wiki-system/encrypt-swap-Ubuntu-20.04.md

# encrypt swap Ubuntu 20.04 with hibernation

## prerequisite

* all command bellow are run has root
* install ecryptfs

~~~{bat}
root@laptop:/root# install apt-get install ecryptfs-utils
~~~

## encrypt swap

* turn off current swap

~~~
root@laptop:/root# swapoff -a
~~~

* encrypt swap partition

~~~
root@laptop:/root# cryptsetup luksFormat --cipher aes-xts-plain64 --verify-passphrase --key-size 256 /dev/nvme0n1p2
root@laptop:/root# cryptsetup open /dev/nvme0n1p2 cryptswap
~~~

* set up the crypt partition as swap.

~~~
root@laptop:/root# mkswap /dev/mapper/cryptswap
~~~

* ajust **/etc/fstab** to use your mapper, replace your encrypt swap device like bellow :

~~~
/dev/mapper/cryptswap   none   swap   discard   0   0
~~~

* add your encrypt swap device define in **/etc/crypttab**

~~~
cryptswap   /dev/nvme0n1p2		none	luks
~~~

* enable swap

~~~
root@laptop:/root# swapon -a
~~~

* edit **/etc/initramfs-tools/conf.d/resume**. Replace the existing **RESUME** line with the following line.

~~~
root@laptop:/root# printf "RESUME=/dev/mapper/cryptswap" | tee /etc/initramfs-tools/conf.d/resume
~~~

* Register these changes.

~~~
root@laptop:/root# update-initramfs -u -k all
~~~


* Change your /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT to point to remove or be sure there is nothing in resume

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"

~~~
root@laptop:/root# update-grub
~~~

### to be solve

~~~
cryptsetup: ERROR: Couln't resolve device rpool/ROOT/ubuntu_...
cryptsetup: WARNING: Couln't determine root device
~~~

## sources
* [wiki.archlinux.org - dm-crypt/Swap encryption](https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#LVM_on_LUKS)
* [help.ubuntu.com - Enable Hibernate With Encrypted Swap](https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap)
un peut de mise en page / ajout descriptifs 2020-06-24 08:25:41 +02:00			`# encrypt swap Ubuntu 20.04 with hibernation`

remove grub config not needed 2020-06-24 08:19:39 +02:00			`## prerequisite`

			`* all command bellow are run has root`
un peut de mise en page / ajout descriptifs 2020-06-24 08:25:41 +02:00			`* install ecryptfs`
remove grub config not needed 2020-06-24 08:19:39 +02:00
2020-06-24 08:31:43 +02:00			`~~~{bat}`
2020-06-24 09:42:41 +02:00			`root@laptop:/root# install apt-get install ecryptfs-utils`
un peut de mise en page / ajout descriptifs 2020-06-24 08:25:41 +02:00			`~~~`
remove grub config not needed 2020-06-24 08:19:39 +02:00
un peut de mise en page / ajout descriptifs 2020-06-24 08:25:41 +02:00			`## encrypt swap`

			`* turn off current swap`
remove grub config not needed 2020-06-24 08:19:39 +02:00
			`~~~`
2020-06-24 09:42:41 +02:00			`root@laptop:/root# swapoff -a`
un peut de mise en page / ajout descriptifs 2020-06-24 08:25:41 +02:00			`~~~`

			`* encrypt swap partition`

			`~~~`
2020-06-24 09:42:41 +02:00			`root@laptop:/root# cryptsetup luksFormat --cipher aes-xts-plain64 --verify-passphrase --key-size 256 /dev/nvme0n1p2`
			`root@laptop:/root# cryptsetup open /dev/nvme0n1p2 cryptswap`
un peut de mise en page / ajout descriptifs 2020-06-24 08:25:41 +02:00			`~~~`

			`* set up the crypt partition as swap.`

			`~~~`
2020-06-24 09:42:41 +02:00			`root@laptop:/root# mkswap /dev/mapper/cryptswap`
remove grub config not needed 2020-06-24 08:19:39 +02:00			`~~~`

2020-06-24 08:34:47 +02:00			`* ajust /etc/fstab to use your mapper, replace your encrypt swap device like bellow :`
remove grub config not needed 2020-06-24 08:19:39 +02:00
			`~~~`
			`/dev/mapper/cryptswap none swap discard 0 0`
			`~~~`

2020-06-24 08:34:47 +02:00			`* add your encrypt swap device define in /etc/crypttab`
remove grub config not needed 2020-06-24 08:19:39 +02:00
			`~~~`
			`cryptswap /dev/nvme0n1p2 none luks`
			`~~~`

un peut de mise en page / ajout descriptifs 2020-06-24 08:25:41 +02:00			`* enable swap`

remove grub config not needed 2020-06-24 08:19:39 +02:00			`~~~`
2020-06-24 09:42:41 +02:00			`root@laptop:/root# swapon -a`
remove grub config not needed 2020-06-24 08:19:39 +02:00			`~~~`

2020-06-24 08:34:47 +02:00			`* edit /etc/initramfs-tools/conf.d/resume. Replace the existing RESUME line with the following line.`
un peut de mise en page / ajout descriptifs 2020-06-24 08:25:41 +02:00
remove grub config not needed 2020-06-24 08:19:39 +02:00			`~~~`
2020-06-24 09:45:35 +02:00			`root@laptop:/root# printf "RESUME=/dev/mapper/cryptswap" \| tee /etc/initramfs-tools/conf.d/resume`
remove grub config not needed 2020-06-24 08:19:39 +02:00			`~~~`

un peut de mise en page / ajout descriptifs 2020-06-24 08:25:41 +02:00			`* Register these changes.`
remove grub config not needed 2020-06-24 08:19:39 +02:00
			`~~~`
2020-06-24 09:42:41 +02:00			`root@laptop:/root# update-initramfs -u -k all`
remove grub config not needed 2020-06-24 08:19:39 +02:00			`~~~`

2020-06-24 09:48:33 +02:00
			`* Change your /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT to point to remove or be sure there is nothing in resume`

			`GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"`

			`~~~`
			`root@laptop:/root# update-grub`
			`~~~`

remove grub config not needed 2020-06-24 08:19:39 +02:00			`### to be solve`

			`~~~`
			`cryptsetup: ERROR: Couln't resolve device rpool/ROOT/ubuntu_...`
			`cryptsetup: WARNING: Couln't determine root device`
			`~~~`
un peut de mise en page / ajout descriptifs 2020-06-24 08:25:41 +02:00
			`## sources`
			`* [wiki.archlinux.org - dm-crypt/Swap encryption](https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#LVM_on_LUKS)`
			`* [help.ubuntu.com - Enable Hibernate With Encrypted Swap](https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap)`