Page 1 of 5 123 ... LastLast
Results 1 to 10 of 41

Thread: How to: Resize an Encrypted Partition (LUKS)

  1. #1
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Thumbs down How to: Resize an Encrypted Partition (LUKS)

    How to Resize a LUKS Encrypted File System.




    Contents
    1. Introduction.
    2. Terminology.
    3. Setup Live CD to manage encrypted partitions.
    4. Resizing ~ Overview.
    5. Resizing in detail ~ Reduction.
    6. Resizing in detail ~ Enlargement
    7. References.




    Introduction: Encryption seems to becoming more popular and one can install onto an encrypted hard drive with the Alternate CD.

    Guided - use entire disk and set up encrypted LVM
    There is no (obvious) option to add additional partitions such as either a /home or /data partition. Now a big part of this problem can be solved if you understand the partitioning options on the Alternate CD, I will save that for another how-to ....

    In the mean time, see this link : http://users.piuha.net/martti/comp/u...cryptolvm.html


    Worse, I could not find any documentation on how to resize the encrypted partition after the installation .

    Resizing your encrypted file system can not be done directly as of yet with Gparted as Gparted sees the encrypted partitions as unformatted space.

    At this time, the crypt must be re-sized from a live CD in multiple steps, manually, from the command line.

    It should go without saying, resizing your crypt may result in data loss Be sure to BACK UP your data first.

    It may be easier to simply reinstall following the link above. Here it is again :

    http://users.piuha.net/martti/comp/u...cryptolvm.html

    For this how-to I used the default partitioning/encryption scheme. The LUKS crypt is called "crypt1" and I called the LV group "hardy" (the installer defaults to your hostname).


    Terminology

    Compartments within compartments.

    LUKS = Linux Unified Key Setup.

    While a detailed explanation of either LVM or encryption is beyond this how to, think of an encrypted system we have multiple containers, the crypt and LVM, and the file system. We need to resize each of those.

    • Physical partition.
    • Crypt.
    • LVM ->
      • Physical Volume.
      • Logical Volume.
    • File system.


    Physical partition -> This is a partition on your hard drive to contain the LUKS crypt (The Alternate CD defaults to /dev/sda5 for encryption).

    Crypt = LUKS then creates a crypt within the physical partition. The contents of the crypt are, of course, encrypted. The encrypted space is mapped to /dev/mapper/crypt1 , LVM is then used to create partitions within the crypt.

    LVM = Logical Volume Management. LVM takes physical partitions (AKA Physical Volumes) and creates Logical Volumes, somewhat similar to a logical partition within an extended partition.

    Physical Volume The (LVM) Physical Volume used for encryption is the LUKS crypt, which is mapped to /dev/mapper/crypt1.

    Logical Volumes The (LVM) Physical Volume is divided into (LVM) Logical Volumes which are in turn used for / (root partition) and swap. Similar to logical partitions, these are contained within the (LVM) Physical Volume within (LUKS) crypt within the physical partition.

    File system = ext3 (or swap) = The actual file system written onto the logical volumes.


    Start by knowing your root partition and how you want to resize. Some helpful commands include :

    Code:
    df -h
    
    sudo blkid
    
    sudo fdisk -l
    
    sudo cryptsetup status crypt1
    
    sudo pvdisplay
    
    sudo lvdisplay
    
    mount
    
    free

    Setup ~ Desktop (Live) CD, Adding the tools to manage encrypted partitions

    1. Boot the live (Desktop) CD and install lvm2 and cryptsetup.

    Code:
    sudo apt-get update && sudo apt-get install lvm2 cryptsetup
    2. Load the cryptsetup module.

    Code:
    sudo modprobe dm-crypt
    2. Decrypt your file system.

    Code:
    sudo cryptsetup luksOpen /dev/sda5 crypt1
    4. Get the live CD to recognize (activate) your LVM.

