How to shrink an LUKS encrypted partition?

Similar Messages

• [SOLVED] Booting a luks encrypted system directly from UEFI firmware

  I've been struggling somewhat with my first UEFI machine (a Toshiba laptop).
  The wiki got me to a basic four-partition install okay, and then after a small amount of pain I managed to get a build booted okay from gummiboot and with with root, swap and home luks-encrypted.
  What I'm trying to do now is boot directly from the UEFI using an appropriate firmware entry, ie with something like what's described in the EFISTUB Wiki page:
  # efibootmgr -d /dev/sdX -p Y -c -L "Arch Linux" -l /vmlinuz-linux -u "root=/dev/sda2 rw initrd=/initramfs-linux.img"
  ...but I've been unable to achieve this with luks-encrypted partitions. Has anyone here had any success? Is there a "-u" parameter in the above command that will achieve this? I've certainly not found anything online explaining how this can be done, so maybe I'm being unrealistic and expecting too much.
  Last edited by bananabrain (2015-06-18 14:45:56)

  Head_on_a_Stick wrote:
  Try this (untested -- I don't use encryption):
  # efibootmgr -d /dev/sdX -p Y -c -L "Arch Linux" -l /vmlinuz-linux -u "cryptdevice=UUID=<UUID>:<mapped-name> root=UUID=<luks-UUID> rw initrd=/initramfs-linux.img"
  You're a star - that works perfectly.
  I wondered about lifting that syntax from "$esp/loader/entries/arch-encrypted.conf" in my last instalation but stupidly thought it was gummiboot-specific.
  I'm as surprised that I couldn't find your solution on the web as I am that so few people seem interested in using UEFI firmware in this way. It seems like PC hardware has at last "grown up", with a versatile firmware that must have been a long time in collaborative development - something akin to Sun's OpenBoot - but the community's response has been to create another raft of boot loaders to sit on top of it. Maybe I'm missing something.
  Thanks very much for your help.

• [solved] kernel 2.6.27 - open LUKS encrypted root partition fails

  Hi,
  after updating to kernel 2.6.27 the passphrase for my LUKS encrypted root partition does not work anymore.
  I get this error messages:
  Enter LUKS passphrase:
  device-mapper: table: 254:0 crypt: Error allocating crypto tfm
  device-mapper: ioctl: error adding target to table
  device-mapper: ioctl: device doesn't appear to be in the dev hash table.
  Command failed: No key available with this passphrase.
  Enter LUKS passphrase:
  With a old (2.6.25) vanilla kernel it works.
  any ideas?
  EDIT
  Solved.
  The Problem was that I had this line in my mkinitcpio.conf to get rid of the padlock-error-message at boot.
  #CRYPTO_MODULES="aes_i586 aes_generic sha256_generic"
  With kernel 2.6.27 there are new / more modules needed to open the LUKS encryptet root partition.
  So I removed the line from mkinitcpio.conf and deletet the padlock modules in /lib/modules/2.6.27-ARCH before regenarating the initrd image.
  Thanks to GerBra for the tip.
  Last edited by SiD (2008-10-22 11:41:56)

  I'm not shure, but think ... yes.

• Gummiboot and encrypted / partition

  Hi,
  This is my first experience with Arch, with GPT, with LUKS, and with gummiboot, so I have a lot of sources of ignorance. 
  I am trying to set up a LUKS-encrypted system with encrypted swap.  I have followed the beginner's guide and the dm-crypt with LUKS guide pretty carefully and have no problem creating the encrypted partitions.  However, I don't quite understand how to construct the gummiboot entry for booting into the system. 
  the gummiboot wiki page has some instructions:
  An example entry for encrypted root (dm-crypt with LUKS)
  $esp/loader/entries/arch-encrypted.conf
  title          Arch Linux (Encrypted)
  linux          \\path\\to\\vmlinuz-linux
  options        initrd=\\path\\to\\initramfs-linux.img cryptdevice=UUID=<UUID>:luks-<UUID> root=UUID=<luks-UUID> rw
  In the encrypted example, not that the initrd is in options -- this does not appear to be discretionary at this time. Note that UUID is used for in this example. PARTUUID should be able to replace the UUID, if so desired.
  much of this is foreign to me.  In particular, how do I identify the various UUID's:
  cryptdevice=UUID=<UUID>:luks-<UUID> root=UUID=<luks-UUID>
  are those all the same UUID?  Or is there a difference between the plain  UUID and the luks-UUID?  And how do I get either of those pieces of information? 
  also, I am trying to speed things up a little by using this install script from the web:
  https://github.com/altercation/archston … chstone.sh
  however, a bunch of stuff there seems like it's out of date (lots of referenes to rc.conf, for instance!). 
  I'm wondering if there are other inconsistenies as well I should be careful of. 
  Thanks,
  Matt

  yes, this random script was a bad idea and I've stopped using it.  That said, I really don't understand the UUID stuff in my initial question, despite having gone through the beginner's guide & stuff.  In fact, the whole gummiboot stanza is odd to me: 
  An example entry for encrypted root (dm-crypt with LUKS)
  $esp/loader/entries/arch-encrypted.conf
  title          Arch Linux (Encrypted)
  linux          \\path\\to\\vmlinuz-linux
  options        initrd=\\path\\to\\initramfs-linux.img cryptdevice=UUID=<UUID>:luks-<UUID> root=UUID=<luks-UUID> rw
  what is with the escaped windows-looking  backslashes -- shouldn't this read more like:
  title          Arch Linux (Encrypted)
  linux          /vmlinuz-linux
  options        initrd=/initramfs-linux.img cryptdevice=UUID=<UUID>:luks-<UUID> root=UUID=<luks-UUID> rw
  ... and is there a way to find the relevant UUID's somewhere?  Thanks,
  Matt

• Does LUKS encryption slow down the system?

  How fast is the system after you encrypt / and /home partitions? Does anybody notice any difference compared to unencrypted partitions?
  I'm thinking about encrypting partitions, but for speed reasons I don't know should I encrypt just /home or also the / partition.
  I found nothing on LUKS homepage.

  Technically it must be a little slower, but I never could notice it at all. If you do try it, watch top while you're working, the amount of CPU used by "kcryptd" is basically the amount of power you're giving up.

• Additional, encrypted partition mounted as /Users

  Recently I removed DVD-ROM drive from my MacBook Pro and installed 60GB SSD for system (in regular HDD bay) and my old HDD instead of DVD drive.
  My plan is to use fast SSD drive for system and the HDD for data.
  I would like to have my HDD partition mounted as /Users so all users' home directories are stored on HDD.
  I read this article: http://www.red-sweater.com/blog/1935/lions-whole-disk-encryption but it seams there is a problem with logging in if the user's home directory resides on separate encrypted partition.
  My question is:
  Is there any chance I can have "fully functional" /Users directory mounted as additional encrypted partition?
  Thanks,
  Mike

  Hi Linc,
  Thanks for your answer.
  No, because the Users volume would already have to be unlocked and mounted before you could log in, and that's impossible.
  I don't think it is impossible. I would reather say: "Apple makes it difficult to do".
  I barely see any problem with mounting other partitions on the system level during boot.
  The question is: "How hard is it to do that now?"
  The second question is: "When (and how) Apple will make it easier?"
  The best you could do would be to log in, mount the volume as root at /Users, then log out and log in again. I wouldn't recommend that you try this.
  Yeah... I don't feel like log in two times. I wouldn't recommend it either.
  I have another idea which is:
  1. Mount addtitional encrypted partition as /Volumes/Whatever
  2. Create directories like:
  /Volumes/Whatever/Documents
  /Volumes/Whatever/Pictures
  /Volumes/Whatever/Music
  /Volumes/Whatever/Library
  3. Mount these directories in places under /Users/MyUser/... during login.
  So there are other questions:
  1. How to do it the "Mac way"?
  2. There are maybe some directories which probably can not be mounted this way as its content can be necessary for login process to perform (probably some subdirectories of Library). Is it the case?
  Cheers,
  Mike

• How to read an E71-encrypted MicroSD in a PC

  Hi to everybody.
  I think disk encryption it's an excellent feature.  I use it in my laptop, but the main problem is: how can I read the encrypted disk in another environment?
  I have my E71 8GB MicroSDHC encrypted by the phone.  it works excellent, but there's a catch: E71 it's USB 2.0 but... doesn't mean it supports High-Speed. It only supports Full-Speed so the transfers must be sticked at 1MB/sec.  Obviously, after encrypting my SDHC, I cannot extract from the cellphone and try to read in a computer, like I did before.  My SDHC is Class 6, so the 15MB/sec transfer is wasted.
  Anyone knows a software/driver/whatever-you-know that I could use to read the encrypted memory in a PC?
  Thanks in advance.

  First of all forget about USB 2, microSDHC, Class x, or whatever per sec transfer rates of anything.
  Encryption is only an excellent feature if you know what it is. At best, it makes your data completely secure; at worst, it makes it completely useless.
  As far is your phone data is concerned, on the card you used, you will only ever be able to use or access it if you can remember the password you used to enable the encrytion in the first place and in the E71, not on a PC.
  The encrypted disks, partitions, folders, files, or anything else on any PC or laptop you have is completely different. They can only be unencrypted by you knowing the relevant password(s) to your laptop or pc.
  It isn't clear to me whether you are asking for advice or to solve a problem you have ?
  E71-1(241.04) RM-346 300.21.012

• How to shrink this LOB and what steps need to perform.

  Problem Description: hi
  one of our production database having one table i that table having 320 gb LOB in one column
  can you please suggest how to shrink this LOB and what steps need to perform.
  during shrinkg of LOB how much undo tablespace is require,and does it create more archive log because LOB size is 320gb.
  this table having function based index also.so we will not shrink it.
  we need to release the space from database this in only big LOB out of my DATABASE its took approx. 80%.
  there is any way we can reclame this space with less time.
  please suggest how to do this and how much downtime is required.
  database version 10.2.0.4 and OS AIX 5.3

  Hi;
  Please check below which could be helpful for your issue:
  Shrink LOB Segment On Partitioned Table [ID 802059.1]
  How to determine the actual size of the LOB segments and how to free the deleted/unused space above/below the HWM [ID 386341.1]
  Why is no space released after an ALTER TABLE ... SHRINK? [ID 820043.1]
  Troubleshooting Guide (TSG) - Large Objects (LOBs) [ID 846562.1]
  Regard
  Helios

• How can I increase the C partition space?

  Hello! I have an internal hard drive used on my Windows 7computer and also has divided it into four partitions, C, D, E and F. Under Disk Management, I was able to shrink the E partition well. But when I went to extend the C partition
  space there, it just didn’t let me do that (that “Extend” option just cannot be chosen). How do I extend my C partition space successfully? 

  Hi,
  To use the "Extend Volum" option, you need a unallocated space available as a the snapshot below:
  Here's a guide for reference
  http://blogs.technet.com/b/mghazai/archive/2009/02/24/extend-system-boot-volume-on-windows-server-2008-windows-vista-win7-beta.aspx
  we should shrink the neighboring partition to release unallocated space
  if error persists, please paste the GUI snapshot of your disk management here for further analysis.
  Yolanda Zhu
  TechNet Community Support

• Encrypted partition

  hi
  i have an encrypted partition use by suse
  is there a way to use it with arch linux?
  thanks

  Generally you would use the same method you (or suse) uses to mount and unlock the encrypted partition.
  If you use Luks for the encryption with dm_crypt you could simply run:
  cryptsetup luksOpen /dev/hdaX name_of_partition
  mount /dev/mapper/name_of_partition /partition_mountpoint
  To do all of this atomatically you would need to edit /mnt/etc/crypttab and enter the needed information.
  Here are two wiki entries concerning LUKS with Arch, they do not directly relate to what you need but you could use some pieces of it.
  LUKS Encrypted Root
  RAID Encryption LVM
  Most of the above is only valid when you're using LUKS I suppose. I also can't say anything about other methods because I never used them.

