Extend an Encrypted LUKS Partition

General disclaimer applies, no liability will be accepted for any loss or damage, use at your own risk and do frequent backups!

Scenario

We have a 1TB Samsung external HDD, which currently contains 2 partitions:

# fdisk -l /dev/sdc
Disk /dev/sdc: 1000.2 GB, 1000194400256 bytes
[...]

Device Boot Start End Blocks Id System
/dev/sdc1 2048 1048578047 524288000 83 Linux
/dev/sdc2 1048578048 1953504687 452463320 7 HPFS/NTFS/exFAT

The first partition, /dev/sdc1, is an encrypted LUKS volume. What we want to do is to delete the NTFS /dev/sdc2 partition and use its size for the LUKS partition.

Extend the Partition

Make sure the LUKS partition is not mounted nor opened (doesn’t appear under /dev/mapper). The idea now is to delete both partitions from the partition table (not the actual data!) and create a new partition with the same¬†start block (2048, see above, extremely important) as the original LUKS volume.

# fdisk /dev/sdc

Command (m for help): p

Disk /dev/sdc: 1000.2 GB, 1000194400256 bytes
[...]

Device Boot Start End Blocks Id System
/dev/sdc1 2048 1048578047 524288000 83 Linux
/dev/sdc2 1048578048 1953504687 452463320 7 HPFS/NTFS/exFAT

Command (m for help): d
Partition number (1-4): 2

Command (m for help): d
Selected partition 1

Command (m for help): p

Disk /dev/sdc: 1000.2 GB, 1000194400256 bytes
[...]

Device Boot Start End Blocks Id System

Command (m for help): n
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p):
Using default response p
Partition number (1-4, default 1):
Using default value 1
First sector (2048-1953504687, default 2048): 2048
Last sector, +sectors or +size{K,M,G} (2048-1953504687, default 1953504687):
Using default value 1953504687

Command (m for help): p

Disk /dev/sdc: 1000.2 GB, 1000194400256 bytes
[...]

Device Boot Start End Blocks Id System
/dev/sdc1 2048 1953504687 976751320 83 Linux

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

Decrypt the Partition

# cryptsetup luksOpen /dev/sdc1 samsung

Run Filesystem Check and Resize the Partition

# e2fsck -f /dev/mapper/samsung
e2fsck 1.42.5 (29-Jul-2012)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking dir#ectory structure
Pass 3: Checking directory connectivity
/lost+found not found. Create<y>? yes
Pass 4: Checking reference counts
Pass 5: Checking group summary information

samsung_luks: ***** FILE SYSTEM WAS MODIFIED *****
samsung_luks: 35603/32768000 files (9.1% non-contiguous), 107366347/131071488 blocks
# resize2fs /dev/mapper/samsung
resize2fs 1.42.5 (29-Jul-2012)
Resizing the filesystem on /dev/mapper/samsung to 244187318 (4k) blocks.
The filesystem on /dev/mapper/samsung is now 244187136 blocks long.

Mount the Volume and Check the Size

# mount /dev/mapper/samsung /mnt/
# df -h | grep samsung
/dev/mapper/samsung 917G 402G 469G 47% /mnt

4 thoughts on “Extend an Encrypted LUKS Partition

  1. Thank you so much. I had a secondary HD (not boot drive) and just a plain LUKS-crypt partition. Everywhere I looked they dealt with LVM and the boot drive resizing, etc. This worked perfectly so I could enlarge my LUKS partition on Debian Jessie. Didn’t have to use the Live CD since it wasn’t the boot drive. Thank you so much for posting this.

  2. What if the luks partition is located at the end of disk? Is it possible to grow the partition the other way? Ubuntus documentation suggest to use fdisk to resice the partition in such a case, but this results in cryptsetup not recognizing the partition.

    • Is the LUKS volume header still there? It you overwrite the volume header, cryptsetup will not recognise it. An option might be to setup a LUKS partition with a detached header.

Leave a Reply

Your email address will not be published. Required fields are marked *