{"id":20098,"date":"2024-02-07T22:37:18","date_gmt":"2024-02-07T19:37:18","guid":{"rendered":"https:\/\/kifarunix.com\/?p=20098"},"modified":"2024-03-10T16:02:06","modified_gmt":"2024-03-10T13:02:06","slug":"extend-existing-luks-encrypted-lvm-by-adding-physical-volume","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/extend-existing-luks-encrypted-lvm-by-adding-physical-volume\/","title":{"rendered":"Extend Existing LUKS-Encrypted LVM by Adding Physical Volume"},"content":{"rendered":"\n<p>In this guide, you will learn how to easily extend existing LUKS-encrypted LVM by adding physical volume. <a href=\"https:\/\/gitlab.com\/cryptsetup\/cryptsetup\/#specification-and-documentation\" target=\"_blank\" rel=\"noreferrer noopener\">LUKS<\/a>, Linux Unified Key Setup, is a standard for encrypting entire disks or partitions on Linux systems.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#extending-luks-encrypted-lvm-by-adding-physical-volume\">Extending LUKS-Encrypted LVM by Adding Physical Volume<\/a><ul><li><a href=\"#current-drive-information\">Current Drive Information<\/a><\/li><li><a href=\"#additional-drives\">Additional Drives<\/a><\/li><li><a href=\"#format-new-drives-as-linux-lvm-8-e\">Format New Drives as Linux LVM (8e)<\/a><\/li><li><a href=\"#encrypt-new-drives-partitions-with-luks\">Encrypt New Drives Partitions with LUKS<\/a><\/li><li><a href=\"#unlock-lu-ks-devices-and-create-physical-volume\">Unlock LUKs Devices and Create Physical Volume<\/a><\/li><li><a href=\"#extend-the-volume-group\">Extend the Volume Group<\/a><\/li><li><a href=\"#extend-root-logical-volume\">Extend Root Logical Volume<\/a><\/li><li><a href=\"#mount-the-luks-devices-on-boot\">Mount the LUKS Devices on Boot<\/a><\/li><li><a href=\"#update-initial-ram-file-system\">Update Initial RAM FileSystem<\/a><\/li><li><a href=\"#any-updates-for-fstab\">Any Updates for FSTAB?<\/a><\/li><li><a href=\"#reboot-the-system-to-confirm-changes\">Reboot the System to Confirm Changes<\/a><\/li><li><a href=\"#unlock-lu-ks-devices\">Unlock LUKs Devices<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"extending-luks-encrypted-lvm-by-adding-physical-volume\">Extending LUKS-Encrypted LVM by Adding Physical Volume<\/h2>\n\n\n\n<p>So, how can you easily extend existing root LUKS encrypted LVM by adding an extra Physical disk?<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"current-drive-information\">Current Drive Information<\/h3>\n\n\n\n<p>In my test environment, I have an Ubuntu 24.04 virtual machine with LUKs encrypted physical volume that was enabled and configured during initial installation process.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>lsblk<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>sda                           8:0    0    25G  0 disk  \n\u251c\u2500sda1                        8:1    0     1M  0 part  \n\u251c\u2500sda2                        8:2    0     2G  0 part  \/boot\n\u2514\u2500sda3                        8:3    0    23G  0 part  \n  \u2514\u2500dm_crypt-0              252:0    0    23G  0 crypt \n    \u2514\u2500ubuntu--vg-ubuntu--lv 252:1    0    23G  0 lvm   \/var\/snap\/firefox\/common\/host-hunspell\n                                                       \/snap\n                                                       \/\n<\/code><\/pre>\n\n\n\n<p>As you can see <strong>\/dev\/sda3<\/strong> (<em>with root filesystem<\/em>) is LUKs encrypted.<\/p>\n\n\n\n<p>More information about the Physical volumes, volume group and logical volume;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo pvs<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>  PV                     VG        Fmt  Attr PSize  PFree\n  \/dev\/mapper\/dm_crypt-0 ubuntu-vg lvm2 a--  22.98g    0\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo vgs<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>  VG        #PV #LV #SN Attr   VSize  VFree\n  ubuntu-vg   1   1   0 wz--n- 22.98g    0\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo lvs<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>  LV        VG        Attr       LSize  Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert\n  ubuntu-lv ubuntu-vg -wi-ao---- 22.98g\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"additional-drives\">Additional Drives<\/h3>\n\n\n\n<p>Now, I want to expand the existing storage by attaching two more physical drives to the machine;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>lsblk<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>...\nsdb                           8:16   0     5G  0 disk  \nsdc                           8:32   0    15G  0 disk\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"format-new-drives-as-linux-lvm-8-e\">Format New Drives as Linux LVM (<code>8e<\/code>)<\/h3>\n\n\n\n<p>Format your new drives as Linux LVM;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo fdisk \/dev\/sdb<\/code><\/pre>\n\n\n\n<p>Create new primary partition and use all available space. Set the partition as Linux LVM:<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nWelcome to fdisk (util-linux 2.39.2).\nChanges will remain in memory only, until you decide to write them.\nBe careful before using the write command.\n\nDevice does not contain a recognized partition table.\nCreated a new DOS (MBR) disklabel with disk identifier 0x63f961b1.\n\n<strong>Command (m for help): n\n<\/strong>Partition type\n   p   primary (0 primary, 0 extended, 4 free)\n   e   extended (container for logical partitions)\nSelect (default p): <strong>ENTER<\/strong>\n\nUsing default response p.\nPartition number (1-4, default 1): <strong>ENTER<\/strong>\nFirst sector (2048-10485759, default 2048): <strong>ENTER<\/strong>\nLast sector, +\/-sectors or +\/-size{K,M,G,T,P} (2048-10485759, default 10485759): <strong>ENTER<\/strong>\n\nCreated a new partition 1 of type 'Linux' and of size 5 GiB.\n\n<strong>Command (m for help): t\n<\/strong>Selected partition 1\n<strong>Hex code or alias (type L to list all): lvm\n<\/strong>Changed type of partition 'Linux' to 'Linux LVM'.\n\n<strong>Command (m for help): w\n<\/strong>The partition table has been altered.\nCalling ioctl() to re-read partition table.\nSyncing disks.\n<\/code><\/pre>\n\n\n\n<p>Do the same on the other drive;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo fdisk \/dev\/sdc<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-pullquote has-small-font-size\"><blockquote><p>By default, MBR (Master Boot Record) partition scheme is used. Note that this supports upto a maximum of 2TB for a single partition size. A such, if you are dealing with anything &gt; 2TB, be sure to change the partition scheme to GPT (GUID partition table)which doesn&#8217;t have size limitation. <\/p><\/blockquote><\/figure>\n\n\n\n<p>Check the partition type;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo fdisk \/dev\/sdb -l<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>Disk \/dev\/sdb: 5 GiB, 5368709120 bytes, 10485760 sectors\nDisk model: VBOX HARDDISK   \nUnits: sectors of 1 * 512 = 512 bytes\nSector size (logical\/physical): 512 bytes \/ 512 bytes\nI\/O size (minimum\/optimal): 512 bytes \/ 512 bytes\nDisklabel type: dos\nDisk identifier: 0x63f961b1\n\n<strong>Device     Boot Start      End  Sectors Size Id Type\n\/dev\/sdb1        2048 10485759 10483712   5G 8e Linux LVM<\/strong>\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"encrypt-new-drives-partitions-with-luks\">Encrypt New Drives Partitions with LUKS<\/h3>\n\n\n\n<p>Next, encrypt the new Drives partitions with LUKS key;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo cryptsetup luksFormat \/dev\/sdb1<\/code><\/pre>\n\n\n\n<p>Confirm that you want to proceed and provide passphrase to encrypt your drive partition;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nWARNING!\n========\nThis will overwrite data on \/dev\/sdb1 irrevocably.\n\nAre you sure? (Type 'yes' in capital letters): YES\nEnter passphrase for \/dev\/sdb1: PASSPHRASE\nVerify passphrase: PASSPHRASE\n<\/code><\/pre>\n\n\n\n<p>Similarly, format the other drives partitons;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo cryptsetup luksFormat \/dev\/sdc1<\/code><\/pre>\n\n\n\n<p>To view detailed header information about the LUKS header of a device (such as UUID, cipher, key size, etc.), you can use the <code>luksDump<\/code> sub-command.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>LUKS header information\nVersion:       \t2\nEpoch:         \t3\nMetadata area: \t16384 [bytes]\nKeyslots area: \t16744448 [bytes]\nUUID:          \t848a0a92-0c0e-46aa-8a02-368fc0dd6a4c\nLabel:         \t(no label)\nSubsystem:     \t(no subsystem)\nFlags:       \t(no flags)\n\nData segments:\n  0: crypt\n\toffset: 16777216 [bytes]\n\tlength: (whole device)\n\tcipher: aes-xts-plain64\n\tsector: 512 [bytes]\n\nKeyslots:\n  0: luks2\n\tKey:        512 bits\n\tPriority:   normal\n\tCipher:     aes-xts-plain64\n\tCipher key: 512 bits\n\tPBKDF:      argon2id\n\tTime cost:  5\n\tMemory:     1048576\n\tThreads:    2\n\tSalt:       67 5f 9d 71 1f 7b 20 17 bd e1 da 17 51 84 67 76 \n\t            2f 78 45 cc b1 cf a6 21 9d 5e c5 d2 09 6a 81 7f \n\tAF stripes: 4000\n\tAF hash:    sha256\n\tArea offset:32768 [bytes]\n\tArea length:258048 [bytes]\n\tDigest ID:  0\nTokens:\nDigests:\n  0: pbkdf2\n\tHash:       sha256\n\tIterations: 144830\n\tSalt:       fe 3c e3 47 ea 84 24 8c 74 6f 79 1d 05 d7 5c 6b \n\t            b0 15 77 b4 d9 6e 79 5c ec 83 7c 4b 2b 74 9e 27 \n\tDigest:     18 87 98 d6 62 91 a5 2c 65 8e fc 67 dd a2 d7 16 \n\t            52 ae 72 dd 9f cd 85 5c c1 f9 4e 5e 07 07 40 1c\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"unlock-lu-ks-devices-and-create-physical-volume\">Unlock LUKs Devices and Create Physical Volume<\/h3>\n\n\n\n<p>Unlock your newly create LUKS devices and create new physical volumes that can be used to expand your current drive.<\/p>\n\n\n\n<p>The <code>cryptsetup luksOpen<\/code> command is used to open (unlock) a LUKS (Linux Unified Key Setup) encrypted device, making it accessible for further use.<\/p>\n\n\n\n<p>The basic syntax of the <code>luksOpen<\/code> command is as follows:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo cryptsetup luksOpen \/dev\/sdXn &lt;mapping_name&gt;<\/code><\/pre>\n\n\n\n<p>Where:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>\/dev\/sdXn<\/code>: The path to the LUKS-encrypted partition (replace with your actual device).<\/li>\n\n\n\n<li><code>&lt;mapping_name&gt;<\/code>: The name you want to assign to the decrypted mapping. This name is used to refer to the decrypted device when accessing it.<\/li>\n<\/ul>\n\n\n\n<p>Thus;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo cryptsetup luksOpen \/dev\/sdb1 sdb1<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo cryptsetup luksOpen \/dev\/sdc1 sdc1<\/code><\/pre>\n\n\n\n<p>In this example, the LUKS-encrypted partition at <code>\/dev\/sdb1\/sdc1<\/code> is opened with the mapping name <code>sdb1\/sdc1<\/code> respectively. After running this command, you will find a device named <code>\/dev\/mapper\/sdb1|sdc1<\/code>, which represents the decrypted version of the LUKS-encrypted partition.<\/p>\n\n\n\n<p>You can check the status using <strong><code>cryptsetup status<\/code><\/strong> command;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo cryptsetup status sdb1<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\/dev\/mapper\/sdb1 is active.\n  type:    LUKS2\n  cipher:  aes-xts-plain64\n  keysize: 512 bits\n  key location: keyring\n  device:  \/dev\/sdb1\n  sector size:  512\n  offset:  32768 sectors\n  size:    10450944 sectors\n  mode:    read\/write\n<\/code><\/pre>\n\n\n\n<p>Now that the devices are unlocked, create physical volumes on them;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo pvcreate \/dev\/mapper\/sdb1<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo pvcreate \/dev\/mapper\/sdc1<\/code><\/pre>\n\n\n\n<p>See some information;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo pvs<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>  PV                     VG        Fmt  Attr PSize  PFree \n  \/dev\/mapper\/dm_crypt-0 ubuntu-vg lvm2 a--  22.98g     0 \n  \/dev\/mapper\/sdb1                 lvm2 ---   4.98g  4.98g\n  \/dev\/mapper\/sdc1                 lvm2 ---  14.98g 14.98g\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"extend-the-volume-group\">Extend the Volume Group<\/h3>\n\n\n\n<p>Now that we have two extra physical volumes, extend the volume group by adding the new physical volumes.<\/p>\n\n\n\n<p>My volume group is named <strong><code>ubuntu-vg<\/code><\/strong>. See above VG column.