[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#821035: ITP: luksipc -- LUKS in-place conversion tool

On Apr 17 2016, Philipp Kern <pkern@debian.org> wrote:
> On Thu, Apr 14, 2016 at 10:06:51PM +0200, Vincent Bernat wrote:
>> * Package name    : luksipc
>>   Version         : 0.04
>>   Upstream Author : Johannes Bauer
>> * URL             : http://johannes-bauer.com/linux/luksipc/
>> * License         : GPL-3
>>   Programming Lang: C
>>   Description     : LUKS in-place conversion tool
>> 
>> luksipc is a tool to convert (unencrypted) block devices to
>> (encrypted) LUKS devices in-place (therefore it's name LUKS in-place
>> conversion). This means the conversion is performed without the need
>> of copying all data somewhere, recreating the whole disk (i.e. create
>> a LUKS device, create a new filesystem on the mapped LUKS device, copy
>> all data back). Instead, the process is reduced to:
>> 
>>  1. Unmounting the filesystem
>> 
>>  2. Resizing the filesystem to shrink about 10 megabytes (2048 kB is
>>     the current LUKS header size -- but do not trust this value, it
>>     has changed in the past!)
>> 
>>  3. Performing luksipc
>>  4. Adding custom keys to the LUKS keyring
>> 
>> I intend to also provide an initramfs hook to make the conversion of a
>> root filesystem for simple cases only (notably cloud payload).
>
> I am still a little bit scared by this tool.

FWIW, it is used on Android every time encryption is first enabled by
the user.


Best,
-Nikolaus

-- 
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F

             »Time flies like an arrow, fruit flies like a Banana.«
Reply to: