I'm well aware that, broadly speaking, full disk encryption is disfavored here and the advice is to avoid it. Noted and accepted. With that out of the way, and acknowledging that this may just be the wrong forum for the question: is it possible to resize encrypted partitions? We're talking LUKS encryption of the OS drive. I make a lot of full system backups when distro hopping, and Bitlocker has a massive advantage when using full disk encryption, so far. With Windows' tools, either the GUI Drive Management or diskpart, it takes barely seconds to resize a bitlocker partition. In fact, for work, I've got a two or three line diskpart script that can be called from a batch file, letting me shrink the partition to its minimum size or increase it to its maximum size with a batch file that's done too quickly to read the terminal window.
I'd like to be able to do this in Linux, even if I have to do it manually. Dropping from a 4TB partition that's largely empty to a 50 GB partition tremendously speeds up backup and restore, but the tools I've tried in Linux (Gnome Disks, the KDE equivalent, and GParted) have all staunchly refused to resize encrypted partitions.
I think this needs a bit of clarification: It is not disfavored as a whole. Rather; the advice is to not use it if it is not needed.
Full Disk encryption comes with a complexity of caveats. For the average user, there is no need to accept these caveats.
But as an individual user - you know your needs.
If you need disk encryption; then it is there for you to use. Use it.
Yes, it is.
It can be a bit complex, so I would rather start with a detailed guide than a vague forum post.
1 Like
"Resizing LVM-on-LUKS." Is this the part where I facepalm for not setting LVM and ZFS at install, but only ZFS? Well, what's one more install?
I believe most of the steps are the same, but with ZFS you must also resize the ZFS pool.
EDIT: If you are up for a reinstall anyway...
Would it be a lot easier to not use LUKS and stick with ZFS with ZFS encryption?
Interestingly, the first line of the article is that GParted can do the job. I wonder why it won't for me. Best guess would be that I'm running on the encrypted partition at the time, since the guide says to work from a live environment. Bitlocker has no such requirement.
Thanks for the link. It may be a few days before I have time to try something this involved, but I agree completely that a carefully written article was a better choice than a quick "Sure, do this," given those instructions. One computer's running Zorin without LVM, and the other's running Windows because the Linux RTX 50 series support is still pretty lacking, but I can't stand much more Windows. 
My recollection is that Zorin's installer goes with LUKS regardless. I wasn't aware ZFS had non-LUKS encryption. At the very least, in all of my distro hopping, which has variably seen me use LVM + ZFS or just ZFS, the partitions have always shown as LUKS encrypted when hopping to another another distro from Zorin. As such, I actually have no concept of what ZFS encryption entails. Could be easier, could be worse.
Seeing that first line of your link, I really want to poke GParted into doing the job--the mathematics involved is just simple addition, but the risk of miskeying and giving bad sizes definitely makes me want to avoid human error prone methods.
"This will be the sixth time we have destroyed it. But rest assured, we have become exceedingly efficient at it."
1 Like
I have not used ZFS at all and if I gave pointers, it would only be with me looking up guides to do so.
No, this is not something to rush, but to understand. And does Bitlocker make this easier? Probably. A Two Trillion Dollar company has more resources.
It comes down to a cost to benefit ratio.
I think it is worth the cost of learning some new things and struggling with a bit more work to have control over your system and to protect it by your standards.
As I understand it, ZFS encryption is a part of ZFS, so it is well worth looking into so that you can reduce complexity and simplify, as well as increase stability.
2 Likes
Three now, unless very recent events hit them in the market cap. But that only makes the point more true. For the moment, further investigation into GParted's ability to handle LUKS. This is a feature I'm willing to invest time into greater understanding if I must, but it's not something I care to research deeply if tools exist, at least at this time. There are still more basic, more frequently helpful things I need to learn.