nomad/wiki-system
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Michel Le Cocq
2020-06-23 09:59:32 +02:00
parent 0c976ae037
commit f22a993dc6
1 changed files with 58 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

174
encrypt-swap-Ubuntu-20.04.md

@ -1,116 +1,58 @@
## encrypt swap partition ## encrypt swap partition
sources : sources :
* [wiki.archlinux.org - dm-crypt/Swap encryption](https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#LVM_on_LUKS) * [wiki.archlinux.org - dm-crypt/Swap encryption](https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#LVM_on_LUKS)
* [help.ubuntu.com - Enable Hibernate With Encrypted Swap](https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap) * [help.ubuntu.com - Enable Hibernate With Encrypted Swap](https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap)
~~~ ~~~
apt-get install ecryptfs-utils apt-get install ecryptfs-utils
swapoff -a swapoff -a
cryptsetup luksFormat --cipher aes-xts-plain64 --verify-passphrase --key-size 256 /dev/nvme0n1p2 cryptsetup luksFormat --cipher aes-xts-plain64 --verify-passphrase --key-size 256 /dev/nvme0n1p2
cryptsetup open /dev/<device> cryptswap cryptsetup open /dev/<device> cryptswap
mkswap /dev/mapper/cryptswap mkswap /dev/mapper/cryptswap
~~~ ~~~
/!\ le point ci-dessous est sans doute inutile /!\ le point ci-dessous est sans doute inutile
* Change your /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT to remove resume part wich is now manage by initramfs * Change your /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT to remove resume part wich is now manage by initramfs
~~~ ~~~
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash" GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
~~~ ~~~
~~~ ~~~
update-grub update-grub
~~~ ~~~
Now ajust /etc/fstab to use your mapper, replace your encrypt swap device like bellow : Now ajust /etc/fstab to use your mapper, replace your encrypt swap device like bellow :
~~~ ~~~
/dev/mapper/cryptswap none swap discard 0 0 /dev/mapper/cryptswap none swap discard 0 0
~~~ ~~~
add your encrypt swap device define in /etc/crypttab add your encrypt swap device define in /etc/crypttab
~~~ ~~~
cryptswap /dev/nvme0n1p2 none luks cryptswap /dev/nvme0n1p2 none luks
~~~ ~~~
~~~ ~~~
swapon -a swapon -a
~~~ ~~~
~~~ ~~~
printf "RESUME=UUID=/dev/mapper/cryptswap" | tee /etc/initramfs-tools/conf.d/resume printf "RESUME=UUID=/dev/mapper/cryptswap" | tee /etc/initramfs-tools/conf.d/resume
~~~ ~~~
Register these changes. Register these changes.
~~~ ~~~
update-initramfs -u -k all update-initramfs -u -k all
~~~ ~~~
### to be solve ### to be solve
~~~ ~~~
cryptsetup: ERROR: Couln't resolve device rpool/ROOT/ubuntu_... cryptsetup: ERROR: Couln't resolve device rpool/ROOT/ubuntu_...
cryptsetup: WARNING: Couln't determine root device cryptsetup: WARNING: Couln't determine root device
~~~ ~~~
## disable encrypt swap partition
* Turn off swap
~~~
swapoff /dev/mapper/cryptswap1
~~~
* Undo the existing mapping.
~~~
cryptsetup luksClose /dev/mapper/cryptswap
~~~
* remove your encrypt swap device define in your /etc/crypttab
* ajust /etc/fstab to use your real swap partition
~~~
/dev/nvme0n1p2 none swap discard 0 0
~~~
/!\ le point ci-dessous est sans doute inutile
* Change your /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT to point to your real partition
~~~
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash resume=/dev/nvme0n1p2"
~~~
~~~
update-grub
~~~
* edit /etc/initramfs-tools/conf.d/resume. Replace the existing RESUME line with the following line.
~~~
RESUME=/dev/nvme0n1p2
~~~
Register these changes.
~~~
update-initramfs -u -k all
~~~
* make your partition a swap
~~~
mkswap /dev/nvme0n1p2
~~~
* activate swap
~~~
swapon -a
~~~