From 69382acb89f08a5e69e51fc0fc369bc6d480ba9f Mon Sep 17 00:00:00 2001 From: "nomad@wund" Date: Wed, 8 Dec 2021 20:56:05 +0100 Subject: [PATCH] add somme comment --- encrypt-swap-Ubuntu-20.04.md | 167 ++++++++++++++++++----------------- 1 file changed, 86 insertions(+), 81 deletions(-) diff --git a/encrypt-swap-Ubuntu-20.04.md b/encrypt-swap-Ubuntu-20.04.md index afed352..db1da34 100644 --- a/encrypt-swap-Ubuntu-20.04.md +++ b/encrypt-swap-Ubuntu-20.04.md @@ -1,81 +1,86 @@ -# encrypt swap Ubuntu 20.04 with hibernation - -## prerequisite - -* all command bellow are run has root -* install ecryptfs - -~~~{bat} -root@laptop:/root# install apt-get install ecryptfs-utils -~~~ - -## encrypt swap - -* turn off current swap - -~~~ -root@laptop:/root# swapoff -a -~~~ - -* encrypt swap partition - -~~~ -root@laptop:/root# cryptsetup luksFormat --cipher aes-xts-plain64 --verify-passphrase --key-size 256 /dev/nvme0n1p2 -root@laptop:/root# cryptsetup open /dev/nvme0n1p2 cryptswap -~~~ - -* set up the crypt partition as swap. - -~~~ -root@laptop:/root# mkswap /dev/mapper/cryptswap -~~~ - -* ajust **/etc/fstab** to use your mapper, replace your encrypt swap device like bellow : - -~~~ -/dev/mapper/cryptswap none swap discard 0 0 -~~~ - -* add your encrypt swap device define in **/etc/crypttab** - -~~~ -cryptswap /dev/nvme0n1p2 none luks -~~~ - -* enable swap - -~~~ -root@laptop:/root# swapon -a -~~~ - -* edit **/etc/initramfs-tools/conf.d/resume**. Replace the existing **RESUME** line with the following line. - -~~~ -root@laptop:/root# printf "RESUME=/dev/mapper/cryptswap" | tee /etc/initramfs-tools/conf.d/resume -~~~ - -* Register these changes. - -~~~ -root@laptop:/root# update-initramfs -u -k all -~~~ - - -* Change your /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT to point to remove or be sure there is nothing in resume - -GRUB_CMDLINE_LINUX_DEFAULT="quiet splash" - -~~~ -root@laptop:/root# update-grub -~~~ - -### to be solve - -~~~ -cryptsetup: ERROR: Couln't resolve device rpool/ROOT/ubuntu_... -cryptsetup: WARNING: Couln't determine root device -~~~ - -## sources -* [wiki.archlinux.org - dm-crypt/Swap encryption](https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#LVM_on_LUKS) -* [help.ubuntu.com - Enable Hibernate With Encrypted Swap](https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap) +# encrypt swap Ubuntu 20.04 with hibernation + +## prerequisite + +* all command bellow are run has root +* install ecryptfs + +~~~{bat} +root@laptop:/root# install apt-get install ecryptfs-utils +~~~ + +## encrypt swap + +* turn off current swap + +~~~ +root@laptop:/root# swapoff -a +~~~ + +* encrypt swap partition + +~~~ +root@laptop:/root# cryptsetup luksFormat --cipher aes-xts-plain64 --verify-passphrase --key-size 256 /dev/nvme0n1p2 +root@laptop:/root# cryptsetup open /dev/nvme0n1p2 cryptswap +~~~ + +* set up the crypt partition as swap. + +~~~ +root@laptop:/root# mkswap /dev/mapper/cryptswap +~~~ + +* ajust **/etc/fstab** to use your mapper, replace your encrypt swap device like bellow : + +~~~ +/dev/mapper/cryptswap none swap discard 0 0 +~~~ + +* add your encrypt swap device define in **/etc/crypttab** + +~~~ +cryptswap /dev/nvme0n1p2 none luks +~~~ + +* enable swap + +~~~ +root@laptop:/root# swapon -a +~~~ + +* edit **/etc/initramfs-tools/conf.d/resume**. Replace the existing **RESUME** line with the following line. + +~~~ +root@laptop:/root# printf "RESUME=/dev/mapper/cryptswap" | tee /etc/initramfs-tools/conf.d/resume +~~~ + +* Register these changes. + +~~~ +root@laptop:/root# update-initramfs -u -k all +~~~ + + +* Change your /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT to point to remove or be sure there is nothing in resume + +GRUB_CMDLINE_LINUX_DEFAULT="quiet splash" + +~~~ +root@laptop:/root# update-grub +~~~ + +### to be solve + +~~~ +cryptsetup: ERROR: Couln't resolve device rpool/ROOT/ubuntu_... +cryptsetup: WARNING: Couln't determine root device +~~~ + +~~~ +- don't work anymore after upgrade form 20.04 to 21.04 on Full ZFS with zfs encrypt and encrypted swap but still work if swap is unencrypted. +- just test it sucessfully again (12.2021) on a 20.04 Full ZFS with zfs unencrypt and encrypted swap. +~~~ + +## sources +* [wiki.archlinux.org - dm-crypt/Swap encryption](https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#LVM_on_LUKS) +* [help.ubuntu.com - Enable Hibernate With Encrypted Swap](https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap)