encrypted swap question
Deron Meranda
deron.meranda at gmail.com
Tue Aug 5 17:18:18 UTC 2008
On Tue, Aug 5, 2008 at 12:21 PM, Mike C <mike.cloaked at gmail.com> wrote:
> I have a machine with f9 clean installed and encrypted /, encrypted swap
> and encrypted /opt partitions.
>
> Of course during boot you are asked for the luks passphrase for all three
> partitions.
>
> ...
>
> I would like to to the same with the swap partition - but if I make a
> second keyfile in /root and refer to it on the swap partition line in
> /etc/crypttab in the same way as for /opt then it ignores this during boot and
> asks the user for the luks passphrase for the swap partition after asking for
> the passphrase for the root partition.
The / and primary swap partitions (or logical volumes) are handled a
bit differently than say /opt. They are mounted very early in the boot
process, and in fact are handled by the initrd's nash scripts. If you
change the LUKS options for these, you'll need to rebuild the initrd
(see mkinitrd) as well. Or, you could just wait until the next kernel
update and it will correct things for you.
I'd use /dev/urandom for swap; unless it's a laptop and you'll
be doing suspend-to-ram (which I've heard could have LUKS
issues).
--
Deron Meranda
More information about the fedora-list
mailing list