wiki-system/encrypt-swap-Ubuntu-20.04.md
2021-05-11 10:38:05 +02:00

2.4 KiB

encrypt swap Ubuntu with hibernation

prerequisite

  • all command bellow are run has root
  • install ecryptfs
root@laptop:/root# install apt-get install ecryptfs-utils

encrypt swap

  • turn off current swap
root@laptop:/root# swapoff -a
  • encrypt swap partition
root@laptop:/root# cryptsetup luksFormat --cipher aes-xts-plain64 --verify-passphrase --key-size 256 /dev/nvme0n1p2
root@laptop:/root# cryptsetup open /dev/nvme0n1p2 cryptswap
  • set up the crypt partition as swap.
root@laptop:/root# mkswap /dev/mapper/cryptswap
  • ajust /etc/fstab to use your mapper, replace your encrypt swap device like bellow :
/dev/mapper/cryptswap   none   swap   discard   0   0
  • add your encrypt swap device define in /etc/crypttab
cryptswap   /dev/nvme0n1p2		none	luks
  • enable swap
root@laptop:/root# swapon -a
  • edit /etc/initramfs-tools/conf.d/resume. Replace the existing RESUME line with the following line.
root@laptop:/root# printf "RESUME=/dev/mapper/cryptswap" | tee /etc/initramfs-tools/conf.d/resume
  • Register these changes.
root@laptop:/root# update-initramfs -u -k all
  • Change your /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT to point to remove or be sure there is nothing in resume

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"

root@laptop:/root# update-grub

disable encrypted swap

root@laptop:/root# swapoff -a
root@laptop:/root# cryptsetup close cryptswap
root@laptop:/root# mkswap /dev/nvme0n1p2
root@laptop:/root# printf "RESUME=/dev/nvme0n1p2" | tee /etc/initramfs-tools/conf.d/resume
root@laptop:/root# update-initramfs -u -k all
root@laptop:/root# update-grub

  • ajust /etc/fstab to
/dev/nvme0n1p2  none    swap    discard 0       0
#/dev/mapper/cryptswap  none    swap    discard 0       0
  • check
root@laptop:/root# swapon -a
root@laptop:/root# swapon --summary
Nom de fichier				Type		Taille	Utilisé	Priorité
/dev/nvme0n1p2                         	partition	32653308	0	-2
root@laptop:/root# 

to be solve

cryptsetup: ERROR: Couln't resolve device rpool/ROOT/ubuntu_...
cryptsetup: WARNING: Couln't determine root device

sources