You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2019-12-14 00:49:04
- Xi0N
- Member
- From: Bilbao - Spain
- Registered: 2007-11-29
- Posts: 832
- Website
Convert LUKS1 into LUKS2?
I have my working environment on top of LUKS1.
I wanted to migrate to LUKS2, but I was wondering if there's any non-destructive way to do so or if is this even possible.
The system is UEFI booting from an unencrypted ESP partition (/boot), it prompts for the passphrase on boot time and then, starts mounting the encrypted root partition.
Cheers.
Offline
#2 2019-12-26 18:27:11
- ua4000
- Member
- Registered: 2015-10-14
- Posts: 492
Re: Convert LUKS1 into LUKS2?
Which boot loader do you use ?
On grub2 there are some remarks about luks2 here, https://wiki.archlinux.org/index.php/GRUB
And here google found some infos about in-place conversion form LUKS1: https://www.saout.de/pipermail/dm-crypt … 05771.html
Offline
#3 2019-12-26 18:58:43
- frostschutz
- Member
- Registered: 2013-11-15
- Posts: 1,504
Re: Convert LUKS1 into LUKS2?
there is 'cryptsetup convert' just for that purpose (consider taking a backup of the luks header just in case)
note that grub does not support LUKS2 but if your /boot is unencrypted, you should be fine
also keyslots take up more space for LUKS2 so how many keyslots you have depends on your data offset. if luksDump says you have 2MiB (4096 sectors) data offset then you're fine. if you only use one keyslot anyway that's also fine
Last edited by frostschutz (2019-12-26 18:59:12)
Offline
#4 2019-12-28 13:23:10
- Xi0N
- Member
- From: Bilbao - Spain
- Registered: 2007-11-29
- Posts: 832
- Website
Re: Convert LUKS1 into LUKS2?
Yeah, cryptsetup convert did the trick in less than a second.
Thanks!
Offline
Pages: 1