    Code:
    sudo vgscan --mknodes
    sudo vgchange -ay
    You can now manage your encrypted partitions, mount them, copy them, or perform maintenance (fsck, backup, resize).


    Resizing ~ Overview

    The order of the next steps depends on if you are shrinking or enlarging your encrypted partition. Enlarging is somewhat easier as the defaults of many of the commands is to fill the available space.

    Note: If you want to Enlarge your encrypted partition, although adding a second physical hard drive to LVM is "easy" I am not sure you could then add this to your Crypt (the Crypt must be on a single hard drive).

    Shrink an encrypted partition
    1. Boot the desktop, live CD. Install & configure the tools (lvm2 and cryptsetup).
    2. Reduce the (root) file system with resize2fs.
    3. Reduce the (root) (LVM) Logical Volume with lvreduce.
    4. Reduce the (LVM) Physical Volume with pvresize.
    5. Reduce the Crypt with cryptsetup.
    6. Reduce the Partition storing the crypt with fdisk.
    7. Reboot to your encrypted hard drive ~ You should always reboot after changing your partition table with fdisk.


    Enlarge an encrypted partition
    1. Boot the desktop, live CD. Use gparted (or any tool) to put unallocated space adjacent, and to the left of your Crypt partition.
    2. Enlarge the Partition storing the crypt with fdisk.
    3. Reboot ~ You should always reboot after changing your partition table with fdisk.
    4. Boot the desktop, live CD. Install & configure the tools (lvm2 and cryptsetup).
    5. Enlarge the Crypt with cryptsetup.
    6. Enlarge the (LVM) Physical Volume with pvresize.
    7. Enlarge the (root) (LVM) Logical Volume with lvresize.
    8. Enlarge the (root) file system with resize2fs.
    9. Reboot to your encrypted hard drive.



    Detailed resizing ~ Shrinking an encrypted partition

    1. Reduce the size of your file system with resize2fs (this tool works on ext2 and ext3 partitions). You need to check the file system before you can resize it.

    Code:
    sudo e2fsck -f /dev/mapper/hardy-root
    sudo resize2fs -p /dev/mapper/hardy-root 5g
    • Replace the "5g" with your intended size (in Gb) of your filesystem.
    • The -p flag shows a progress hash.


    Check that the file system is still intact with e2fsck.

    Code:
    sudo e2fsck -f /dev/mapper/hardy-root

    2. Reduce the size of your root (LVM) Logical Volume. The -L flag is how much you want to reduce the size of your (LVM) Logical Volume, so keep this in mind.

    Display your (LVM) Logical Volumes with lvdisplay.

    Code:
    sudo lvdisplay
    Note how much you need to reduce your root (LVM) Logical Volume by (in my case it was 4.3 Gb).

    Code:
    sudo lvreduce -L -4.3G /dev/hardy/root
    Note: You will need to change the "-4.3G" to the proper size to reduce your root (LVM) Logical Volume to your desired size.

    Re-display your (LVM) Logical Volumes to check the final size is correct.

    Code:
    sudo lvdisplay

    3. Resize your (LVM) Physical Volume.

    Remove the swap (LVM) Logical Volume. The (LVM) Physical Volume used by LVM can become "fragmented" in that the (LVM) Logical Volumes within the (LVM) Physical Volume are not always in order. There is no defragmentation tool, so if you may need to manually move the (LVM) Logical Volume (back up the data, delete the (LVM) Logical Volume, re-create a replacement (LVM) Logical Volume, restore data from backup).

    Show the size of your (LVM) Physical Volume with pvdisplay.

    Code:
    pvdisplay
    Remove the swap (LVM) Logical Volume.

    Code:
    lvremove /dev/hardy/swap_1
    Resize the (LVM) Physical Volume.

    Code:
    sudo pvresize --setphysicalvolumesize 5.6G /dev/mapper/crypt1
    Now we will restore (recreate) the swap (LVM) Logical Volume.

    Set permissions of (LVM) Physical Volume to allow allocation (if needed).

