From: Heiko Rosemann <heiko.rosemann@web.de>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] System comes up very slowly
Date: Mon, 29 Sep 2014 01:47:04 +0200 [thread overview]
Message-ID: <54289DF8.1020405@web.de> (raw)
In-Reply-To: <20140927203258.GA18346@tansi.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/27/2014 10:32 PM, Arno Wagner wrote:
> On Sat, Sep 27, 2014 at 21:39:30 CEST, Ross Boylan wrote:
>> What does it mean for encrypted swap + hibernate (power is off
>> but system state is saved to disk)?
>
> If you can wake up without giving encryption keys again, the key is
> somehwere on disk.
Let me just jump in here because this is the way I am using my system:
For hibernating to encrypted swap (more precisely, to resume from an
encrypted swap), you do need to give the encryption key/passphrase
again - to an initrd/initramfs to re-luksOpen the encrypted swap
device before trying to resume from it. (btw this implies you can not
use random keys for swap if you want hibernate/resume, as obviously
there should be no chance to regenerate a random key)
JFTR, the relevant parts of my initramfs' init file look as follows,
with $RESUMEDEV evaluating to /dev/mapper/swap and
open{swap,root,home,var} being shell wrappers for mounting a USB
storage device containing key files, opening a luks-encrypted
partition, unmounting the storage device.
# Open swap crypto device (my own addition)
/sbin/openswap
# Resume state from swap (Slackware mkinitrd)
echo "Trying to resume from $RESUMEDEV"
RESMAJMIN=$(ls -l $RESUMEDEV | tr , : | awk '{ print $5$6 }')
echo $RESMAJMIN > /sys/power/resume
# If resume failed, also open other crypto devices (my own addition)
/sbin/openroot
/sbin/openvar
/sbin/openhome
# Switch to real root partition: (Slackware mkinitrd)
/sbin/udevadm settle --timeout=10
echo 0x0100 > /proc/sys/kernel/real-root-dev
mount -o ro -t $ROOTFS $ROOTDEV /mnt
YMMV,
Heiko
- --
Mein PGP-Key zur Verifizierung: http://pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlQonfUACgkQ/Vb5NagElAW9JwCgqELCNnS1gyAbfD683g1AssJF
6qwAn1PuJxtX+BBLRfkAlrahnsJtn7oe
=sqoT
-----END PGP SIGNATURE-----
prev parent reply other threads:[~2014-09-28 23:47 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-27 4:01 [dm-crypt] System comes up very slowly Ross Boylan
2014-09-27 10:19 ` Arno Wagner
2014-09-27 19:39 ` Ross Boylan
2014-09-27 20:32 ` Arno Wagner
2014-09-27 22:30 ` Ross Boylan
2014-09-28 15:53 ` Arno Wagner
2014-09-28 23:47 ` Heiko Rosemann [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54289DF8.1020405@web.de \
--to=heiko.rosemann@web.de \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox