[dm-crypt] Encrypting swap

Milan Broz mbroz at redhat.com
Thu May 10 22:30:47 CEST 2012


On 05/10/2012 09:50 PM, Konstantin Svist wrote:
> I'm setting up Fedora 16 i686 with [luks] encrypted root on a laptop.
> 
> Problem is, I can't seem to find a way to encrypt the swap so that it 
> would be usable for hibernation.
> 
> * Simple setup for encrypting swap uses a random key generated on each 
> boot, so resuming doesn't work.

Yes, you cannot use this for hibernation.

But default encrypted Fedora installation uses LUKS, which is suitable
for hibernation. (In fact it encrypts LVM PV, where both root and swap resides.)

> * Using the same key for swap & root is not recommended because some 
> tool caches the password, making the whole thing meaningless [1]

Completely different problem. Fedora init ramdisk will ask for password,
then resumes from hibernation. No passphrase is stored on disk...

Take F16 install DVD, check "encrypt system" in the first screen for
new installation.
That's all you need to make it work.

Milan


More information about the dm-crypt mailing list