diff --git a/encrypt-swap-Ubuntu-20.04.md b/encrypt-swap-Ubuntu-20.04.md index 79debd7..d97aae2 100644 --- a/encrypt-swap-Ubuntu-20.04.md +++ b/encrypt-swap-Ubuntu-20.04.md @@ -1,42 +1,60 @@ +# encrypt swap Ubuntu 20.04 with hibernation + ## prerequisite * all command bellow are run has root - -## encrypt swap partition - -sources : -* [wiki.archlinux.org - dm-crypt/Swap encryption](https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#LVM_on_LUKS) -* [help.ubuntu.com - Enable Hibernate With Encrypted Swap](https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap) +* install ecryptfs + +~~~ +install apt-get install ecryptfs-utils +~~~ + +## encrypt swap + +* turn off current swap ~~~ -apt-get install ecryptfs-utils swapoff -a +~~~ + +* encrypt swap partition + +~~~ cryptsetup luksFormat --cipher aes-xts-plain64 --verify-passphrase --key-size 256 /dev/nvme0n1p2 cryptsetup open /dev/nvme0n1p2 cryptswap +~~~ + +* set up the crypt partition as swap. + +~~~ mkswap /dev/mapper/cryptswap ~~~ -Now ajust /etc/fstab to use your mapper, replace your encrypt swap device like bellow : +* ajust /etc/fstab to use your mapper, replace your encrypt swap device like bellow : ~~~ /dev/mapper/cryptswap none swap discard 0 0 ~~~ -add your encrypt swap device define in /etc/crypttab +* add your encrypt swap device define in /etc/crypttab ~~~ cryptswap /dev/nvme0n1p2 none luks ~~~ +* enable swap + ~~~ swapon -a ~~~ +* edit /etc/initramfs-tools/conf.d/resume. Replace the existing RESUME line with the following line. + ~~~ printf "RESUME=UUID=/dev/mapper/cryptswap" | tee /etc/initramfs-tools/conf.d/resume ~~~ -Register these changes. +* Register these changes. ~~~ update-initramfs -u -k all @@ -48,3 +66,7 @@ update-initramfs -u -k all cryptsetup: ERROR: Couln't resolve device rpool/ROOT/ubuntu_... cryptsetup: WARNING: Couln't determine root device ~~~ + +## sources +* [wiki.archlinux.org - dm-crypt/Swap encryption](https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#LVM_on_LUKS) +* [help.ubuntu.com - Enable Hibernate With Encrypted Swap](https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap)