73 lines
1.5 KiB
Markdown
73 lines
1.5 KiB
Markdown
# encrypt swap Ubuntu 20.04 with hibernation
|
|
|
|
## prerequisite
|
|
|
|
* all command bellow are run has root
|
|
* install ecryptfs
|
|
|
|
~~~{sh}
|
|
# install apt-get install ecryptfs-utils
|
|
~~~
|
|
|
|
## encrypt swap
|
|
|
|
* turn off current swap
|
|
|
|
~~~
|
|
swapoff -a
|
|
~~~
|
|
|
|
* encrypt swap partition
|
|
|
|
~~~
|
|
cryptsetup luksFormat --cipher aes-xts-plain64 --verify-passphrase --key-size 256 /dev/nvme0n1p2
|
|
cryptsetup open /dev/nvme0n1p2 cryptswap
|
|
~~~
|
|
|
|
* set up the crypt partition as swap.
|
|
|
|
~~~
|
|
mkswap /dev/mapper/cryptswap
|
|
~~~
|
|
|
|
* ajust /etc/fstab to use your mapper, replace your encrypt swap device like bellow :
|
|
|
|
~~~
|
|
/dev/mapper/cryptswap none swap discard 0 0
|
|
~~~
|
|
|
|
* add your encrypt swap device define in /etc/crypttab
|
|
|
|
~~~
|
|
cryptswap /dev/nvme0n1p2 none luks
|
|
~~~
|
|
|
|
* enable swap
|
|
|
|
~~~
|
|
swapon -a
|
|
~~~
|
|
|
|
* edit /etc/initramfs-tools/conf.d/resume. Replace the existing RESUME line with the following line.
|
|
|
|
~~~
|
|
printf "RESUME=UUID=/dev/mapper/cryptswap" | tee /etc/initramfs-tools/conf.d/resume
|
|
~~~
|
|
|
|
* Register these changes.
|
|
|
|
~~~
|
|
update-initramfs -u -k all
|
|
~~~
|
|
|
|
### to be solve
|
|
|
|
~~~
|
|
cryptsetup: ERROR: Couln't resolve device rpool/ROOT/ubuntu_...
|
|
cryptsetup: WARNING: Couln't determine root device
|
|
~~~
|
|
|
|
## sources
|
|
* [wiki.archlinux.org - dm-crypt/Swap encryption](https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#LVM_on_LUKS)
|
|
* [help.ubuntu.com - Enable Hibernate With Encrypted Swap](https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap)
|