• OpenSUSE - Arch switch: encrypted partitions, keeping /home and other

  Hello,
  I am considering switching from openSUSE to Arch -- I want to gain performance, avoid releases and try something new -- but have some doubts/questions. I would appreciate if you could help me a bit with resolving them :)
  i. From what I see on the fora some of you are (ex) SUSE users so... will I miss anything?
  ii. Should I expect any problems in general?
     a) I am using nVidia proprietary drivers and, despite all downsides, would like to keep doing so. Are there any problems regarding installation or keeping them up to date?
     b) Is it possible to use s2ram and s2disk or obtain working counterpart(s), as, I hear, there are some problems with those?
     c) Is it possible to install software from debs and/or rpms? Possibly without extracting and moving files manually?
     d) Is it safe to assume that hardware and all applications not specific to any distribution will work just as well as they do on SUSE? I know, Linux is Linux but still.
  /edit:   e) Does getting fonts to be displayed properly takes a lot of tweaking? This problem does not exist on SUSE but on other distros it used to be a pain.
  iii. I have SUSE installed on encrypted partitions (with luks and /dev/mapper so it's pretty similar to setup recommended for Arch in that matter) and would like to avoid reencrypting as well as keep /home untouched. Is it possible and not too complicated?
  (I have seen http://wiki.archlinux.org/index.php/LUKS_Encrypted_Root, http://wiki.archlinux.org/index.php/Off … tall_Guide and http://wiki.archlinux.org/index.php/Ins … ing_Linux)
  Any additional information and comments are welcome.
  Last edited by skx (2009-02-16 15:36:33)

  quarkup wrote:ii)
  a) No problemo. I use nVidia drivers too for my 6800go, with no issues.
  Inxsible wrote:ii c) [....] I think there are packages in AUR, which can help you convert them to an Arch PKGBUILD and then install them.
  Thanks.
  bgc1954 wrote:i)
  Well, if you used suse for any length of time, you might miss the incredible slowness of yast as compared to pacman. :D
  YaST is not that slow anymore ;)
  What about the encryption part? That's the one that makes me anxious.
  Last edited by skx (2009-02-16 15:50:58)

• Grub, UEFI, and encrypted partitions

  I followed the tutorials on the Wiki regarding setting up luks encryption over LVM which worked fine. Part of this process involved getting grub to decrypt the root partition, which also worked. However, I later went and followed instructions for getting UEFI boot to work; I created a separate /boot partition, used grub-install, etc. I'm now in a weird state, though: grub is still using (and unlocking) the root partition and using whatever is in its /boot directory when it really should be using the /boot partition. I've managed to confuse myself enough through all this that I'm not sure what config files and commands I need to mess with to get grub to load the initramfs from the actual boot partition while not also screwing up the root partition that should be unlocked/mounted by systemd.
  My common sense tells me that the latter has nothing to do with the former but it took me long enough to figure out the hack of copying everything in the boot partition to root's /boot just to get the thing booting again after a kernel update that I'd rather just ask here

  tcdavis wrote:I'm now in a weird state, though: grub is still using (and unlocking) the root partition and using whatever is in its /boot directory when it really should be using the /boot partition.
  UEFI and a dedicated /boot partition are separate things, and they are not dependent on one another. The problem is most likely coincidental.
  Make sure your "root=" and "cryptdevice=" kernel parameters are correct. Edit /etc/default/grub, and use the UUID of the LUKS container on the new /boot partition, replacing the old UUID of the root filesystem. This should be the UUID of the LUKS container itself, not the filesystem contained within it. Use `cryptsetup luksUUID /dev/sda2` substituting sda2 with your /boot partition. This only applies to the kernel and is not directly related to GRUB, so it's just a precautionary measure.
  Make sure /boot is mounted, and regenerate grub.cfg:
  mount /boot
  grub-mkconfig -o /boot/grub/grub.cfg
  Delete the contents of /boot on the root partition to prevent confusion:
  umount /boot
  rm -r /boot
  mkdir /boot
  mount /boot
  Also make sure your /boot partition is being mounted (via crypttab and a keyfile) automatically at boot, or you will run into problems later on.
  Strike0 wrote:If you, in your first attempt, installed grub to the MBR and your bios is set to dual legacy/uefi, the grub bios may take precedence now. You should boot the machine/install ISO in pure efi mode before executing the grub install for uefi and best wipe the grub bios which probably installed itself to sectors before the first partition.
  I don't know enough about the GRUB internals to say whether or not the UUID of the /boot partition is embedded in GRUB's UEFI stub, but in theory the following commands should overwrite both the BIOS boot loader and UEFI.
  mount /boot
  grub-install --target=i386-pc --recheck
  grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=grub_uefi --recheck
  This way GRUB should use the correct /boot no matter if it is booting in BIOS or UEFI mode.
  If these instructions don't solve your problem, please specify what stage of the boot process is failing, and what you saw prior to the boot failure (e.g. did you get a GRUB rescue shell? Did you see the GRUB menu? Did GRUB indicate an incorrect UUID?)

• [SOLVED] Installation with LUKS encryption--ok to grub, then black s..

  Installation with LUKS encryption--ok to grub, then black screen
  I'm trying to install ArchLinux  onto an existing Luks encrypted HDD, formerly dual boot with Fedora 17.
  First,I left the Windows partition unchanged and erased the root partition. Then I booted to the ArchLinux, mounted and decrypted the LVM encrypted volume group partitions and followed along with the  Beginner's Guide Installation Instructions. This progressed without a hitch; near as I can tell. I can boot to grub select kernel interface, but no further.
  So I forgot something...the encrypted volume. I found the archLinux page dm-crypt with LUKS and tried my best to follow along encouraged by the first line, "The installation of a LUKS-encrypted system is largely the same as installing an unencrypted system."
  And that's where I stand. I edited the grub.cfg to boot to run level 3, but the kernel doesn't seem to load at all and never starts to give me the chance to enter the password. So now I'm not sure if its the LUKS encryption after all. (maybe its my _next_ problem)
  Any ideas?
  Last edited by xtian (2013-09-17 22:03:48)

  Sure, here's the layout,
  # lsblk -fa
  NAME FSTYPE LABEL UUID MOUNTPOINT
  sda
  ├─sda1 vfat xxxx-xxxx
  ├─sda2 ext4 xxxxxxxxxxxxxxxxxxxxx /boot
  └─sda3 crypto_L xxxxxxxxxxxxxxxxxxxx
  └─luks-93xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (dm-0) LVM2_mem xxxxxxxxxxxxxxxxxxxxxxx
  ├─cryptVG-root (dm-1) ext4 xxxxxxxxxxxxxxxxxxxxxxxxxxxx /
  ├─cryptVG-swap (dm-2) swap xxxxxxxxxxxxxxxxxxxxxxxxxxxx [SWAP]
  ├─cryptVG-home (dm-3) ext4 home xxxxxxxxxxxxxxxxxxxxxxxxxxxx /home
  └─cryptVG-local (dm-4) ext4 local xxxxxxxxxxxxxxxxxxxxxxxxxxxx /usr/local
  I left sda1 alone. Reinstalled on sda2 (/boot) and sda3 (cryptVG-root). I also remade swap. I didn't see an opportunity to set /usr/local, so I may simply free up this space after copying the data. But for home I set up a sub directory for the new install and left the old user in place (something I've been wanting to accomplish for some time as anaconda is not so nice to old user files).

• How to make more than one partition on Airport Time Capsule?

  how to make more than one partition on Airport Time Capsule?

  Only for the very brave......
  Open up the Time Capsule (voids the warranty)
  Pull the hard drive
  Place the hard drive in a separate enclosure
  Connect the enclosure directly to your Mac
  Use Disk Utility to partition the hard drive
  Reinstall the hard drive back in the Time Capsule
  For the rest of us.....
  The next best thing might be to set up one or more disk images on the Time Capsule, which will allow you reserve a given amount of space for each disk image.
  Open up Macintosh HD > Applications > Utilities > Disk Utility
  Click on the New Image tab
  Navigate to the Time Capsule
  Set up the disk image by naming it and specifying how much space you want to reserve

• How do I open an encrypted flash drive from windows

  How do I open an encrypted flash drive from windows?

  How was the flash drive encrypted, that is, with what system or software?