On Apr 17 2016, Philipp Kern <pk...@debian.org> wrote:
> On Thu, Apr 14, 2016 at 10:06:51PM +0200, Vincent Bernat wrote:
>> * Package name : luksipc
>> Version : 0.04
>> Upstream Author : Johannes Bauer
>> * URL : http://johannes-bauer.com/linux/luksipc/
>> * License : GPL-3
>> Programming Lang: C
>> Description : LUKS in-place conversion tool
>>
>> luksipc is a tool to convert (unencrypted) block devices to
>> (encrypted) LUKS devices in-place (therefore it's name LUKS in-place
>> conversion). This means the conversion is performed without the need
>> of copying all data somewhere, recreating the whole disk (i.e. create
>> a LUKS device, create a new filesystem on the mapped LUKS device, copy
>> all data back). Instead, the process is reduced to:
>>
>> 1. Unmounting the filesystem
>>
>> 2. Resizing the filesystem to shrink about 10 megabytes (2048 kB is
>> the current LUKS header size -- but do not trust this value, it
>> has changed in the past!)
>>
>> 3. Performing luksipc
>> 4. Adding custom keys to the LUKS keyring
>>
>> I intend to also provide an initramfs hook to make the conversion of a
>> root filesystem for simple cases only (notably cloud payload).
>
> I am still a little bit scared by this tool.
FWIW, it is used on Android every time encryption is first enabled by
the user.
Best,
-Nikolaus
--
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F
»Time flies like an arrow, fruit flies like a Banana.«
