On 07/22/2015 08:46 AM, Karol Babioch wrote:
Hi list, I'm wondering how safe it is to specify a device size when re-encrypting a block device using cryptsetup-reencrypt. In particular I would like to know if specifying a size smaller than the underlying block device might actually corrupt data? The man page mentions some warnings in regards to this option. In our use case the underlying block device is ~ 100G, while only 11G are actually used by filesystems on top of the block device. To speed things up we were thinking about a device size, e.g. something like 16G, so not the whole device needs to be re-encrypted.
I hope you are NOT saying that you have a filesystem larger than 16G there but 'du" reports that only 11G are used. If that were the case, then reencrypting just 16G would mean guaranteed destruction of the filesystem. You can test what would happen quite easily. Use "cryptsetup resize ..." to _temporarily_ limit the active mapping to 16GB. Then see if "fsck" still reports that all filesystem are OK. If so, then you can safely reencrypt just the first 16GB. If "fsck" complains about any filesystems, just close the container ("cryptsetup remove ...") and no damage is done. LUKS does not permanently record the size of the container; it will always default to the size of the underlying device or partition. -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt