You are not logged in.
Hi
I have Arch running in my Asus EEEPC 1201n for a few moths. I have suspend2ram and swap encrypted with LUKS working at the same time.
Now I'm trying to set up hibernating with uswsusp. I'm folowing the Wiki page for 1201NL, when I clic hibernate button, bar fills and everything seems to work but when the system starts again, Arch asks me for /dev/mapper/swap (my ecrypted swap) that is obviously not ready in that stage of the boot.
I edit /etc/mkinitcpio.conf file and add "uresume" to the HOOKS entry as Wiki says, so uresume ask for /dev/mapper/swap after it's ready.
My /etc/crypttab:
swap /dev/sda4 SWAP --offset 8 -c aes-xts-plain -h whirlpool -s 512
Is there any method to have the swap encrypted after the uresume ask for it
It is not easy for me to write in English, I hope you understand me
Offline
Placing it in crypttab won't do you much good. It is too late by then. Long time ago I had to modify encrypt hook, but today it shouldn't be needed, and try appending the following to your lilo.conf or grub kernel options cryptdevice=/dev/sda4:swap
You need to install an RTFM interface.
Offline
Still not working.
I also have "/" and "/home" encrypted, so my kernel options at boot are:
kernel /vmlinuz26 root=/dev/mapper/arch cryptdevice=/dev/sda6:arch acpi_osi=Linux resume=/dev/mapper/swap ro (suspend works ore)
The swap patition is encrypted "on the fly" with aes-xts-plain -h whirlpool -s 512 when crypttab opens it, but uresume ask for it at HOOK
I don't know how HOOKS mkinitcpio.conf works, but I need a way to run uresume after crypttab opens swap
Offline
The swap patition is encrypted "on the fly" with aes-xts-plain -h whirlpool -s 512
You obviously can't do this. What do you think will happen to your hibernation image? You can't restore your system from nothingness.
You have to use a static key. Either permanently, or re-encrypt your swap with a static key each time before your hibernate. If you have trouble understanding read this chapter of my eCryptfs article: http://sysphere.org/~anrxc/j/articles/e … html#top-5
If you want to know if cryptdevice parameter will work, or you will have to patch encrypt hook simply read it yourself: /lib/initcpio/hooks/encrypt. When I dealt with this 2 or 3 years ago the hook could only decrypt root partition, so you had to add additional steps in the hook for swap space. Later it was my understanding this limitation was resolved by developers and hook reading cryptdevice.
Last edited by anrxc (2011-02-15 21:10:32)
You need to install an RTFM interface.
Offline
That information helped me a lot. Thanks!
In conclusion, I have to use at least two static keys, one for / and other for SWAP.
Offline