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo vgextend ubuntu-vg \/dev\/mapper\/sdb1 \/dev\/mapper\/sdc1<\/code><\/pre>\n\n\n\n<p>Confirm;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo vgs<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>  VG        #PV #LV #SN Attr   VSize  VFree \n  ubuntu-vg   3   1   0 wz--n- 42.94g 19.96g\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"extend-root-logical-volume\">Extend Root Logical Volume<\/h3>\n\n\n\n<p>Extend the logical volume to use the new all the new space. Our LVM is <strong><code>ubuntu-lv<\/code><\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo lvextend -r -l +100%FREE \/dev\/ubuntu-vg\/ubuntu-lv<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>-r<\/code>: This option is used to resize the filesystem on the logical volume along with extending the logical volume itself.<\/li>\n\n\n\n<li><code>-l +100%FREE<\/code>: This option specifies how much to extend the logical volume. In this case, it is extended by 100% of the available free space in the volume group.<\/li>\n<\/ul>\n\n\n\n<p>Confirm;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo df -hT -P \/<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>Filesystem                        Type  Size  Used Avail Use% Mounted on\n\/dev\/mapper\/ubuntu--vg-ubuntu--lv ext4   43G  8.9G   32G  22% \/\n<\/code><\/pre>\n\n\n\n<p>You have successfully extended your existing LUKS-encrypted LVM by adding new physical volume.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"mount-the-luks-devices-on-boot\">Mount the LUKS Devices on Boot<\/h3>\n\n\n\n<p>The <code>\/etc\/crypttab<\/code> file is a configuration file used in Linux systems to define encrypted block devices (usually partitions or LVM logical volumes) that are set up during the system boot process.<\/p>\n\n\n\n<p>Since we enabled LVM LUKS encryption while setting up our OS from the beginning, the crypttab contains the information below at the moment;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cat \/etc\/crypttab<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>dm_crypt-0 UUID=67482f55-a3ea-433a-bdf4-87210ce042ba none luks<\/code><\/pre>\n\n\n\n<p>The typical format of entries in the <code>\/etc\/crypttab<\/code> file is as follows:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;name&gt; &lt;device&gt; &lt;key file&gt; &lt;options&gt;<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code><strong>&lt;name&gt;<\/strong><\/code>: The name used to refer to the mapping of the encrypted device. This is often a symbolic name and is used in the <code>\/dev\/mapper\/<\/code> path. For example, if <code>&lt;name&gt;<\/code> is set to &#8220;sdb1,&#8221; the mapped device might be <code>\/dev\/mapper\/sdb1<\/code>.<\/li>\n\n\n\n<li><code><strong>&lt;device&gt;<\/strong><\/code>: The path to the encrypted block device, such as a partition or logical volume.<\/li>\n\n\n\n<li><strong>&lt;key file&gt;<\/strong> An optional parameter specifying a file containing the key or passphrase for the encrypted device. This can be left empty or set to <strong>none<\/strong> if a key file is not used so as to be prompted to enter passphrase while booting.<\/li>\n\n\n\n<li><strong><code>&lt;options&gt;<\/code><\/strong>: LUKS option such as cipher\/key size<\/li>\n<\/ul>\n\n\n\n<p>So, let&#8217;s update the crypttab with the new devices entries.<\/p>\n\n\n\n<p>To begin with, get the devices UUIDs.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo blkid | grep LUKS<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\/dev\/sdb1: UUID=\"848a0a92-0c0e-46aa-8a02-368fc0dd6a4c\" TYPE=\"crypto_LUKS\" PARTUUID=\"63f961b1-01\"\n\/dev\/sdc1: UUID=\"e98f363f-dc74-4202-8680-87e968a73770\" TYPE=\"crypto_LUKS\" PARTUUID=\"4cb3d400-01\"\n\/dev\/sda3: UUID=\"67482f55-a3ea-433a-bdf4-87210ce042ba\" TYPE=\"crypto_LUKS\" PARTUUID=\"0e14c2c8-17e7-4dbc-8d86-c1541b9d5edf\"\n<\/code><\/pre>\n\n\n\n<p>Now that we have UUIDS, update crypttab.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo vim \/etc\/crypttab<\/code><\/pre>\n\n\n\n<p>Entries we will add;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>sdb1 UUID=848a0a92-0c0e-46aa-8a02-368fc0dd6a4c none luks\nsdc1 UUID=e98f363f-dc74-4202-8680-87e968a73770 none luks\n<\/code><\/pre>\n\n\n\n<p>So, crypttab now looks like;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cat \/etc\/crypttab<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>dm_crypt-0 UUID=67482f55-a3ea-433a-bdf4-87210ce042ba none luks\nsdb1 UUID=848a0a92-0c0e-46aa-8a02-368fc0dd6a4c none luks\nsdc1 UUID=e98f363f-dc74-4202-8680-87e968a73770 none luks\n<\/code><\/pre>\n\n\n\n<p>With this, when the system boots, you will be prompted for passphrase to unlock them.