My notes on making encrypted filesystems "Just Work(tm)"

David Zeuthen david at
Mon Dec 13 11:12:02 PST 2004

On Mon, 2004-12-13 at 20:04 +0100, Sjoerd Simons wrote:
> > Yeah, I'm a bit scared of that. One of the important use cases in my
> > view is the ability to easily encrypt/decrypt a file system (on the fly,
> > for USB keys, or on the next boot) without changing it's size [1]. For
> > ext3 that means we only got 0x400 bytes in the beginning of the file
> > system.
> An extra option in the metadata to indicate the start the start of the 
> encrypted part will solve this and gives you the flexibility for both 
> solutions :)..

Uh, no. You will end up with fewer block on the clear filesystem
(e.g. /dev/dm-0) which implies the need for a filesystem resize during
conversion from e.g. /dev/sda1 to /dev/dm-0. Without filesystem resize
the conversion is simply

 dd if=/dev/sda1 of=/dev/dm-0 bs=512


hal mailing list
hal at

More information about the Hal mailing list