LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 03-14-2008, 02:06 AM   #1
BCarey
Senior Member
 
Registered: Oct 2005
Location: New Mexico
Distribution: Slackware
Posts: 1,490

Rep: Reputation: Disabled
luks encryption, swap and hibernate


I'm trying to get hibernation to work with a luks encrypted swap partition. There are reports of success with this on ubuntu and fedora. As far as I can tell, the key is creating an appropriate initrd, or using tuxonice. I have tried creating a "normal" encrypted swap partition (with a password). I have tried creating an initrd with the -C option to load the necessary modules. I cannot seem to get it to request a password for the swap partition at boot. I've looked through the mkinitrd script, and have seen mkinitrd patches for fedora, but I have very limited knowledge of shell scripting and much of what I've seen is for the moment over my head. I'm happy to keep exploring, but I was wondering:

Has anyone got this to work on Slackware?

Brian
 
Old 03-14-2008, 02:12 PM   #2
bl0tt0
Member
 
Registered: Aug 2005
Location: The Glorious People's Republic of Austin
Posts: 145

Rep: Reputation: 21
I went a little bit of a different route and used LVM on top of a LUKS encrypted partition, then used one logical volume for swap. It makes handling an encrypted installation a whoooooooole lot easier since then you only have to enter one password in order two open up your system. The only caveat for getting suspend to disk working is that you have to make sure and give it the right disk mapping for the swap partition. I found the kernel Documentation/power/swsusp-dmcrypt.txt to be really useful in editing the initrd init script. Of course, the assumption there is that you're using the kernel's built-in suspend to disk, and not the suspend2 patches, etc. I'm afraid I can't be too helpful with that. The other useful source of information I found was on the gentoo-wiki: http://gentoo-wiki.com/SECURITY_Syst..._with_LUKS#FAQ.
Good luck.

EDIT:

Also, if you have at least a working initrd for the root filesystem, you can edit /boot/initrd-tree/init, copy the line that runs /sbin/cryptsetup luksOpen ... ... ... and change the ${LUKSDEV} and $ROOTDEV variables to point directly to your swap partition and mapped name, and it should open without any trouble. The other thing you might have to do is pull out the numeric mapping of your swap partition by running
Code:
ls -l /dev/mapper/whateveryounamedswap
and adding a line in the init right before it switches to the real root partition like this:
Code:
echo foo:bar > /sys/power/resume
Of course, you'll also have to run mkinitrd without any flags to rebuild the initrd.gz, and run lilo again, but that should work.

Last edited by bl0tt0; 03-14-2008 at 04:29 PM. Reason: additional tip if you're not looking to do a reinstall:
 
Old 03-15-2008, 03:08 PM   #3
BCarey
Senior Member
 
Registered: Oct 2005
Location: New Mexico
Distribution: Slackware
Posts: 1,490

Original Poster
Rep: Reputation: Disabled
Hi bl0tt0,

I just wanted to tell you that I really appreciate your help. This is all new to me, and I am unfamiliar with the inner workings of initrd, so it will take me some time to wade through the scripts. I'll certainly post back once I figure it all out.

Brian
 
Old 03-18-2008, 06:27 PM   #4
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,393

Rep: Reputation: Disabled
Hi!

On slackware-current this is all a bit easier.
I just installed Slackware-current. After the installer booted up, I created a small partition /dev/hda1 to be used as the boot partition, and the rest of the disk was devoted to a single big partition /dev/hda2 which I encrypted using cryptsetup.
On top of that encrypted partition I created a LVM PV (physical volume), then a VG (volume group) called "cryptvg" (any name will do) and then 3 LV's (logical volumes) called 'root' 'home' and 'swap' (again, any name will do), one for / and /home partitions and the 3rd to be used as swap partition. I made sure to create the swap volume bigger than the total amount of RAM I have in my laptop.
Then I created device nodes for these and enabled them:
Code:
vgscan --mknodes && vgchange -ay
I had to configure swap before running setup. The setup program will only recognize swap partitions when they are 'real' partitions of type '82' (Linux swap): so I ran:
Code:
mkswap -v1 /dev/cryptvg/swap && swapon /dev/cryptvg/swap
After that, I started setup, and installed Slackware to /dev/cryptvg/root (the LV I created for the root partition) and /dev/cryptvg/home (which is the LV I created for the /home partition). Do not forget to create a separate entry for a /boot partition! On an encrypted system you need an unencrypted /boot so that your kernel and initrd can be loaded into memory when booting the computer.

At the end of the install, do not reboot! You should 'chroot' into your newly installed system:
Code:
chroot /mnt
First, edit the /etc/fstab in the chroot and add a line for your swap:
Code:
/dev/cryptvg/swap  swap  swap  defaults  0 0
Then, create an initrd with support for LVM, LUKS and hibernation (my root filesystem is ext3):
Code:
mkinitrd -c -k 2.6.24.3-smp -m ext3 -f ext3 -r /dev/cryptvg/root -C /dev/hda2 -L -h /dev/cryptvg/swap
Then, edit /etc/lilo.conf and change a couple of things:

Add an "append" line (or if you already added an append option, just add 'resume=/dev/cryptvg/swap' to that line):
Code:
append = "resume=/dev/cryptvg/swap"
Change your entry for the Linux kernel so that it uses the generic kernel, plus your initrd (the combination of a huge kernel plus initrd will not work):
Code:
image = /boot/vmlinuz-generic-smp-2.6.24.3-smp
  initrd = /boot/initrd.gz
  root = /dev/cryptvg/root
  label = linux
  read-only
Then, run "lilo" to make the changes stick.
Now you can safely reboot into your newly installed Slackware. On boot, you will be asked for your LUKS passphrase which will unlock the encrypted container. After that, the LVM will be configured and Slackware will start as usual.

This will give you a fully encrypted system including the swap (well, minus the /boot partition). When you hibernate (suspend to disk) your RAM will be saved to that swap partition, and when the power is off, this will be all encrypted! No one will be able to get to your data now, because when you boot again, you will first have to enter that LUKS passphrase again before your hibernation image can be loaded back into RAM.

Using a proper set of acpi scripts you can now make your hibernation process very easy. I just need to press my laptop's POWER button briefly to hibernate the machine (suspend to disk), and closing the lid will suspend Slackware to RAM (sleep mode).
A copy of the acpi scripts I received from Robby Workman are here: http://www.slackware.com/~alien/tools/acpi.tar.gz


Cheers Eric
 
Old 03-18-2008, 11:22 PM   #5
rworkman
Slackware Contributor
 
Registered: Oct 2004
Location: Tuscaloosa, Alabama (USA)
Distribution: Slackware
Posts: 1,971

Rep: Reputation: Disabled
A minor caveat: the acpi scripts are at least partially Thinkpad specific, especially the hotkey stuff, so your mileage may vary.
 
Old 03-23-2008, 06:58 AM   #6
titopoquito
Senior Member
 
Registered: Jul 2004
Location: Ruhr Area, Germany
Distribution: Slackware64 14.0
Posts: 1,525

Rep: Reputation: 94
EDIT: With the changes in Slackware current today (Wed Mar 26 00:21:34 CDT 2008) the problem no longer exists, the installer recognizes the swap partition like alienbob wrote above.

-- old post follows --

Quote:
Originally Posted by Alien Bob View Post
Hi!

I had to configure swap before running setup. The setup program will only recognize swap partitions when they are 'real' partitions of type '82' (Linux swap): so I ran:
Code:
mkswap -v1 /dev/cryptvg/swap && swapon /dev/cryptvg/swap
This doesn't seem to work per se here. I am not familiar with LVM, so take my comment merely as a question and not as some sort of rant .

If I use cfdisk to create a swap (partition type 82) on /dev/cryptvg/swap BEFORE the line you gave above then the swap space is recognized. I'm not sure though if that is how it should work. If I don't treat the swap space like that, the installer won't pick up the swap unfortunately and only tells me that I didn't create one with fdisk. I'm doing this in a virtual machine, but I guess that shouldn't make any difference.
Do I have to use fdisk/cfdisk to explicitly set the partition type of 82 for swap space?

Last edited by titopoquito; 03-26-2008 at 02:16 PM.
 
Old 04-15-2008, 06:48 PM   #7
BCarey
Senior Member
 
Registered: Oct 2005
Location: New Mexico
Distribution: Slackware
Posts: 1,490

Original Poster
Rep: Reputation: Disabled
Big thanks to Eric H.! I finally upgraded to -current and followed Eric's procedure and it worked great. (I see it has also been added to the CRYPT readme.)

I am able to hibernate and resume from a console and with the nv video driver. I haven't had luck with the nvidia driver yet, and can't suspend, but those will be topics for another thread. luks/swap/hibernate work just fine.

EDIT
nvidia driver works when I add 'Options "NvAgp" "1"' to xorg.conf
/EDIT

Thanks again (and for the mirror-slackware script).

Brian

Last edited by BCarey; 04-15-2008 at 07:25 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Hibernate (suspend to disk) breaks swap alienDog Linux - General 4 07-21-2008 10:25 AM
Expanded Swap for Hibernate, now what? sixsidepentagon Linux - Newbie 12 10-06-2007 01:58 PM
Some questions about swap and hibernate Ryzol Linux - Desktop 1 08-29-2007 08:34 AM
Hibernate/suspend with two swap partitions ordealbyfire83 Linux - Hardware 8 07-30-2007 01:11 PM
System encryption with dm-crypt and luks? Zmyrgel Slackware 9 09-02-2006 11:40 AM


All times are GMT -5. The time now is 04:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration