Re: [dm-crypt] Encrypting swap

DM-Crypt Archive on lore.kernel.org
 help / color / mirror / Atom feed

From: Milan Broz <mbroz@redhat.com>
To: Konstantin Svist <fry.kun@gmail.com>
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] Encrypting swap
Date: Thu, 10 May 2012 22:30:47 +0200	[thread overview]
Message-ID: <4FAC2577.9080603@redhat.com> (raw)
In-Reply-To: <4FAC1C06.5090109@gmail.com>

On 05/10/2012 09:50 PM, Konstantin Svist wrote:
> I'm setting up Fedora 16 i686 with [luks] encrypted root on a laptop.
> 
> Problem is, I can't seem to find a way to encrypt the swap so that it 
> would be usable for hibernation.
> 
> * Simple setup for encrypting swap uses a random key generated on each 
> boot, so resuming doesn't work.

Yes, you cannot use this for hibernation.

But default encrypted Fedora installation uses LUKS, which is suitable
for hibernation. (In fact it encrypts LVM PV, where both root and swap resides.)

> * Using the same key for swap & root is not recommended because some 
> tool caches the password, making the whole thing meaningless [1]

Completely different problem. Fedora init ramdisk will ask for password,
then resumes from hibernation. No passphrase is stored on disk...

Take F16 install DVD, check "encrypt system" in the first screen for
new installation.
That's all you need to make it work.

Milan

     prev parent reply	other threads:[~2012-05-10 20:30 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-05-10 19:50 [dm-crypt] Encrypting swap Konstantin Svist
2012-05-10 20:30 ` Milan Broz [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4FAC2577.9080603@redhat.com \
    --to=mbroz@redhat.com \
    --cc=dm-crypt@saout.de \
    --cc=fry.kun@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox