(i) Please refer to EncryptedFilesystems for further documentation.

Introduction

Encryption seems to becoming more popular and the Alternate CD allows installation onto a LUKS encrypted root and swap partitions.

Resizing an encrypted partition is somewhat complicated. GUI tools such as Gparted see the LUKS container or crypt as unpartitioned space and thus resizing encrypted partitions must be performed entirely from the command line.

IconsPage/warning.png WARNING! Although unlikely (each step is reversible), resizing your encrypted partitions may result in data loss. BACKUP YOUR DATA FIRST

It may in fact be easier to re-install and restore your data from backup rather then attempt to resize your encrypted partition.

Terminology

Encrypted partitions are akin to a Russian Nesting Dolls and the terminology can be confusing. While a detailed explanation of either LVM or encryption is beyond this how to, think of an encrypted system we have multiple containers, the physical partition on the hard drive, the LUKS container or crypt, LVM, and the file system. We need to resize each of these containers in the proper order.

Setup ~ Desktop (Live) CD, Adding the tools to manage encrypted partitions

Resizing an encrypted partition must be performed from a live CD and support for encryption and LVM are not included on the live CD.

1. Boot the live (Desktop) CD and install lvm2 and cryptsetup.

sudo apt-get update && sudo apt-get install lvm2 cryptsetup

2. Load the cryptsetup module.

sudo modprobe dm-crypt

3. Decrypt your file system.

sudo cryptsetup luksOpen /dev/sda5 crypt1

4. Get the live CD to recognize (activate) your LVM.

sudo vgscan --mknodes
sudo vgchange -ay

You can now manage your encrypted partitions, mount them, copy them, or perform maintenance (fsck, backup, resize).

Resizing ~ Overview

The order of the steps depends on if you are shrinking or enlarging your encrypted partition. Enlarging is somewhat easier as the defaults of many of the commands is to fill the available space.

Enlarge an encrypted partition

  1. Boot the desktop, live CD. Use gparted (or any tool) to put unallocated space adjacent, and to the left of your Crypt partition.
  2. Enlarge the Partition storing the crypt with fdisk.

  3. Reboot ~ You should always reboot after changing your partition table with fdisk.

  4. Boot the desktop, live CD. Install & configure the tools (lvm2 and cryptsetup).

  5. Enlarge the Crypt with cryptsetup.

  6. Enlarge the (LVM) Physical Volume with pvresize.

  7. Enlarge the (root) (LVM) Logical Volume with lvresize.

  8. Enlarge the (root) file system with resize2fs.

  9. Reboot to your encrypted hard drive.

Reduce an encrypted partition

  1. Boot the desktop, live CD. Install & configure the tools (lvm2 and cryptsetup).

  2. Reduce the (root) file system with resize2fs.

  3. Reduce the (root) (LVM) Logical Volume with lvreduce.

  4. Reduce the (LVM) Physical Volume with pvresize.

  5. Reduce the Crypt with cryptsetup.

  6. Reboot to reduce the Partition storing the crypt with fdisk.

  7. Reboot to your encrypted hard drive ~ You should always reboot after changing your partition table with fdisk.

Detailed resizing ~ Reducing an encrypted partition

1. Reduce the size of your file system.

If you have an ext2 or ext3 filesystem, you can use resize2fs and you need to check the file system before you can resize it.

sudo e2fsck -f /dev/mapper/ubuntu--vg-root
sudo resize2fs -p /dev/mapper/ubuntu--vg-root 5g

Check that the file system is still intact with e2fsck.

sudo e2fsck -f /dev/mapper/ubuntu--vg-root

If you have a btrfs filesystem, you should instead use a command like:

btrfs filesystem resize -500m /dev/mapper/ubuntu--vg-root/@subvolume

You can verify that the shrink worked by running:

btrfs filesystem show -d

2. Reduce the size of your root (LVM) Logical Volume. The -L flag is how much you want to reduce the size of your (LVM) Logical Volume, so keep this in mind.

Display your (LVM) Logical Volumes with lvdisplay.

sudo lvdisplay

sudo lvreduce -L -4.3G /dev/ubuntu--vg/root

Re-display your (LVM) Logical Volumes to check the final size is correct.

sudo lvdisplay

3. Resize your (LVM) Physical Volume.

IconsPage/info.png The physical volume used by LVM can become "fragmented" in that the (LVM) Logical Volumes within the (LVM) Physical Volume are not always in order. There is no defragmentation tool, so if you may need to manually move the logical partitions (back up the data, delete the (LVM) Logical Volume, re-create a replacement (LVM) Logical Volume, restore data from backup).

