Re: How to backup entire encrypted HDD?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 04/10/2013 11:12 PM, John Gomez wrote:

I have a 500GB HD encrypted with LUKS, partitioned with LVM (I think) and
formatted ext4. The /boot partition is on a USB stick. I want to make a backup
of the HDD. Say my first drive is /sda and the backup drive is /sdx and I want
the backup to go in /sdx3.

AFAIK, I have two choices;
1: Create an encrypted partition on /sdx say, /sdx3, mount and decrypt /sda,
then use rsync to copy the filesystem from /sda to /sdx3. Not the worst choice
but there are flaws.  What if I want to do this over a network?


Why is that an issue?  rsync will, by default, use ssh for the communication.


 What if I want
to do this on /sdx that is already partitioned? (If /sdx is already partitioned
I can not encrypt the partition /sdx3. Is this correct?)


Merely partitioned wouldn't be a problem, but if that partition already
contains a filesystem and data you want to preserve, then converting it
to encrypted would be a problem.  Recent versions of the cryptsetup
package do have the option to build an experimental cryptsetup-reencrypt
tool that can encrypt an existing partition, but it's a long and
delicate process.


2: Use dd (or GNU ddrescue or similar) using the parameters if=/sda
of=/sdx3/backup.img.  Then the problems are: how do I view the files?  This post
describes mounting an image of a partition:
http://www.rebelzero.com/howto/backup-and-restore-files-tofrom-a-luks-encrypted-partition-image-file/189.
Does anyone know a better way to do this?  Will this work for an image of the
entire drive?


You can work with the whole drive image, but it's a bit complicated,
and the steps depend on exactly how the source drive was set up and
whether LVM is involved.  The basic tools are "losetup" to map a
loop device to a file and "kpartx" to create device maps for the
partitions within a device.  I can't comment on the steps needed if
LVM is involved.

--
Bob Nichols     "NOSPAM" is really part of my email address.
                Do NOT delete it.

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux