Encrypted swap & hibernation ?
Hi,
I'd like to change the current swap partition to encrypted one and still be able to use standard Linux's hibernation (invoked with pm-utils). No other encrypted volumes are required, just swap. Followed official guide at http://slackware.osuosl.org/slackwar...ADME_CRYPT.TXT I did
Now if I boot system after hiberation, I can see error messages about /dev/mapper/cryptswap does not exist whereas later a can see this device mounted and working. Also did remarked LUKS tries to open `/dev/mapper/lukssda2' which I did nowhere defined. Any idea ? |
Conflict of Objectives?
Doesn't using hibernate on an encrypted system defeat one of the primary purposes of having the computer encrypted?
If only a data partition is encrypted perhaps it makes sense, as you can lock and unlock it as needed. But when you are encrypting swap typically you are encrypting the operating system partitions also. Just asking. |
LUKS asks for a password to decrypt(unlock) the swap partition at boot, so the whole system snapshot is relatively safe. The primary initialization is handled with init ramdisk stored on an unenrypted partition including unlocking of encrypted ones, so I don't see a contradiction here.
|
When your system is powered back on from hibernate aren't the disks available without encryption (unlocked)?
When your laptop is stolen from your car in a hibernate state won't the disk data be available unencrypted when it is powered back on? I don't use hibernate on a partially encrypted system so I don't know. I'm just asking. |
The data stored from memory to an encrypted swap partition at hibernation are inaccessible until proper password is entered at boot. Of course other unencrypted partitions can be read by anyone with physical access to the notebook.
/dev/sda1 unencrypted ext4 system contains linux image and initrd /dev/sda2 swap partition to be converted to encrypted one |
I guess I'm not familiar with what happens when a system starts up from hibernate. I didn't think that a boot was involved, but merely the restoring of RAM and continuing where it left off, which I thought would have meant unlocked disk partitions if they were unlocked when hibernate was initiated (RAM moved to disk).
I'll have to experiment some with hibernate and encrypted partitions. EDIT: Don't let my side issue disrupt the OP request for assistance. Others please respond to torimus request. EDIT: A link that may be useful to your problem. https://www.linuxquestions.org/quest...6/#post4801795 |
Quote:
Hibernate completely powers off your system after saving everything to your (hopefully encrypted) swap file. When you turn the system back on, it starts with the normal boot process, loads the initrd, attempts to mount and open your root and and swap files. Because they are encrypted, you are prompted for your encryption password(s) to unlock them. It is only then that the hibernation is detected and the system begins to restore the image from swap. |
So a normal boot process takes place then later the hibernate state is handled.
Thanks for the explanation Z038 and making me a little less ignorant regarding hibernate. I didn't mean to hijack this thread. My apology. I hope torimus solves the original problem. |
Quote:
Code:
-C device list |
All times are GMT -5. The time now is 09:25 PM. |