How to Resize a LUKS Encrypted File System.
Contents
- Introduction.
- Terminology.
- Setup Live CD to manage encrypted partitions.
- Resizing ~ Overview.
- Resizing in detail ~ Reduction.
- Resizing in detail ~ Enlargement
- References.
Introduction: Encryption seems to becoming more popular and one can install onto an encrypted hard drive with the Alternate CD.
There is no (obvious) option to add additional partitions such as either a /home or /data partition. Now a big part of this problem can be solved if you understand the partitioning options on the Alternate CD, I will save that for another how-to ....Guided - use entire disk and set up encrypted LVM
In the mean time, see this link : http://users.piuha.net/martti/comp/u...cryptolvm.html
Worse, I could not find any documentation on how to resize the encrypted partition after the installation .
Resizing your encrypted file system can not be done directly as of yet with Gparted as Gparted sees the encrypted partitions as unformatted space.
At this time, the crypt must be re-sized from a live CD in multiple steps, manually, from the command line.
It should go without saying, resizing your crypt may result in data loss Be sure to BACK UP your data first.
It may be easier to simply reinstall following the link above. Here it is again :
http://users.piuha.net/martti/comp/u...cryptolvm.html
For this how-to I used the default partitioning/encryption scheme. The LUKS crypt is called "crypt1" and I called the LV group "hardy" (the installer defaults to your hostname).
Terminology
Compartments within compartments.
LUKS = Linux Unified Key Setup.
While a detailed explanation of either LVM or encryption is beyond this how to, think of an encrypted system we have multiple containers, the crypt and LVM, and the file system. We need to resize each of those.
- Physical partition.
- Crypt.
- LVM ->
- Physical Volume.
- Logical Volume.
- File system.
Physical partition -> This is a partition on your hard drive to contain the LUKS crypt (The Alternate CD defaults to /dev/sda5 for encryption).
Crypt = LUKS then creates a crypt within the physical partition. The contents of the crypt are, of course, encrypted. The encrypted space is mapped to /dev/mapper/crypt1 , LVM is then used to create partitions within the crypt.
LVM = Logical Volume Management. LVM takes physical partitions (AKA Physical Volumes) and creates Logical Volumes, somewhat similar to a logical partition within an extended partition.
Physical Volume The (LVM) Physical Volume used for encryption is the LUKS crypt, which is mapped to /dev/mapper/crypt1.
Logical Volumes The (LVM) Physical Volume is divided into (LVM) Logical Volumes which are in turn used for / (root partition) and swap. Similar to logical partitions, these are contained within the (LVM) Physical Volume within (LUKS) crypt within the physical partition.
File system = ext3 (or swap) = The actual file system written onto the logical volumes.
Start by knowing your root partition and how you want to resize. Some helpful commands include :
Code:df -h sudo blkid sudo fdisk -l sudo cryptsetup status crypt1 sudo pvdisplay sudo lvdisplay mount free
Setup ~ Desktop (Live) CD, Adding the tools to manage encrypted partitions
1. Boot the live (Desktop) CD and install lvm2 and cryptsetup.
2. Load the cryptsetup module.Code:sudo apt-get update && sudo apt-get install lvm2 cryptsetup
2. Decrypt your file system.Code:sudo modprobe dm-crypt
4. Get the live CD to recognize (activate) your LVM.Code:sudo cryptsetup luksOpen /dev/sda5 crypt1
You can now manage your encrypted partitions, mount them, copy them, or perform maintenance (fsck, backup, resize).Code:sudo vgscan --mknodes sudo vgchange -ay
Resizing ~ Overview
The order of the next steps depends on if you are shrinking or enlarging your encrypted partition. Enlarging is somewhat easier as the defaults of many of the commands is to fill the available space.
Note: If you want to Enlarge your encrypted partition, although adding a second physical hard drive to LVM is "easy" I am not sure you could then add this to your Crypt (the Crypt must be on a single hard drive).
Shrink an encrypted partition
- Boot the desktop, live CD. Install & configure the tools (lvm2 and cryptsetup).
- Reduce the (root) file system with resize2fs.
- Reduce the (root) (LVM) Logical Volume with lvreduce.
- Reduce the (LVM) Physical Volume with pvresize.
- Reduce the Crypt with cryptsetup.
- Reduce the Partition storing the crypt with fdisk.
- Reboot to your encrypted hard drive ~ You should always reboot after changing your partition table with fdisk.
Enlarge an encrypted partition
- Boot the desktop, live CD. Use gparted (or any tool) to put unallocated space adjacent, and to the left of your Crypt partition.
- Enlarge the Partition storing the crypt with fdisk.
- Reboot ~ You should always reboot after changing your partition table with fdisk.