    Code:
    sudo pvchange -x y /dev/mapper/crypt1
    Restore the swap (LVM) Logical Volume.

    Code:
    sudo lvcreate -L 512m -n swap_1 hardy
    sudo mkswap -L swap_1 /dev/hardy/swap1
    As the mkswap command finishes it will print the new uuid to the terminal.

    Update fstab with new uuid (use any editor).

    Code:
    sudo mount /dev/hardy/root /mnt
    Code:
    gksu gedit /mnt//etc/fstab
    Copy-paste the new uuid from the terminal to fstab, updating the uuid for your swap partition.

    Save and exit gedit.

    Unmount the root (LVM) Logical Volume.

    Code:
    sudo umount /mnt
    Re-lock the (LVM) Physical Volume after adding the swap (LVM) Logical Volume (locking the physical volume keeps it from changing).

    Code:
    sudo pvchange -x n /dev/mapper/crypt1

    4. Resize your crypt.

    Show the size of your crypt with cryptsetup.

    Code:
    sudo cryptsetup status crypt1
    This shows the size of your crypt in sectors.

    Make note of the offset.

    offset: 2056 sectors
    Resize with cryptsetup.

    Code:
    sudo cryptsetup -o 2056 -b 11800000 resize crypt1
    -o = offset (get this from the status command).
    -b = size in sectors. I had to do this by trial and error. After resizing I used Gparted to show the size of the crypt (System -> Administration -> Partition Editor ; select /dev/mapper/crypt1 from the pul down menu). Close gparted after confirming the new size of your crypt.


    5. Resize your partitions with fdisk.

    Unmount your LVM and crypt.

    Code:
    sudo vgchange -an
    sudo cryptsetup luksClose crypt1
    Now the scary part, use fdisk to manually resize your partitions.

    If you are unfamiliar with fdisk, I advise you read this link.

    http://tldp.org/HOWTO/Partition/fdisk_partitioning.html

    Note : fdisk does NOT overwrite data, so if you make a mistake you should be able to "undo" the changes.

    List your partition information with fdisk.

    Code:
    sudo fdisk -l
    WRITE THIS INFORMATION DOWN (or print it out).

    Re-write your partition table. To do this, DELETE your partitions and RECREATE them, but in a smaller size.

    You will need to delete and re-create ALL your LVM partitions within your crypt.

    Code:
    sudo fdisk /dev/sda
    This was my fdisk session :

    The number of cylinders for this disk is set to 1305.
    There is nothing wrong with that, but this is larger than 1024,
    and could in certain setups cause problems with:
    1) software that runs at boot time (e.g., old versions of LILO)
    2) booting and partitioning software from other OSs
    (e.g., DOS FDISK, OS/2 FDISK)

    Command (m for help): d
    Partition number (1-5): 5

    Command (m for help): d
    Partition number (1-5): 2

    Command (m for help): n
    Command action
    e extended
    p primary partition (1-4)
    e
    Partition number (1-4): 2
    First cylinder (32-1305, default 32):
    Using default value 32
    Last cylinder or +size or +sizeM or +sizeK (32-1305, default 1305): +6000M

    Command (m for help): n
    Command action
    l logical (5 or over)
    p primary partition (1-4)
    l
    First cylinder (32-761, default 32):
    Using default value 32
    Last cylinder or +size or +sizeM or +sizeK (32-761, default 761):
    Using default value 761

    Command (m for help): n
    Command action
    l logical (5 or over)
    p primary partition (1-4)
    p
    Partition number (1-4): 3
    First cylinder (762-1305, default 762):
    Using default value 762
    Last cylinder or +size or +sizeM or +sizeK (762-1305, default 1305):
    Using default value 1305

    Command (m for help): p

    Disk /dev/sda: 10.7 GB, 10737418240 bytes
    255 heads, 63 sectors/track, 1305 cylinders
    Units = cylinders of 16065 * 512 = 8225280 bytes
    Disk identifier: 0x000a6bf9

    Device Boot Start End Blocks Id System
    /dev/sda1 * 1 31 248976 83 Linux
    /dev/sda2 32 761 5863725 5 Extended
    /dev/sda3 762 1305 4369680 83 Linux
    /dev/sda5 32 761 5863693+ 83 Linux

    Command (m for help): w
    The partition table has been altered!