In order to resize the (LVM) Physical Volume I had to manually move (delete then recreate) the swap (LVM) Logical Volume.

Show the size of your physical volume with pvdisplay

pvdisplay

Remove the swap (LVM) Logical Volume

lvremove /dev/ubuntu--vg/swap_1

Resize the (LVM) Physical Volume.

sudo pvresize --setphysicalvolumesize 5.6G /dev/mapper/crypt1

Now we will restore (recreate) the swap (LVM) Logical volume.

Set permissions of (LVM) Physical Volume to allow allocation (if needed)

sudo pvchange -x y /dev/mapper/crypt1

Restore the swap (LVM) Logical Volume.

sudo lvcreate -L 512m -n swap_1 ubuntu--vg
sudo mkswap -L swap_1 /dev/ubuntu--vg/swap_1

Update fstab with new uuid (use any editor)

4. Resize your crypt.

Show the size of your crypt with cryptsetup.

sudo cryptsetup status crypt1

Resize with cryptsetup. Note: nowadays the cryptsetup does not accept the -o parameter.

sudo cryptsetup -o 2056 -b 11800000 resize crypt1

5. Resize your partitions with fdisk.

Unmount your LVM and crypt :

sudo vgchange -an
sudo cryptsetup luksClose crypt1

Now the scary part, use fdisk to manually resize your partitions.

List your partition information with fdisk.

sudo fdisk -l

Re-write your partition table. To do this, use fdisk to DELETE your partitions and RECREATE them, but in a smaller size.

sudo fdisk /dev/sda

This was my fdisk session :

Cancel the "Authentication" dialog that appears (the live CD is trying to auto-mount your new partition).

The LVM partition's system id should also be changed to "Linux LVM":

Failure to do this may cause the beginning sector of the logical partition not to line up with where it used to be, and the LVM will be unreadable!

6. <Say prayer here> http://ubuntuforums.org/images/smilies/eusa_pray.gif

Reboot to your hard drive, enter your crypt password.

If all went well your system should boot normally.

Detailed resizing ~ Enlarging an encrypted partition

This section will be shorter, it is basically the reverse of the above. Enlarging is easier as the defaults resize the containers to the largest available space.

1. Boot a live CD and, using any tool, using any tool create a new partition, lets call it /dev/sda6 , next to and to the left of (after) your crypt.

2. Write random data to the new partition with dd.

sudo dd if=/dev/urandom of=/dev/sda6

3. Use fdisk as above to delete and then re-create a larger crypt partition.

4. Reboot to the live CD.

5. Install lvm2 and cryptsetup

sudo apt-get update && sudo apt-get install lvm2 cryptsetup

6. Load the cryptsetup module.

sudo modprobe dm-crypt

7. Decrypt your file system.

sudo cryptsetup luksOpen /dev/sda5 crypt1

8. Get the live CD to recognize (activate) your LVM.

sudo vgscan --mknodes
sudo vgchange -ay

9. Resize the Crypt.

sudo cryptsetup resize crypt1

10. Resize the (LVM) Physical Volume.

sudo pvresize /dev/mapper/crypt1

11. Resize your root (LVM) Logical Volume.

12. Resize the filesystem.

sudo e2fsck -f /dev/mapper/ubuntu--vg-root
sudo resize2fs -p /dev/mapper/ubuntu--vg-root

13. <Say prayer here> http://ubuntuforums.org/images/smilies/eusa_pray.gif

Reboot to your hard drive, enter your crypt password.

If all went well your system should boot normally.

Note : With most of those commands the default was to resize by expanding to take up the available space. This is why expanding is easier then reducing.

Alternatives for different situations (LVM, jfs)

Some different steps are needed with different filesystems, LVM etc. Sometimes there's no need to reboot or even umount.

For example, I just enlarged an encrypted jfs volume under LVM like this (logical volume /dev/vg00/extra encrypted as extra_crypt and mounted on /extra):

lvextend -L820G /dev/vg00/extra
cryptsetup resize extra_crypt
mount -o remount,resize /extra/

That's all - no fsck's, umounts or reboots needed.

For ext3/ext4 filesystem it should work similarly, just use resize2fs instead of the remount.

References

LUKS wiki page :

Manage encrypted partitions from a live CD :

man resize2fs :

LVM :

fdisk :

Note : The first (and only comment at the time of this post) on this blog reads

How to get the data back ?

BACK UP before your Resize.


ResizeEncryptedPartitions (last edited 2015-06-17 02:10:08 by 27)