- Boot the desktop, live CD. Install & configure the tools (lvm2 and cryptsetup).
- Enlarge the Crypt with cryptsetup.
- Enlarge the (LVM) Physical Volume with pvresize.
- Enlarge the (root) (LVM) Logical Volume with lvresize.
- Enlarge the (root) file system with resize2fs.
- Reboot to your encrypted hard drive.
Detailed resizing ~ Shrinking an encrypted partition
1. Reduce the size of your file system with resize2fs (this tool works on ext2 and ext3 partitions). You need to check the file system before you can resize it.
Code:sudo e2fsck -f /dev/mapper/hardy-root sudo resize2fs -p /dev/mapper/hardy-root 5g
- Replace the "5g" with your intended size (in Gb) of your filesystem.
- The -p flag shows a progress hash.
Check that the file system is still intact with e2fsck.
Code:sudo e2fsck -f /dev/mapper/hardy-root
2. Reduce the size of your root (LVM) Logical Volume. The -L flag is how much you want to reduce the size of your (LVM) Logical Volume, so keep this in mind.
Display your (LVM) Logical Volumes with lvdisplay.
Note how much you need to reduce your root (LVM) Logical Volume by (in my case it was 4.3 Gb).Code:sudo lvdisplay
Code:sudo lvreduce -L -4.3G /dev/hardy/rootNote: You will need to change the "-4.3G" to the proper size to reduce your root (LVM) Logical Volume to your desired size.
Re-display your (LVM) Logical Volumes to check the final size is correct.
Code:sudo lvdisplay
3. Resize your (LVM) Physical Volume.
Remove the swap (LVM) Logical Volume. The (LVM) Physical Volume used by LVM can become "fragmented" in that the (LVM) Logical Volumes within the (LVM) Physical Volume are not always in order. There is no defragmentation tool, so if you may need to manually move the (LVM) Logical Volume (back up the data, delete the (LVM) Logical Volume, re-create a replacement (LVM) Logical Volume, restore data from backup).
Show the size of your (LVM) Physical Volume with pvdisplay.
Remove the swap (LVM) Logical Volume.Code:pvdisplay
Resize the (LVM) Physical Volume.Code:lvremove /dev/hardy/swap_1
Now we will restore (recreate) the swap (LVM) Logical Volume.Code:sudo pvresize --setphysicalvolumesize 5.6G /dev/mapper/crypt1
Set permissions of (LVM) Physical Volume to allow allocation (if needed).
Restore the swap (LVM) Logical Volume.Code:sudo pvchange -x y /dev/mapper/crypt1
Code:sudo lvcreate -L 512m -n swap_1 hardy sudo mkswap -L swap_1 /dev/hardy/swap1As the mkswap command finishes it will print the new uuid to the terminal.
Update fstab with new uuid (use any editor).
Code:sudo mount /dev/hardy/root /mntCopy-paste the new uuid from the terminal to fstab, updating the uuid for your swap partition.Code:gksu gedit /mnt//etc/fstab
Save and exit gedit.
Unmount the root (LVM) Logical Volume.
Re-lock the (LVM) Physical Volume after adding the swap (LVM) Logical Volume (locking the physical volume keeps it from changing).Code:sudo umount /mnt
Code:sudo pvchange -x n /dev/mapper/crypt1
4. Resize your crypt.
Show the size of your crypt with cryptsetup.
This shows the size of your crypt in sectors.Code:sudo cryptsetup status crypt1
Make note of the offset.
Resize with cryptsetup.offset: 2056 sectors
-o = offset (get this from the status command).Code:sudo cryptsetup -o 2056 -b 11800000 resize crypt1
-b = size in sectors. I had to do this by trial and error. After resizing I used Gparted to show the size of the crypt (System -> Administration -> Partition Editor ; select /dev/mapper/crypt1 from the pul down menu). Close gparted after confirming the new size of your crypt.
5. Resize your partitions with fdisk.
Unmount your LVM and crypt.
Now the scary part, use fdisk to manually resize your partitions.Code:sudo vgchange -an sudo cryptsetup luksClose crypt1
If you are unfamiliar with fdisk, I advise you read this link.
http://tldp.org/HOWTO/Partition/fdisk_partitioning.html
Note : fdisk does NOT overwrite data, so if you make a mistake you should be able to "undo" the changes.
List your partition information with fdisk.
WRITE THIS INFORMATION DOWN (or print it out).Code:sudo fdisk -l
Re-write your partition table. To do this, DELETE your partitions and RECREATE them, but in a smaller size.
You will need to delete and re-create ALL your LVM partitions within your crypt.
