On 07/22/2015 08:46 AM, Karol Babioch wrote:
Hi list,
I'm wondering how safe it is to specify a device size when re-encrypting
a block device using cryptsetup-reencrypt. In particular I would like to
know if specifying a size smaller than the underlying block device might
actually corrupt data?
The man page mentions some warnings in regards to this option. In our
use case the underlying block device is ~ 100G, while only 11G are
actually used by filesystems on top of the block device. To speed things
up we were thinking about a device size, e.g. something like 16G, so not
the whole device needs to be re-encrypted.
I hope you are NOT saying that you have a filesystem larger than 16G
there but 'du" reports that only 11G are used. If that were the case,
then reencrypting just 16G would mean guaranteed destruction of the
filesystem.
You can test what would happen quite easily. Use "cryptsetup resize ..."
to _temporarily_ limit the active mapping to 16GB. Then see if "fsck"
still reports that all filesystem are OK. If so, then you can safely
reencrypt just the first 16GB. If "fsck" complains about any
filesystems, just close the container ("cryptsetup remove ...") and no
damage is done. LUKS does not permanently record the size of the
container; it will always default to the size of the underlying device
or partition.
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
