On Sat, Mar 07, 2009 at 02:24:11PM -0600, Steve Costaras wrote: > > I change out drives often for various reasons (failure, capacity > expansion, et al). The idea came up to encrypt all data on the drives > to mitigate the possibility that when drives leave there is anything on > them that is usable. > > The issue at hand is how does (if at all) dmcrypt will support expansion > of block devices. Basically, all drives are attached to hardware raid > controllers. Those controllers present to the OS large volumes (say > 10TB+) for each 'drive' that dmcrypt would see. This then would get > put into lvm2 to be carved up as needed. Functionally when we > outgrow a technology (say 1TB drives with 2TB ones) we would swap out > the drives in the array. This would make a 10TB 'disk' appear as a > 20TB disk to dmcrypt. If I use this to encrypt each volume would > dmcrypt be able to expand to the non-encrypted space or will it just > flake out when it sees that the drive it's trying to encrypt has changed > size? Well, dm-crypt does not care about device size. It en-/de-crypts one device with the passphrase given. As dm-crypt has no metadate, the actual device size is not and cannot be stored anywere. It is also entirely immaterial for its operation. As far as I remember, the same is true for LUKS. Take care, however, that there are plans to implement a LUKS header copy backup at the end of the device. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