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"update-initial-ram-file-system\">Update Initial RAM FileSystem<\/h3>\n\n\n\n<p>If you make any changes, you need to update the initial RAM filesystem, <strong><code>initramfs<\/code><\/strong> to include the changes. <strong>initramfs<\/strong> is a temporary filesystem loaded into memory during the initial stage of the Linux boot process. It contains essential tools, modules, and scripts required to initialize the system before transitioning to the actual root filesystem.<\/p>\n\n\n\n<p>You can update initramfs as follows;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo update-initramfs -u<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"any-updates-for-fstab\">Any Updates for FSTAB?<\/h3>\n\n\n\n<p>No, at this point the new physical volumes added are already part of the LVM;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>lsblk<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>...\nsda                           8:0    0    25G  0 disk  \n\u251c\u2500sda1                        8:1    0     1M  0 part  \n\u251c\u2500sda2                        8:2    0     2G  0 part  \/boot\n\u2514\u2500sda3                        8:3    0    23G  0 part  \n  \u2514\u2500dm_crypt-0              252:0    0    23G  0 crypt \n    \u2514\u2500ubuntu--vg-ubuntu--lv 252:1    0  42.9G  0 lvm   \/var\/snap\/firefox\/common\/host-hunspell\n                                                       \/snap\n                                                       \/\nsdb                           8:16   0     5G  0 disk  \n\u2514\u2500sdb1                        8:17   0     5G  0 part  \n  \u2514\u2500sdb1                    252:2    0     5G  0 crypt \n    \u2514\u2500ubuntu--vg-ubuntu--lv 252:1    0  42.9G  0 lvm   \/var\/snap\/firefox\/common\/host-hunspell\n                                                       \/snap\n                                                       \/\nsdc                           8:32   0    15G  0 disk  \n\u2514\u2500sdc1                        8:33   0    15G  0 part  \n  \u2514\u2500sdc1                    252:3    0    15G  0 crypt \n    \u2514\u2500ubuntu--vg-ubuntu--lv 252:1    0  42.9G  0 lvm   \/var\/snap\/firefox\/common\/host-hunspell\n                                                       \/snap\n                                                       \/\n\n<\/code><\/pre>\n\n\n\n<p>Hence, no changes required for FSTAB for now.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"reboot-the-system-to-confirm-changes\">Reboot the System to Confirm Changes<\/h3>\n\n\n\n<p>if you are doubting something, address it properly before proceeding. Otherwise, reboot your system to apply the changes and ensure that both LUKS-encrypted devices are automatically unlocked and mounted during boot.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl reboot -i<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"unlock-lu-ks-devices\">Unlock LUKs Devices<\/h3>\n\n\n\n<p>If everything went well, your system should boot with no issue and you will be prompted to enter LUKS decryption passphrase.<\/p>\n\n\n\n<p>Unlock First Drive;<\/p>\n\n\n\n<figure data-wp-context=\"{&quot;uploadedSrc&quot;:&quot;https:\\\/\\\/kifarunix.com\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/unlock-first-luks-drive.png&quot;,&quot;figureClassNames&quot;:&quot;wp-block-image size-full&quot;,&quot;figureStyles&quot;:null,&quot;imgClassNames&quot;:&quot;wp-image-20107&quot;,&quot;imgStyles&quot;:null,&quot;targetWidth&quot;:1074,&quot;targetHeight&quot;:743,&quot;scaleAttr&quot;:false,&quot;ariaLabel&quot;:&quot;Enlarge image: Extend Existing LUKS-Encrypted LVM by Adding Physical Volume&quot;,&quot;alt&quot;:&quot;Extend Existing LUKS-Encrypted LVM by Adding Physical Volume&quot;}\" data-wp-interactive=\"core\/image\" class=\"wp-block-image size-full wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"1074\" height=\"743\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/02\/unlock-first-luks-drive.png?v=1707332546\" alt=\"Extend Existing LUKS-Encrypted LVM by Adding Physical Volume\" class=\"wp-image-20107\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/02\/unlock-first-luks-drive.png?v=1707332546 1074w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/02\/unlock-first-luks-drive-768x531.png?v=1707332546 768w\" sizes=\"(max-width: 1074px) 100vw, 1074px\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge image: Extend Existing LUKS-Encrypted LVM by Adding Physical Volume\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on-async--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"context.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"context.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n\n\n\n<p>Unlock second LUKS device;<\/p>\n\n\n\n<figure data-wp-context=\"{&quot;uploadedSrc&quot;:&quot;https:\\\/\\\/kifarunix.com\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/unlock-sdb1-luks-drive.png&quot;,&quot;figureClassNames&quot;:&quot;wp-block-image size-full&quot;,&quot;figureStyles&quot;:null,&quot;imgClassNames&quot;:&quot;wp-image-20108&quot;,&quot;imgStyles&quot;:null,&quot;targetWidth&quot;:1007,&quot;targetHeight&quot;:673,&quot;scaleAttr&quot;:false,&quot;ariaLabel&quot;:&quot;Enlarge image&quot;,&quot;alt&quot;:&quot;&quot;}\" data-wp-interactive=\"core\/image\" class=\"wp-block-image size-full wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"1007\" height=\"673\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/02\/unlock-sdb1-luks-drive.png?v=1707332573\" alt=\"\" class=\"wp-image-20108\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/02\/unlock-sdb1-luks-drive.png?v=1707332573 1007w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/02\/unlock-sdb1-luks-drive-768x513.png?v=1707332573 768w\" sizes=\"(max-width: 1007px) 100vw, 1007px\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge image\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on-async--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"context.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"context.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n\n\n\n<p>Unlock third LUKS device;<\/p>\n\n\n\n<figure data-wp-context=\"{&quot;uploadedSrc&quot;:&quot;https:\\\/\\\/kifarunix.com\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/unlock-sdc1-luks-drive.png&quot;,&quot;figureClassNames&quot;:&quot;wp-block-image size-full&quot;,&quot;figureStyles&quot;:null,&quot;imgClassNames&quot;:&quot;wp-image-20109&quot;,&quot;imgStyles&quot;:null,&quot;targetWidth&quot;:1051,&quot;targetHeight&quot;:665,&quot;scaleAttr&quot;:false,&quot;ariaLabel&quot;:&quot;Enlarge image&quot;,&quot;alt&quot;:&quot;&quot;}\" data-wp-interactive=\"core\/image\" class=\"wp-block-image size-full wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"1051\" height=\"665\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/02\/unlock-sdc1-luks-drive.png?v=1707332609\" alt=\"\" class=\"wp-image-20109\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/02\/unlock-sdc1-luks-drive.png?v=1707332609 1051w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/02\/unlock-sdc1-luks-drive-768x486.png?v=1707332609 768w\" sizes=\"(max-width: 1051px) 100vw, 1051px\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge image\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on-async--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"context.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"context.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n\n\n\n<p>Successful!