nomad/wiki-system
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Michel Le Cocq
2020-06-23 09:59:32 +02:00
parent 0c976ae037
commit f22a993dc6
1 changed files with 58 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

174
encrypt-swap-Ubuntu-20.04.md

@ -1,116 +1,58 @@
## encrypt swap partition
sources :
* [wiki.archlinux.org - dm-crypt/Swap encryption](https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#LVM_on_LUKS)
* [help.ubuntu.com - Enable Hibernate With Encrypted Swap](https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap)
~~~
apt-get install ecryptfs-utils
swapoff -a
cryptsetup luksFormat --cipher aes-xts-plain64 --verify-passphrase --key-size 256 /dev/nvme0n1p2
cryptsetup open /dev/<device> cryptswap
mkswap /dev/mapper/cryptswap
~~~
/!\ le point ci-dessous est sans doute inutile
* Change your /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT to remove resume part wich is now manage by initramfs
~~~
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
~~~
~~~
update-grub
~~~
Now ajust /etc/fstab to use your mapper, replace your encrypt swap device like bellow :
~~~
/dev/mapper/cryptswap none swap discard 0 0
~~~
add your encrypt swap device define in /etc/crypttab
~~~
cryptswap /dev/nvme0n1p2 none luks
~~~
~~~
swapon -a
~~~
~~~
printf "RESUME=UUID=/dev/mapper/cryptswap" | tee /etc/initramfs-tools/conf.d/resume
~~~
Register these changes.
~~~
update-initramfs -u -k all
~~~
### to be solve
~~~
cryptsetup: ERROR: Couln't resolve device rpool/ROOT/ubuntu_...
cryptsetup: WARNING: Couln't determine root device
~~~
## disable encrypt swap partition
* Turn off swap
~~~
swapoff /dev/mapper/cryptswap1
~~~
* Undo the existing mapping.
~~~
cryptsetup luksClose /dev/mapper/cryptswap
~~~
* remove your encrypt swap device define in your /etc/crypttab
* ajust /etc/fstab to use your real swap partition
~~~
/dev/nvme0n1p2 none swap discard 0 0
~~~
/!\ le point ci-dessous est sans doute inutile
* Change your /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT to point to your real partition
~~~
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash resume=/dev/nvme0n1p2"
~~~
~~~
update-grub
~~~
* edit /etc/initramfs-tools/conf.d/resume. Replace the existing RESUME line with the following line.
~~~
RESUME=/dev/nvme0n1p2
~~~
Register these changes.
~~~
update-initramfs -u -k all
~~~
* make your partition a swap
~~~
mkswap /dev/nvme0n1p2
~~~
* activate swap
~~~
swapon -a
~~~
## encrypt swap partition
sources :
* [wiki.archlinux.org - dm-crypt/Swap encryption](https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#LVM_on_LUKS)
* [help.ubuntu.com - Enable Hibernate With Encrypted Swap](https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap)
~~~
apt-get install ecryptfs-utils
swapoff -a
cryptsetup luksFormat --cipher aes-xts-plain64 --verify-passphrase --key-size 256 /dev/nvme0n1p2
cryptsetup open /dev/<device> cryptswap
mkswap /dev/mapper/cryptswap
~~~
/!\ le point ci-dessous est sans doute inutile
* Change your /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT to remove resume part wich is now manage by initramfs
~~~
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
~~~
~~~
update-grub
~~~
Now ajust /etc/fstab to use your mapper, replace your encrypt swap device like bellow :
~~~
/dev/mapper/cryptswap none swap discard 0 0
~~~
add your encrypt swap device define in /etc/crypttab
~~~
cryptswap /dev/nvme0n1p2 none luks
~~~
~~~
swapon -a
~~~
~~~
printf "RESUME=UUID=/dev/mapper/cryptswap" | tee /etc/initramfs-tools/conf.d/resume
~~~
Register these changes.
~~~
update-initramfs -u -k all
~~~
### to be solve
~~~
cryptsetup: ERROR: Couln't resolve device rpool/ROOT/ubuntu_...
cryptsetup: WARNING: Couln't determine root device
~~~