add somme comment
parent
d9c3748097
commit
69382acb89
@ -1,81 +1,86 @@
|
|||||||
# encrypt swap Ubuntu 20.04 with hibernation
|
# encrypt swap Ubuntu 20.04 with hibernation
|
||||||
|
|
||||||
## prerequisite
|
## prerequisite
|
||||||
|
|
||||||
* all command bellow are run has root
|
* all command bellow are run has root
|
||||||
* install ecryptfs
|
* install ecryptfs
|
||||||
|
|
||||||
~~~{bat}
|
~~~{bat}
|
||||||
root@laptop:/root# install apt-get install ecryptfs-utils
|
root@laptop:/root# install apt-get install ecryptfs-utils
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
## encrypt swap
|
## encrypt swap
|
||||||
|
|
||||||
* turn off current swap
|
* turn off current swap
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
root@laptop:/root# swapoff -a
|
root@laptop:/root# swapoff -a
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
* encrypt swap partition
|
* encrypt swap partition
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
root@laptop:/root# cryptsetup luksFormat --cipher aes-xts-plain64 --verify-passphrase --key-size 256 /dev/nvme0n1p2
|
root@laptop:/root# cryptsetup luksFormat --cipher aes-xts-plain64 --verify-passphrase --key-size 256 /dev/nvme0n1p2
|
||||||
root@laptop:/root# cryptsetup open /dev/nvme0n1p2 cryptswap
|
root@laptop:/root# cryptsetup open /dev/nvme0n1p2 cryptswap
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
* set up the crypt partition as swap.
|
* set up the crypt partition as swap.
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
root@laptop:/root# mkswap /dev/mapper/cryptswap
|
root@laptop:/root# mkswap /dev/mapper/cryptswap
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
* ajust **/etc/fstab** to use your mapper, replace your encrypt swap device like bellow :
|
* ajust **/etc/fstab** to use your mapper, replace your encrypt swap device like bellow :
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
/dev/mapper/cryptswap none swap discard 0 0
|
/dev/mapper/cryptswap none swap discard 0 0
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
* add your encrypt swap device define in **/etc/crypttab**
|
* add your encrypt swap device define in **/etc/crypttab**
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
cryptswap /dev/nvme0n1p2 none luks
|
cryptswap /dev/nvme0n1p2 none luks
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
* enable swap
|
* enable swap
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
root@laptop:/root# swapon -a
|
root@laptop:/root# swapon -a
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
* edit **/etc/initramfs-tools/conf.d/resume**. Replace the existing **RESUME** line with the following line.
|
* edit **/etc/initramfs-tools/conf.d/resume**. Replace the existing **RESUME** line with the following line.
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
root@laptop:/root# printf "RESUME=/dev/mapper/cryptswap" | tee /etc/initramfs-tools/conf.d/resume
|
root@laptop:/root# printf "RESUME=/dev/mapper/cryptswap" | tee /etc/initramfs-tools/conf.d/resume
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
* Register these changes.
|
* Register these changes.
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
root@laptop:/root# update-initramfs -u -k all
|
root@laptop:/root# update-initramfs -u -k all
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
|
|
||||||
* Change your /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT to point to remove or be sure there is nothing in resume
|
* Change your /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT to point to remove or be sure there is nothing in resume
|
||||||
|
|
||||||
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
|
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
root@laptop:/root# update-grub
|
root@laptop:/root# update-grub
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
### to be solve
|
### to be solve
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
cryptsetup: ERROR: Couln't resolve device rpool/ROOT/ubuntu_...
|
cryptsetup: ERROR: Couln't resolve device rpool/ROOT/ubuntu_...
|
||||||
cryptsetup: WARNING: Couln't determine root device
|
cryptsetup: WARNING: Couln't determine root device
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
## sources
|
~~~
|
||||||
* [wiki.archlinux.org - dm-crypt/Swap encryption](https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#LVM_on_LUKS)
|
- don't work anymore after upgrade form 20.04 to 21.04 on Full ZFS with zfs encrypt and encrypted swap but still work if swap is unencrypted.
|
||||||
* [help.ubuntu.com - Enable Hibernate With Encrypted Swap](https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap)
|
- just test it sucessfully again (12.2021) on a 20.04 Full ZFS with zfs unencrypt and encrypted swap.
|
||||||
|
~~~
|
||||||
|
|
||||||
|
## sources
|
||||||
|
* [wiki.archlinux.org - dm-crypt/Swap encryption](https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#LVM_on_LUKS)
|
||||||
|
* [help.ubuntu.com - Enable Hibernate With Encrypted Swap](https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap)
|
||||||
|
Loading…
Reference in New Issue
Block a user