On Apr 17 2016, Philipp Kern <pk...@debian.org> wrote: > On Thu, Apr 14, 2016 at 10:06:51PM +0200, Vincent Bernat wrote: >> * Package name : luksipc >> Version : 0.04 >> Upstream Author : Johannes Bauer >> * URL : http://johannes-bauer.com/linux/luksipc/ >> * License : GPL-3 >> Programming Lang: C >> Description : LUKS in-place conversion tool >> >> luksipc is a tool to convert (unencrypted) block devices to >> (encrypted) LUKS devices in-place (therefore it's name LUKS in-place >> conversion). This means the conversion is performed without the need >> of copying all data somewhere, recreating the whole disk (i.e. create >> a LUKS device, create a new filesystem on the mapped LUKS device, copy >> all data back). Instead, the process is reduced to: >> >> 1. Unmounting the filesystem >> >> 2. Resizing the filesystem to shrink about 10 megabytes (2048 kB is >> the current LUKS header size -- but do not trust this value, it >> has changed in the past!) >> >> 3. Performing luksipc >> 4. Adding custom keys to the LUKS keyring >> >> I intend to also provide an initramfs hook to make the conversion of a >> root filesystem for simple cases only (notably cloud payload). > > I am still a little bit scared by this tool.
FWIW, it is used on Android every time encryption is first enabled by the user. Best, -Nikolaus -- GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F »Time flies like an arrow, fruit flies like a Banana.«