Expand LUKS encrypted partition

qlubsammy · January 20, 2026, 3:01am

I have a standalone HVM running kicksecure. The original private storage max size was 10G, but I’m running out of space. I increased the private storage max size, but it appears Qubes added a new disk, and did not expand the original.

[sysmaint ~]% lsblk
NAME                                          MAJ:MIN RM SIZE RO TYPE  MOUNTPOINTS
xvda                                          202:0    0  10G  0 disk  
├─xvda1                                       202:1    0   2G  0 part  /boot
└─xvda2                                       202:2    0   8G  0 part  
  └─luks-XXX-XXX-XXX            254:0    0   8G  0 crypt /
xvdb                                          202:16   0  60G  0 disk  
xvdc                                          202:32   0  10G  0 disk  
[sysmaint ~]%

How would I remove the /dev/xvd{b,c} disks, and have a single xvda disk with the boot and encrypted partitions?

DVM · January 20, 2026, 9:44am

You are resizing the wrong disk. xvda is “system storage,” and xvdb is “private storage.”

qlubsammy · January 20, 2026, 12:59pm

That would mean Qubes resized the wrong disk, because I used the gui settings to increase private storage max size.

During the ISO install, there was only one disk, which would have been xvda.

Am I wrong in thinking that xvda1 is system storage and xvda2 is private storage, and expecting xvda2 to increase?

DVM · January 20, 2026, 1:10pm

The numbers indicate the disk partitions. In your case, the numbers indicate the partitions on the xvda disk. The xvdb disk has no partitions.

Increasing the private storage will resize xvdb. However, if you want to increase the size of xvda2, you will need to resize the system storage, and then resize xvda2 manually in the HVM.

qlubsammy · January 20, 2026, 1:45pm

Ok, thank you.

As a test, I created a new vm and started the ISO install process. My previous statement about there only being one disk was wrong. During the partitioning phase, I’m presented with 3 detected disks, xvda/b/c. If xvda is system storage, and xvdb is private storage, what is xvdc for?

Thanks again for clarifying all of this for me.

DVM · January 20, 2026, 1:56pm

This part of the Qubes OS documentation explains the purpose of xvdX disks if you want to learn more about them:

qlubsammy · January 20, 2026, 4:50pm

Thank you for linking that, definitely fills in some gaps, but there is still some confusion on my part.

Per the doc:

private.img (xvdb)

This is mounted as /rw and here is placed all VM private data. This includes:

/home – which is bind mounted to /rw/home
/usr/local – which is symlink to /rw/usrlocal
some config files (/rw/config) called by qubes core scripts (ex /rw/config/rc.local)

But how can this be if xvdb does not have a partition and is currently just unallocated space?

Ultimately what it seems I’m trying to do, is create a luks encrypted partition on xvdb containing /home and have it unlocked at boot time and mounted. Is that accurate?

DVM · January 20, 2026, 4:56pm

Since you are using a HVM Standalone, xvdb is not used because all the data are located in xvda.

The /home directory is already in the LUKS partition that you created during installation. There is no need to complicate the setup by using the other disk.

Are you using the HVM Standalone setup to get an encrypted disk? It would be much easier to use the community template.

qlubsammy · January 20, 2026, 7:41pm

I’m using the HVM standalone because I need a GUI environment.

The issue I’m currently facing is xvda is too small. From what I understand, I should be increasing the max system storage size, which would expand xvda.

DVM · January 20, 2026, 8:05pm

Yes, you need to resize the system storage, and then manually resize the partition and LUKS container within the HVM.