My notes on making encrypted filesystems "Just Work(tm)"

Sjoerd Simons sjoerd at
Mon Dec 13 11:24:20 PST 2004

On Mon, Dec 13, 2004 at 02:12:02PM -0500, David Zeuthen wrote:
> On Mon, 2004-12-13 at 20:04 +0100, Sjoerd Simons wrote:
> > > Yeah, I'm a bit scared of that. One of the important use cases in my
> > > view is the ability to easily encrypt/decrypt a file system (on the fly,
> > > for USB keys, or on the next boot) without changing it's size [1]. For
> > > ext3 that means we only got 0x400 bytes in the beginning of the file
> > > system.
> > 
> > An extra option in the metadata to indicate the start the start of the 
> > encrypted part will solve this and gives you the flexibility for both 
> > solutions :)..
> Uh, no. You will end up with fewer block on the clear filesystem
> (e.g. /dev/dm-0) which implies the need for a filesystem resize during
> conversion from e.g. /dev/sda1 to /dev/dm-0. Without filesystem resize
> the conversion is simply
>  dd if=/dev/sda1 of=/dev/dm-0 bs=512

If that option is set to 0 then that suggestion works. If you don't care for
that then you can use other settings :)  

Perfection is reached, not when there is no longer anything to add, but
when there is no longer anything to take away.
		-- Antoine de Saint-Exupery
hal mailing list
hal at

More information about the Hal mailing list