been
zeroed or random filled. It's possible it was used for a file system
at some point.
Is that much of a concern? The FAQ advises wipeing it, though the
only explicit reasons seem not much of a concern for space in a volume
group (but later there are references to attacks available if the
attacker can determine which sectors are unused). As far as I know
there is no way to access the unused area of the volume group (well,
except for mapping all physical device sectors in use and operating on
the remainder after somehow figuring out where metadata is kept), and
attempting to do so seems hazardous. It seems particularly hazardous
because there are active snapshots, and it seems possible they grab
cryptsetup resize /dev/VG/LV
the right way to expand the container once the LV is extended? Are
there any things I should look out for in the whole process? Do I
need to reboot or remount anywhere along the way for changes to take
effect? The filesystems are ext3 and reiser.
The software on the system is quite old, Debian Lenny + some
backports. cryptsetup is at 1.0.6 (Debian version 2:1.0.6-7) and the
kernel is 2.6.32 (which is a backport).
More information about the dm-crypt