This was my fdisk session :Code:sudo fdisk /dev/sda
Cancel the "Authentication" dialog that appears (the live CD is trying to auto-mount your new partition).The number of cylinders for this disk is set to 1305.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)
Command (m for help): d
Partition number (1-5): 5
Command (m for help): d
Partition number (1-5): 2
Command (m for help): n
Command action
e extended
p primary partition (1-4)
e
Partition number (1-4): 2
First cylinder (32-1305, default 32):
Using default value 32
Last cylinder or +size or +sizeM or +sizeK (32-1305, default 1305): +6000M
Command (m for help): n
Command action
l logical (5 or over)
p primary partition (1-4)
l
First cylinder (32-761, default 32):
Using default value 32
Last cylinder or +size or +sizeM or +sizeK (32-761, default 761):
Using default value 761
Command (m for help): n
Command action
l logical (5 or over)
p primary partition (1-4)
p
Partition number (1-4): 3
First cylinder (762-1305, default 762):
Using default value 762
Last cylinder or +size or +sizeM or +sizeK (762-1305, default 1305):
Using default value 1305
Command (m for help): p
Disk /dev/sda: 10.7 GB, 10737418240 bytes
255 heads, 63 sectors/track, 1305 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x000a6bf9
Device Boot Start End Blocks Id System
/dev/sda1 * 1 31 248976 83 Linux
/dev/sda2 32 761 5863725 5 Extended
/dev/sda3 762 1305 4369680 83 Linux
/dev/sda5 32 761 5863693+ 83 Linux
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
<Say prayer here>
Reboot to your hard drive, enter your crypt password.
Detailed resizing ~ Enlarging an encrypted partition.
This section will be shorter, it is basically the reverse of the above. Enlarging is easier as the defaults resize the containers to the largest available space.
1. Boot a live CD and, using any tool, create a new partition, lets call it /dev/sda6 , next to and to the left of (after) your crypt.
2. Write random data to the new partition.
Make sure you have the correct partition for this command or you will overwrite your crypt.
Code:sudo dd if=/dev/urandom of=/dev/sda6You can run that command as many times as your paranoia requires.
3. Use fdisk as above to delete and then re-create a larger crypt partition.
4. Reboot to the live CD.
5. Install lvm2 and cryptsetup.
6. Load the cryptsetup module.Code:sudo apt-get update && sudo apt-get install lvm2 cryptsetup
7. Decrypt your file system.Code:sudo modprobe dm-crypt
8. Get the live CD to recognize (activate) your LVM.Code:sudo cryptsetup luksOpen /dev/sda5 crypt1
9. Resize the Crypt.Code:sudo vgscan --mknodes sudo vgchange -ay
10. Resize the (LVM) Physical volume.Code:sudo cryptsetup resize crypt1
11. Resize your root (LVM) Logical Volume.Code:sudo pvresize /dev/mapper/crypt1
Unlock the physical volume.
Resize your root (LVM) Logical Volume.Code:sudo pvchange -x y /dev/mapper/crypt1
Code:lvresize -L +4G /dev/hardy/rootNote: Change the +4G to the amount of space you are adding.
Re-lock the (LVM) Physical Volume.
12. Resize the filesystem.Code:sudo pvchange -x n /dev/mapper/crypt1
You can check the size of the file system by mounting it before and after resizing the file system and running df -h . DO NOT RESIZE A MOUNTED PARTITIONCode:sudo e2fsck -f /dev/mapper/hardy-root sudo resize2fs -p /dev/mapper/hardy-root
Before :After :Filesystem Size Used Avail Use% Mounted on
/dev/mapper/hardy-root 5.0G 2.1G 2.7G 45% /mnt12. Reboot to hard drive.Filesystem Size Used Avail Use% Mounted on
/dev/mapper/hardy-root 9.2G 2.1G 6.6G 24% /mnt
Note : With most of those commands the default was to resize by expanding to take up the available space. This is why expanding is easier then reducing.
Hope this helped,
bodhi.zazen
References :
LUKS wiki page :
http://www.saout.de/tikiwiki/tiki-in...LUKSPartitions
Managing encrypted partitions from a live CD :
http://www.ubuntugeek.com/rescue-an-...vm-volume.html
http://linuxwave.blogspot.com/2007/1...tu-livecd.html
man resize2fs :
http://linux.die.net/man/8/resize2fs
LVM :
- Setup : http://www.netadmintools.com/art365.html
- Extend: http://www.netadmintools.com/art366.html
- Shrink: http://www.netadmintools.com/art367.html
- http://www.spinics.net/lists/lvm/msg16476.html
- http://www.debuntu.org/how-to-instal...lvm-filesystem
fdisk :
Note : the first (and only comment at the time of this post) on this blog reads :
How to get the data back ?
BACK UP before your Resize.
Bookmarks