    Calling ioctl() to re-read partition table.
    Syncing disks.
    Cancel the "Authentication" dialog that appears (the live CD is trying to auto-mount your new partition).


    <Say prayer here>

    Reboot to your hard drive, enter your crypt password.


    Detailed resizing ~ Enlarging an encrypted partition.

    This section will be shorter, it is basically the reverse of the above. Enlarging is easier as the defaults resize the containers to the largest available space.

    1. Boot a live CD and, using any tool, create a new partition, lets call it /dev/sda6 , next to and to the left of (after) your crypt.

    2. Write random data to the new partition.

    Make sure you have the correct partition for this command or you will overwrite your crypt.

    Code:
    sudo dd if=/dev/urandom of=/dev/sda6
    You can run that command as many times as your paranoia requires.

    3. Use fdisk as above to delete and then re-create a larger crypt partition.

    4. Reboot to the live CD.

    5. Install lvm2 and cryptsetup.

    Code:
    sudo apt-get update && sudo apt-get install lvm2 cryptsetup
    6. Load the cryptsetup module.

    Code:
    sudo modprobe dm-crypt
    7. Decrypt your file system.

    Code:
    sudo cryptsetup luksOpen /dev/sda5 crypt1
    8. Get the live CD to recognize (activate) your LVM.

    Code:
    sudo vgscan --mknodes
    sudo vgchange -ay
    9. Resize the Crypt.

    Code:
    sudo cryptsetup resize crypt1
    10. Resize the (LVM) Physical volume.

    Code:
    sudo pvresize /dev/mapper/crypt1
    11. Resize your root (LVM) Logical Volume.

    Unlock the physical volume.

    Code:
    sudo pvchange -x y /dev/mapper/crypt1
    Resize your root (LVM) Logical Volume.

    Code:
    lvresize -L +4G /dev/hardy/root
    Note: Change the +4G to the amount of space you are adding.

    Re-lock the (LVM) Physical Volume.

    Code:
    sudo pvchange -x n /dev/mapper/crypt1
    12. Resize the filesystem.

    Code:
    sudo e2fsck -f /dev/mapper/hardy-root
    sudo resize2fs -p /dev/mapper/hardy-root
    You can check the size of the file system by mounting it before and after resizing the file system and running df -h . DO NOT RESIZE A MOUNTED PARTITION

    Before :
    Filesystem Size Used Avail Use% Mounted on
    /dev/mapper/hardy-root 5.0G 2.1G 2.7G 45% /mnt
    After :
    Filesystem Size Used Avail Use% Mounted on
    /dev/mapper/hardy-root 9.2G 2.1G 6.6G 24% /mnt
    12. Reboot to hard drive.

    Note : With most of those commands the default was to resize by expanding to take up the available space. This is why expanding is easier then reducing.


    Hope this helped,

    bodhi.zazen



    References :

    LUKS wiki page :
    http://www.saout.de/tikiwiki/tiki-in...LUKSPartitions


    Managing encrypted partitions from a live CD :
    http://www.ubuntugeek.com/rescue-an-...vm-volume.html
    http://linuxwave.blogspot.com/2007/1...tu-livecd.html

    man resize2fs :
    http://linux.die.net/man/8/resize2fs


    LVM :



    fdisk :


    Note : the first (and only comment at the time of this post) on this blog reads :

    How to get the data back ?


    BACK UP before your Resize.
    Last edited by bodhi.zazen; March 19th, 2008 at 12:24 AM. Reason: Added information re: Enlarging Crypt
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  2. #2
    Join Date
    Feb 2006
    Location
    Kansas City, MO
    Beans
    1,106
    Distro
    Ubuntu

    Re: How to: Resize an Encrypted Partition (LUKS)

    Wow! Thanks for all the hard work in relaying this info!

