Increase the size of a LUKS encrypted partition

Even encrypted discs or partitions sometimes need to have their size increased. A LUKS encrypted volume consists of different layers which all need to be resized.

To resize an encrypted volume, multiple steps have to be performed to use the additional space. This article assumes that there is space on the disc available which is not yet used. The steps to increase the volume size are:

  • Resizing the partition used by the encrypted volume
  • Resizing the encrypted LUKS volume
  • Resizing the file-system of the volume
infoBefore starting to resize a volume or its partition, a backup should be created. The dd(1) utility would allow to create a disc image and could be used to make a backup.

To resize the encrypted LUKS volume, the partition it uses need to be increased first. This can be done using parted(8).

$ sudo parted /dev/sdb
GNU Parted 3.2
Using /dev/sdb
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) print
Model: ATA KINGSTON SVP200S (scsi)
Disk /dev/sdb: 60,0GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags: 

Number  Start  End     Size    Type     File system  Flags
 1      512B   30,0GB  30,0GB  primary

(parted) resizepart
Partition number? 1
End?  [30,0GB]? 60GB
(parted) print
Model: ATA KINGSTON SVP200S (scsi)
Disk /dev/sdb: 60,0GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags: 

Number  Start  End     Size    Type     File system  Flags
 1      512B   60,0GB  60,0GB  primary

(parted) q
Information: You may need to update /etc/fstab.

As the above output shows, the disc is a 60,0GB disk containing one 30GB partition. This partition is resized to use the full disc. It’s important at this point that the free space is after the partition to be resized. The “resizepart” command is used to resize the partition by specifying a new “End” for the partition.

The encrypted LUKS volume is not automatically resized. To resize the LUKS encrypted volume the encrypted volume needs to be opened. To open the volume, the “open” command is used.

$ sudo cryptsetup open /dev/sdb1 sdb1_crypt
Enter passphrase for /dev/sdb1: PASSWORD

The device specified in the above command is the resized partition containing the LUKS encrypted volume. The name on the opened volume “sdb1_crypt” is used to address the volume.

With “cryptsetup(8)“, the LUKS volume can be increased to fill the resized partition. The “resize” command takes the volume name as specified while opening the volume in the previous step.

$ sudo cryptsetup resize sdb1_crypt -v
Command successful.

The above command would not show any output without the “-v” option. With the option, the success message as shown above is printed to the console.

As a final step, the file-system needs to be expanded to the new size. With the resize2fs(8) command the file-system is extended to the new size of the LUKS volume.

$ sudo resize2fs /dev/mapper/sdb1_crypt
resize2fs 1.42.13 (17-May-2015)
Filesystem at /dev/mapper/sdb1_crypt is mounted on /media/gerhard/Daten; on-line resizing required
old_desc_blocks = 2, new_desc_blocks = 4
The filesystem on /dev/mapper/sdb1_crypt is now 14647925 (4k) blocks long.

With the file-system resized, the volume can be mounted and used with the new increased size.


Read more of my posts on my blog at https://blog.tinned-software.net/.

This entry was posted in Encryption, Linux Administration, Security and tagged , , , , , . Bookmark the permalink.