From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <heiko.rosemann@web.de>
Received: from mout.web.de (mout.web.de [212.227.17.12])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Mon, 29 Sep 2014 01:47:12 +0200 (CEST)
Received: from [192.168.123.201] ([78.51.67.66]) by smtp.web.de (mrweb103)
 with ESMTPSA (Nemesis) id 0LzsC7-1YLYkA0rH1-014xQK for <dm-crypt@saout.de>;
 Mon, 29 Sep 2014 01:47:09 +0200
Message-ID: <54289DF8.1020405@web.de>
Date: Mon, 29 Sep 2014 01:47:04 +0200
From: Heiko Rosemann <heiko.rosemann@web.de>
MIME-Version: 1.0
References: <58008.10.0.2.3.1411790479.squirrel@biostat.ucsf.edu>
 <20140927101918.GA10333@tansi.org>
 <20140927193930.GA31627@markov.biostat.ucsf.edu>
 <20140927203258.GA18346@tansi.org>
In-Reply-To: <20140927203258.GA18346@tansi.org>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Subject: Re: [dm-crypt] System comes up very slowly
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/27/2014 10:32 PM, Arno Wagner wrote:
> On Sat, Sep 27, 2014 at 21:39:30 CEST, Ross Boylan wrote:
>> What does it mean for encrypted swap + hibernate (power is off
>> but system state is saved to disk)?
>=20
> If you can wake up without giving encryption keys again, the key is
> somehwere on disk.

Let me just jump in here because this is the way I am using my system:
For hibernating to encrypted swap (more precisely, to resume from an
encrypted swap), you do need to give the encryption key/passphrase
again - to an initrd/initramfs to re-luksOpen the encrypted swap
device before trying to resume from it. (btw this implies you can not
use random keys for swap if you want hibernate/resume, as obviously
there should be no chance to regenerate a random key)

JFTR, the relevant parts of my initramfs' init file look as follows,
with $RESUMEDEV evaluating to /dev/mapper/swap and
open{swap,root,home,var} being shell wrappers for mounting a USB
storage device containing key files, opening a luks-encrypted
partition, unmounting the storage device.

# Open swap crypto device (my own addition)
/sbin/openswap

# Resume state from swap (Slackware mkinitrd)
echo "Trying to resume from $RESUMEDEV"
RESMAJMIN=3D$(ls -l $RESUMEDEV | tr , : | awk '{ print $5$6 }')
echo $RESMAJMIN > /sys/power/resume

# If resume failed, also open other crypto devices (my own addition)
/sbin/openroot
/sbin/openvar
/sbin/openhome

# Switch to real root partition: (Slackware mkinitrd)
/sbin/udevadm settle --timeout=3D10
echo 0x0100 > /proc/sys/kernel/real-root-dev
mount -o ro -t $ROOTFS $ROOTDEV /mnt

YMMV,
Heiko

- --=20
Mein PGP-Key zur Verifizierung: http://pgp.mit.edu

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlQonfUACgkQ/Vb5NagElAW9JwCgqELCNnS1gyAbfD683g1AssJF
6qwAn1PuJxtX+BBLRfkAlrahnsJtn7oe
=3DsqoT
-----END PGP SIGNATURE-----