  3. #3
    Join Date
    May 2008
    Beans
    4

    Smile Further considerations about resizing a live LUKS-encrypted LVM

    Hi Bodhi, thanks for this useful article. I have experimented further and it *seems* that the "cryptsetup resize" might be useless for a LUKS partition, at is *seems* that it uses the complete available partition size anyway. After I enlarged a partition holding a LUKS container (and rebooted), "cryptsetup status" for the container gave me the exact same numbers *before* and *after* "cryptsetup resize", so I truly wonder if it is of any use. The LUKS container was actually bigger than previously, so I assume it worked "automagically"

    Furthermore, I was able to successfully "hot extend" the encrypted LVM partition holding my complete live system *without* having to do it booting from a "live CD", but truly from the live system itself.

    I actually describe the process in an article at my ashram (in french, Google Translate or Babel fish may help you getting a truly poor translation into english

    Thanks for your article again.

  4. #4
    Join Date
    Nov 2006
    Beans
    5

    Talking Re: How to: Resize an Encrypted Partition (LUKS)

    thx a lot bodhi!! You saved me a lot of time !! This how-to works like a charm!

  5. #5
    Join Date
    Dec 2007
    Beans
    81

    Re: How to: Resize an Encrypted Partition (LUKS)

    Alright, after prayer, what do I do if I cannot boot? :'(

    When I tried to reboot, the passphrase query did not pop up, and eventually the computer opened in commandline mode, and i couldn't do anything anyways.

    EDIT: nm, turns out that everything was erased and I have to reinstall.
    Last edited by ShelJ; August 17th, 2008 at 06:20 AM. Reason: Problem sloved (sort of)
    If God needed a computer, He'd use Ubuntu!!

  6. #6
    Join Date
    Jan 2008
    Beans
    12

    Re: How to: Resize an Encrypted Partition (LUKS)

    Resize with cryptsetup.

    Code:
    sudo cryptsetup -o 2056 -b 11800000 resize crypt1
    -o = offset (get this from the status command).
    -b = size in sectors. I had to do this by trial and error. After resizing I used Gparted to show the size of the crypt (System -> Administration -> Partition Editor ; select /dev/mapper/crypt1 from the pul down menu). Close gparted after confirming the new size of your crypt.
    First thank you very much for this tutorial, I successfully shrinked my luks partition without problem.

    I would just like to add some informations about how to get the size when shrinking.

    In my case I didn't make use of LVM so I had an ext2 volume directly inside my luks partition.

    Therefore, the size to give to "cryptsetup resize" was the one of the shrinked ext2 volume, as given by the "resize2fs" command (the -M option is to automatically shrink the volume to the minimum size) :

    Code:
    sudo resize2fs -M -p /dev/mapper/bak
    resize2fs 1.41.3 (12-Oct-2008)
    Resizing the filesystem on /dev/mapper/bak to 7233658 (4k) blocks.
    Begin pass 2 (max = 5347914)
    Relocating blocks             XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    Begin pass 3 (max = 746)
    Scanning inode table          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    Begin pass 4 (max = 41)
    Updating inode references     XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    The filesystem on /dev/mapper/bak is now 7233658 blocks long.
    You can convert the number of blocks into a number of sectors using a simple golden rule.

    You can get the number of bytes per block with the command "sudo tune2fs -l /dev/mapper/bak", for instance.
    You can get the number of bytes per sector with "fdisk", for instance.
    I let you do the rest.


    To know which size to give to fdisk for the new partition (it's a little bit bigger than the luks partition, I don't know the exact rule), I simply noted the size of the partition before the operation and reduced it by the same amount as the luks partition had been shrinked by.

    It worked like a charm : I had a shrinked luks partition with 0 byte available (the goal, was to transfer its data to another partition, then delete it to recreate it somewhere else)

  7. #7
    Join Date
    Nov 2008
    Beans
    2

    Re: How to: Resize an Encrypted Partition (LUKS)

    Hi there! I wanted to know if this guide is correct for me or to guide me to accomplish something. Right now -- I currently have Ubuntu 8.10 full-disk encrypted LVM on the laptop. However, I'm trying to resize the HDD as to create free spaces for a new LVM + Cryptsetup + LUKS encrypted partition that I'd be able to access.

    Should I be installing Ubuntu on regular LVM then from there, to resize the LV to...20G then create the new VG + LV for encrypted partition? Lot of partitions surely got me confused.

    I only wanted to create a encrypted partition for my laptop (on one HDD) where I can storage my data in... in either encrypted LVM or regular LVM. Perhaps you can write a tutorial if you have the time? Please do advise. Thank you.
    Last edited by uRock; April 11th, 2012 at 12:03 AM. Reason: restored deleted content

  8. #8
    Join Date
    Jan 2009
    Beans
    5

    Re: How to: Resize an Encrypted Partition (LUKS)

    hey,
    unfortunately i have problems using cryptsetup resize.
    I'm trying to free some space for a windows installation.
    i'm following the steps descriped here. But after the cryptsetup resize i have the following problem:

    cryptsetup status shows the size the partition should have after the resize.
    if i close the cryptpartition with cryptsetup luksClose the partition has its old size in fdisk and when i remount the partition using the harddiskdetection function of the alternate cd (im installing from an alternate cd) the encrypted partition has its old size.

    any help is appreciated
    thanks,
    martin

  9. #9
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: How to: Resize an Encrypted Partition (LUKS)

    Quote Originally Posted by madmufflon View Post
    hey,
    unfortunately i have problems using cryptsetup resize.
    I'm trying to free some space for a windows installation.
    i'm following the steps descriped here. But after the cryptsetup resize i have the following problem:

    cryptsetup status shows the size the partition should have after the resize.
    if i close the cryptpartition with cryptsetup luksClose the partition has its old size in fdisk and when i remount the partition using the harddiskdetection function of the alternate cd (im installing from an alternate cd) the encrypted partition has its old size.

    any help is appreciated
    thanks,
    martin
    Can you please give us more details ? What is your set up ? Are you using LVM ? What command did you enter and what output are you looking at ?

    Did you read cbonar's post ?
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  10. #10
    Join Date
    Jan 2009
    Beans
    5

    Re: How to: Resize an Encrypted Partition (LUKS)

    thanks for your answer,

    i'm using the ubuntu 8.10 standart setup (installed via alternate cd), so I am using an LVM.
    I'm running a Dell Studio Notebook with a 250GiB harddisk. At the moment this harddisk is fully covered by my ubuntu 8.10 x64.

    I followed the orders to shrink my encrypted partition until step 5:
    Code:
    5. Resize your partitions with fdisk.
    
    Unmount your LVM and crypt.
    When trying to resize the partition using fdisk i come to that point:
    Command (m for help): d
    Partition number (1-5): 5

    Command (m for help): d
    Partition number (1-5): 2

    Command (m for help): n
    Command action
    e extended
    p primary partition (1-4)
    e
    Partition number (1-4): 2
    First cylinder (32-1305, default 32):
    Using default value 32
    Last cylinder or +size or +sizeM or +sizeK (32-1305, default 1305): +6000M
    (Other Values vor the cylinders, arround 70000 but only a short range) when i try to enter a value which fits for me (from 230 to arround 200gb) fdisk says something about "value out of range". Even for very small values (10gb or so) it does not work with the same error.
    If i let the harddiskrecognition of the Alernate CD detect the harddrives and mount the encrypted partition cryptsetup status sda5 says it has the old size ( the size before crpytsetup resize).

    I hope this enough information, if not, please let me now
    martin

Page 1 of 5 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •