encrypted swap question
Bill Davidsen
davidsen at tmr.com
Wed Aug 6 11:12:14 UTC 2008
Mike C wrote:
> Deron Meranda <deron.meranda <at> gmail.com> writes:
>
>> The / and primary swap partitions (or logical volumes) are handled a
>> bit differently than say /opt. They are mounted very early in the boot
>> process, and in fact are handled by the initrd's nash scripts. If you
>> change the LUKS options for these, you'll need to rebuild the initrd
>> (see mkinitrd) as well. Or, you could just wait until the next kernel
>> update and it will correct things for you.
>>
>> I'd use /dev/urandom for swap; unless it's a laptop and you'll
>
> Great - I understand now - yes I remember there were certainly mkinitrd
> issues in F8 which are hopefully corrected in f9.
>
> Indeed this is a laptop - I guess I can re-run mkinitrd manually
> and maybe this will work ahead of waiting for another kernel.
> Hence referring to the keyfile in /root will be better than /dev/urandom
>
Better in what way? I think either case gets you out of typing a 2nd
LIKS password. Using /dev/urandom seems to avoid having a password where
anyone could ever recover it, and I think using LUKS on swap will kill
suspend in either case (it may work better than it did last time I tried
it).
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the fedora-list
mailing list