# encrypt swap Ubuntu with hibernation ## prerequisite * all command bellow are run has root * install ecryptfs ~~~{bat} root@laptop:/root# install apt-get install ecryptfs-utils ~~~ ## encrypt swap * turn off current swap ~~~ root@laptop:/root# swapoff -a ~~~ * encrypt swap partition ~~~ root@laptop:/root# cryptsetup luksFormat --cipher aes-xts-plain64 --verify-passphrase --key-size 256 /dev/nvme0n1p2 root@laptop:/root# cryptsetup open /dev/nvme0n1p2 cryptswap ~~~ * set up the crypt partition as swap. ~~~ root@laptop:/root# mkswap /dev/mapper/cryptswap ~~~ * ajust **/etc/fstab** to use your mapper, replace your encrypt swap device like bellow : ~~~ /dev/mapper/cryptswap none swap discard 0 0 ~~~ * add your encrypt swap device define in **/etc/crypttab** ~~~ cryptswap /dev/nvme0n1p2 none luks ~~~ * enable swap ~~~ root@laptop:/root# swapon -a ~~~ * edit **/etc/initramfs-tools/conf.d/resume**. Replace the existing **RESUME** line with the following line. ~~~ root@laptop:/root# printf "RESUME=/dev/mapper/cryptswap" | tee /etc/initramfs-tools/conf.d/resume ~~~ * Register these changes. ~~~ root@laptop:/root# update-initramfs -u -k all ~~~ * Change your /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT to point to remove or be sure there is nothing in resume GRUB_CMDLINE_LINUX_DEFAULT="quiet splash" ~~~ root@laptop:/root# update-grub ~~~ ## disable encrypted swap ~~~ root@laptop:/root# swapoff -a root@laptop:/root# cryptsetup close cryptswap root@laptop:/root# mkswap /dev/nvme0n1p2 root@laptop:/root# printf "RESUME=/dev/nvme0n1p2" | tee /etc/initramfs-tools/conf.d/resume root@laptop:/root# update-initramfs -u -k all root@laptop:/root# update-grub ~~~ * ajust /etc/fstab to ~~~ /dev/nvme0n1p2 none swap discard 0 0 #/dev/mapper/cryptswap none swap discard 0 0 ~~~ * check ~~~ root@laptop:/root# swapon -a root@laptop:/root# swapon --summary Nom de fichier Type Taille Utilisé Priorité /dev/nvme0n1p2 partition 32653308 0 -2 root@laptop:/root# ~~~ ======= ### to be solve ~~~ cryptsetup: ERROR: Couln't resolve device rpool/ROOT/ubuntu_... cryptsetup: WARNING: Couln't determine root device ~~~ ~~~ - don't work anymore after upgrade form 20.04 to 21.04 on Full ZFS with zfs encrypt and encrypted swap but still work if swap is unencrypted. - just test it sucessfully again (12.2021) on a 20.04 Full ZFS with zfs unencrypt and encrypted swap. ~~~ ## sources * [wiki.archlinux.org - dm-crypt/Swap encryption](https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#LVM_on_LUKS) * [help.ubuntu.com - Enable Hibernate With Encrypted Swap](https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap)