Tag: /boot

Resizing another too small /boot partition. Live and in-place.

Debian 13 “Trixie” has updated the minimum /boot size to 768MiB. This laptop was installed with a /boot of only 488MiB — just enough to upgrade to Trixie, but likely to cause issues in the future. Unfortunately, an encrypted LVM partition is directly adjacent to the /boot partition, so we cannot simply resize it. Instead, we’ll recreate both partitions. Thanks to the magic of LVM, we’ll do this live and in place.

This process should be safe, but I have a backup in place using the excellent Relax and Recover.

We will attach an external drive (/dev/sdb) to the volume group, move the logical volumes to it, repartition the internal drive (/dev/sda), and then move everything back.

Step 1 — Prepare the External Drive

We’ll use an external disk (/dev/sdb) as a temporary storage location.

  1. Wipe and partition the disk:
    Wipe existing signatures:
    wipefs -a /dev/sdb
    Then use gpart (or another partitioning tool) to create a single partition large enough to hold all the data from the LVM volumes you’ll move.
  2. Encrypt the new partition:
    cryptsetup luksFormat /dev/sdb1
  3. Open the encrypted partition:
    cryptsetup luksOpen /dev/sdb1 sdb1_crypt
  4. Mark for LVM and add to VG:
    pvcreate /dev/mapper/sdb1_crypt
    vgextend laptop-vg /dev/mapper/sdb1_crypt

Step 2 — Move Data to the External Drive

Run the following to move all data off the internal encrypted volume:

pvmove --autobackup y --atomic /dev/mapper/sda3_crypt

If the volume group becomes inconsistent, re-add sda3_crypt and clean it up:

cryptsetup luksOpen /dev/sda3 sda3_crypt
vgck --updatemetadata laptop-vg
vgreduce laptop-vg /dev/mapper/sda3_crypt

Step 3 — Resize /boot

  1. Unmount /boot/efi: umount /boot/efi
  2. Backup /boot: tar -cavf /boot.tar.xz /boot
  3. Unmount /boot: umount /boot
  4. Delete and recreate /dev/sda2 as a 1GiB partition using gpart, then reload the partition table: partprobe /dev/sda
  5. Run fsck /dev/sda2 and resize2fs /dev/sda2

Step 4 — Recreate the Encrypted Volume

  1. Create the partition using gpart, then reload the partition table: partprobe /dev/sda
  2. Encrypt the partition: cryptsetup luksFormat /dev/sda3
  3. Open it: cryptsetup luksOpen /dev/sda3 sda3_crypt
  4. Mark for LVM: pvcreate /dev/mapper/sda3_crypt
  5. Add to VG: vgextend laptop-vg /dev/mapper/sda3_crypt
  6. Move data back: pvmove --autobackup y --atomic /dev/mapper/sdb1_crypt
  7. Remove temporary disk: vgreduce laptop-vg /dev/mapper/sdb1_crypt

Step 5 — Update Configuration

  1. Get the new UUID: lsblk --nodeps --noheadings -o uuid /dev/sda3
  2. Edit /etc/crypttab with the new UUID
  3. Update initramfs: update-initramfs -k all -u
  4. Mount /boot and /boot/efi: mount /boot && mount /boot/efi
  5. Reboot and fix any unexpected issues