<\/p>\n\n\n\n<figure data-wp-context=\"{&quot;uploadedSrc&quot;:&quot;https:\\\/\\\/kifarunix.com\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/unlock-sdc1-luks-drive-successful.png&quot;,&quot;figureClassNames&quot;:&quot;wp-block-image size-full&quot;,&quot;figureStyles&quot;:null,&quot;imgClassNames&quot;:&quot;wp-image-20110&quot;,&quot;imgStyles&quot;:null,&quot;targetWidth&quot;:1047,&quot;targetHeight&quot;:680,&quot;scaleAttr&quot;:false,&quot;ariaLabel&quot;:&quot;Enlarge image&quot;,&quot;alt&quot;:&quot;&quot;}\" data-wp-interactive=\"core\/image\" class=\"wp-block-image size-full wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"1047\" height=\"680\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/02\/unlock-sdc1-luks-drive-successful.png?v=1707332628\" alt=\"\" class=\"wp-image-20110\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/02\/unlock-sdc1-luks-drive-successful.png?v=1707332628 1047w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/02\/unlock-sdc1-luks-drive-successful-768x499.png?v=1707332628 768w\" sizes=\"(max-width: 1047px) 100vw, 1047px\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge image\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on-async--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"context.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"context.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n\n\n\n<p>Login to the system and confirm that you have extend existing LUKS-encrypted LVM.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>df -hT -P \/<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>Filesystem                        Type  Size  Used Avail Use% Mounted on\n\/dev\/mapper\/ubuntu--vg-ubuntu--lv ext4   43G  8.9G   32G  22% \/\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>lsblk<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>sda                           8:0    0    25G  0 disk  \n\u251c\u2500sda1                        8:1    0     1M  0 part  \n\u251c\u2500sda2                        8:2    0     2G  0 part  \/boot\n\u2514\u2500sda3                        8:3    0    23G  0 part  \n  \u2514\u2500dm_crypt-0              252:0    0    23G  0 crypt \n    \u2514\u2500ubuntu--vg-ubuntu--lv 252:3    0  42.9G  0 lvm   \/var\/snap\/firefox\/common\/host-hunspell\n                                                       \/snap\n                                                       \/\nsdb                           8:16   0     5G  0 disk  \n\u2514\u2500sdb1                        8:17   0     5G  0 part  \n  \u2514\u2500sdb1                    252:1    0     5G  0 crypt \n    \u2514\u2500ubuntu--vg-ubuntu--lv 252:3    0  42.9G  0 lvm   \/var\/snap\/firefox\/common\/host-hunspell\n                                                       \/snap\n                                                       \/\nsdc                           8:32   0    15G  0 disk  \n\u2514\u2500sdc1                        8:33   0    15G  0 part  \n  \u2514\u2500sdc1                    252:2    0    15G  0 crypt \n    \u2514\u2500ubuntu--vg-ubuntu--lv 252:3    0  42.9G  0 lvm   \/var\/snap\/firefox\/common\/host-hunspell\n                                                       \/snap\n                                                       \/\n<\/code><\/pre>\n\n\n\n<p>And that is it on how to extend existing LUKS-encrypted LVM.<\/p>\n\n\n\n<p>Read more LUKS tutorials in our other guides<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/?s=LUKS\" target=\"_blank\" rel=\"noreferrer noopener\">How to encrypt drives with LUKS in Linux<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this guide, you will learn how to easily extend existing LUKS-encrypted LVM by adding physical volume. LUKS, Linux Unified Key Setup, is a standard<\/p>\n","protected":false},"author":10,"featured_media":20115,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[39,121,43],"tags":[7394,7393,7392],"class_list":["post-20098","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-storage","category-howtos","category-lvm","tag-expand-luks-lvm-with-new-physical-volume","tag-extend-luks-drive-with-new-physical-volume","tag-extend-luks-lvm-with-new-disk","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/20098"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=20098"}],"version-history":[{"count":15,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/20098\/revisions"}],"predecessor-version":[{"id":20928,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/20098\/revisions\/20928"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/20115"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=20098"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=20098"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=20098"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}