You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2014-10-08 18:05:27
- davermont
- Member
- Registered: 2014-09-07
- Posts: 21
Resume from encrypted swap
Hi,
I want to partition my disk such that I have an encrypted home that will be decrypted on boot via an entry in /etc/crypttab (and a user passphrase). I also would like to have an encrypted swap partition which will be decrypted by a keyfile that lives on my (encrypted) /home partition through another line in /etc/crypttab. My thought is that this will allow me to decrypt both partitions on boot with only the passphrase to /home. I think this will work. My concern though, is whether or not I will be able to resume from disk likewise. So long as my mkinitcpio.conf resume hook is after lvm2 and encrypt, my thought is that I will also be able to resume from swap with only the passphrase to /home. Does this sound reasonable? Am I overlooking something?
Thanks,
D
Offline
#2 2014-10-09 09:10:38
- Strike0
- Member
- From: Germany
- Registered: 2011-09-05
- Posts: 1,429
Re: Resume from encrypted swap
You overlook that crypttab will not be parsed on resume, because a resume is not a boot. What could work is use a passphrase for the swap as well: https://wiki.archlinux.org/index.php/Dm … tcpio_hook
Offline
#3 2014-10-09 11:35:09
- teateawhy
- Member
- From: GER
- Registered: 2012-03-05
- Posts: 1,138
- Website
Re: Resume from encrypted swap
The setup you have described will not have the ability to resume from swap. The article Strike0 posted describes a solution that uses mkinitcpio, but it is complex.
A simpler approach is to use full system encryption with LVM on LUKS, and put the swap space inside the encrypted container as well.
https://wiki.archlinux.org/index.php/Dm … VM_on_LUKS
Offline
Pages: 1