You are not logged in.
Pages: 1
ENCRYPTED SWAP
This is how I set up an encrypted swap partition at boot on archlinux-7.2
First you need to install dm-crypt
#pacman -Sy cryptsetup
Check which is your swap partition
#grep -e dev.*swap /etc/fstab
/dev/hda3 none swap sw 0 0
Find from which file swap is set on
#grep swapon *
rc.sysinit:status "Activating Swap" /sbin/swapon -a
Edit the file /etc/rc.sysinit
#nano /etc/rc.sysinit
Create a new line before the line that contains the swapon -a. Insert the following commands:
EDIT:
cryptsetup -c blowfish -s 64 -d /dev/urandom create swap0 /dev/hda2
mkswap /dev/mapper/swap0
swapon /dev/mapper/swap0
In this example we used the blowfish algorithm(-c) with a 64 bit key (-s) and we use /dev/urandom as our key file (-d).
Note! If you decide to take the default algorithm (AES), you need to supply "-s 256" instead of "-s 64", because AES has a different-sized key.
Also make sure the dm_mod module is automatically loaded at boot so dmsetup is able to map the device.
# nano /etc/rc.conf
EDIT:
# Modules to load at boot-up (in this order)
# - prefix a module with a ! to blacklist it
#
MODULES=(aes blowfish dm_crypt)
Also change the swap entry in /etc/fstab to point to /dev/mapper/swap0 so a call to swapon -a won't try to mount the unencrypted swap partition. (Note: this is not very important, swapon will report an error about the device being busy).
#nano /etc/fstab
EDIT:
#/dev/hda3 swap swap defaults 0 0 (I just commented the old entry and added...)
/dev/mapper/swap0 swap swap default 0 0
/dev/hda5 / reiserfs defaults 0 0
Checking that it works
After the next reboot
# cat /proc/swaps
Filename Type Size Used Priority
/dev/mapper/swap0 partition 506036 0 -1
These instructions worked fine for me.
I also have previously added the encrypt HOOK activated in the /boot/mkinipcio-kernel26.conf file.
Based on the how to at the following URL:
thanks
tuxman
Offline
Pages: 1