[dm-crypt] Encrypting swap

Konstantin Svist fry.kun at gmail.com
Thu May 10 21:50:30 CEST 2012


Hi,

I'm setting up Fedora 16 i686 with [luks] encrypted root on a laptop.

Problem is, I can't seem to find a way to encrypt the swap so that it 
would be usable for hibernation.

* Simple setup for encrypting swap uses a random key generated on each 
boot, so resuming doesn't work.
* Using the same key for swap & root is not recommended because some 
tool caches the password, making the whole thing meaningless [1]
* Using a swap file doesn't work because btrfs is Copy-On-Write, so the 
filesystem may get messed up by hibernate/resume process.

I'm not sure if the "same key" problem exists in Fedora 16, I've tried 
setting it up this way and I'm able to boot but not resume.

Any help appreciated!



[1] 
https://wiki.archlinux.org/index.php/Talk:System_Encryption_with_LUKS_for_dm-crypt#Suspend_to_disk_instructions_are_insecure 







More information about the dm-crypt mailing list