- OpenSuse 12.2 64 bits
- VMWare Workstation 9.x
- LUKS for disk encryption
- LVM
Use it at your own risk ! Your context certainly differs from mine ...
In what follows, /dev/sdb is the new (virtual) disk I wanted to add to an existing VG.
Creation of the encrypted disk
# cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/sdb1
WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
If your are not using a QWERTY keyboard, it is better to choose your passphrase as if you were using one, because when your are asked to keyin your passphrase at boot time, your keyboard is still in QWERTY mode. Surely, something can be done to improve that ...
Another area of improvement would be to be able to keyin the passphrase only once at boot time, and not for each encrypted disk. I did not succeed to do that but I don't give up too ...
The parameters of the previous cryptsetup command may seem a little bit complex (at least for me); in reality I used the same cryptsetup command to know what were the existing parameters of the encrypted system disk that OpenSuse created during the installation phase, and I used exactly the same for the new disk:
# cryptsetup status /dev/mapper/cr_sda2
/dev/mapper/cr_sda2 is active and is in use.
type: LUKS1
cipher: aes-cbc-essiv:sha256
keysize: 256 bits
device: /dev/sda2
offset: 4096 sectors
size: 130004992 sectors
mode: read/write
Open the crypted disk in order to use it
# cryptsetup luksOpen /dev/sdb1 cr_sdb1
Enter passphrase for /dev/sdb1:
Create the physical volume
# lvm pvcreate /dev/mapper/cr_sdb1
Physical volume "/dev/mapper/cr_sdb1" successfully created
Add the PV to the system volume group
# lvm vgextend system /dev/mapper/cr_sdb1
Volume group "system" successfully extended
Extend the root logical volume and the associated filesystem
# lvextend -r -l +100%FREE /dev/system/root
Extending logical volume root to 141.83 GiB
Logical volume root successfully resized
resize2fs 1.42.4 (12-June-2012)
Filesystem at /dev/mapper/system-root is mounted on /; on-line resizing required
old_desc_blocks = 5, new_desc_blocks = 9
The filesystem on /dev/mapper/system-root is now 37179392 blocks long.
Edit /etc/crypttab to add the new encrypted disk
# vi /etc/crypttab
Basically, to add a new line :
cr_sdb1 /dev/sdb1 none none
Run mkinitrd to regenerate a new initrd which will ask for the passphrase of the new encrypted disk at boot time
# mkinitrd
Reboot
To verify that all is fine.
References
The following links helped me to write this post:
http://www.pindarsign.de/webblog/?p=767
http://ubuntuforums.org/archive/index.php/t-892819.html
https://bbs.archlinux.org/viewtopic.php?pid=827495
http://nwrickert2.wordpress.com/2012/05/03/using-luks-encrypted-partitions-in-linux/
Permlink:
http://ti57.blogspot.com/2012/12/how-to-add-encrypted-disk-to-existing.html
