From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] cryptsetup-reencrypt: Specifying device size
Date: Thu, 23 Jul 2015 05:36:41 +0200 [thread overview]
Message-ID: <20150723033640.GA13945@tansi.org> (raw)
In-Reply-To: <55AF9E9C.4040300@babioch.de>
Milan needs to answer that. Let me just reming you that
doing an operation like that without current backup is
asking for trouble up to and including loss of all data.
Arno
On Wed, Jul 22, 2015 at 15:46:04 CEST, Karol Babioch wrote:
> Hi list,
>
> I'm wondering how safe it is to specify a device size when re-encrypting
> a block device using cryptsetup-reencrypt. In particular I would like to
> know if specifying a size smaller than the underlying block device might
> actually corrupt data?
>
> The man page mentions some warnings in regards to this option. In our
> use case the underlying block device is ~ 100G, while only 11G are
> actually used by filesystems on top of the block device. To speed things
> up we were thinking about a device size, e.g. something like 16G, so not
> the whole device needs to be re-encrypted.
>
> I'm not familiar enough with the LUKS internals, but I'm pretty sure
> that it is not filesystem aware, so it will only reencrypt the first
> 16GB of the device, while LVM and any filesystems may actually put data
> anywhere on the device.
>
> So am I right in assuming that providing a device size smaller than the
> actual block device size might lead to data corruption or is it safe to
> use it in the way described above?
>
> Best regards,
> Karol Babioch
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
next prev parent reply other threads:[~2015-07-23 3:36 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-22 13:46 [dm-crypt] cryptsetup-reencrypt: Specifying device size Karol Babioch
2015-07-22 14:42 ` Milan Broz
2015-07-23 3:36 ` Arno Wagner [this message]
2015-07-23 17:49 ` Robert Nichols
2015-07-24 9:06 ` Sven Eschenberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150723033640.GA13945@tansi.org \
--to=arno@wagner.name \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.