You are not logged in.
- Topics: Active | Unanswered
#1 2007-12-06 14:32:17
- phildg
- Member
- Registered: 2006-03-10
- Posts: 146
Encrypted root and swap and hibernation
Hey
I've got this setup and working, but I'm looking to tidy the config up.
I had encryption set up using luks containers as per the wiki, using a key file for the root parition and a new key for the swap. Obviously this is no good for hibernation, and I need to use the same key for the swap all the time. Following the cryptsetup instructions on the wiki is no good either because swap is unlocked far too late in the boot process.
So, I created a new container for swap using the same key as my root parition and added a line to the encrypt hook script to unlock swap if unlocking root was successful. Made sure encrypt was before resume in mkinitcpio.conf, and resume before file system, altered /etc/fstab to mount /dev/mapper/swap during boot, and added resume=/dev/mapper/swap to grub.conf
So during hibernation the memory is saved to the encypted swap /dev/mapper/root, and because swap is unlocked at the same time as root, early in the boot process then resum is able to restore memory from the encrypted swap.
So my question, is there a way to have swap unlocked at the same time as root without having to hack and butcher the encrypt hook script.
Last edited by phildg (2007-12-06 14:34:13)
Offline
#2 2007-12-06 15:36:19
- .:B:.
- Forum Fellow
- Registered: 2006-11-26
- Posts: 5,818
Re: Encrypted root and swap and hibernation
Without hacking the encrypt hook, you'll only be able to unlock one volume at the same time. Afaik the device mapper asks for a password for each encrypted partition, and using one for all won't work, you have to repeat the process for each partition, whereas the encrypt hook only seems to be able to handle one partition. You can hack it, but I haven't done that (yet), it's already quite messy you have to hack the hook file to make it apply to non-root partitions.
Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy
Offline
#3 2007-12-06 16:22:29
- phildg
- Member
- Registered: 2006-03-10
- Posts: 146
Re: Encrypted root and swap and hibernation
As I said I'm using a key file, not entering a passphrase. I don't even have a passphrase associated with the encrypted volumes.
I have got it all up and running I'm just looking for ways to tidy it up.
Offline
#4 2007-12-06 21:14:27
- .:B:.
- Forum Fellow
- Registered: 2006-11-26
- Posts: 5,818
Re: Encrypted root and swap and hibernation
I'm using a keyfile too. The concept stays the same: to unlock you need to get the passphrase from somewhere. The keyfile is just a container.
Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy
Offline