On Tue, Aug 02, 2011 at 09:35:44AM +0200, Yves-Alexis Perez wrote: > On mar., 2011-08-02 at 01:53 +0200, Arno Wagner wrote: > > > > * Can I resize a dm-crypt or LUKS partition? > > > > Yes, you can, as neither dm-crypt nor LUKS stores partition size. > > Whether you should is a different question. Personally I recommend > > backup, recreation of the encrypted partition with new size, > > recreation of the filesystem and restore. This gets around the > > tricky business of resizing the filesystem. Resizing a dm-crypt or > > LUKS container does not resize the filesystem in it. The backup is > > really non-optional here, as a lot can go wrong, resulting in > > partial or complete data loss. Using something like gparted to > > resize an encrypted partition is slow, but typicaly works. This > > will not change the size of the filesystem hidden under the > > encryption though. > > > > You also need to be aware of size-based limitations. The one > > currently relevant is that aes-xts-plain should not be used for > > encrypted container sizes larger than 2TiB. Use aes-xts-plain64 > > for that. > > It might be worth mentioning LVM setups for this? > > What I do is (exactly like the Debian installer ???setup encrypted LVM??? > does): > > - /dev/sda1 = /boot > - /dev/sda2 -> dm-crypt -> /dev/mapper/sda2_crypt > - /dev/mapper/sda2_crypt = physical volume for LVM > > then create a volume group in /dev/mapper/sda2_crypt and logical volumes > in there. My advice would be to not use the full volume group space (I > usually do 10G for /, 10G for /home and 1-2G for swap), then you can > lvextend and resize2fs the stuff. Encryption doesn't get in the way. > > Regards, > -- > Yves-Alexis Well, conceptually it is a cliose topic. But I do not want to make the "cryptsetup FAQ" redundant with the LVM documentation. It is large enough as it is. If you have a URL that sums up LVM (and the usage above) nicely, I could add that to the FAQ, possibly in the section on RAID vs. encryption. I am also thinking about doing some restructuring, mainly to split "Backup" into "Backup" and "Disaster recovery", but I could maybe add a section on "Encryption, LVM, RAID" as well. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
