Hi,
I needed to do this (have hibernate to encrypted swap without lvm) because I already installed Slackware and didn't want to re-install with LVM (following the other thread
https://www.linuxquestions.org/quest...ernate-627958/). It's necessary to have swap encrypted otherwise if it's not and it's hibernated, then resuming will just resume from that unencrypted swap with no passphrase needed.
Here is how I did this, with /dev/sda1 the boot partition, /dev/sda2 root and /dev/sda3 swap
Setup the swap partition:
Code:
cryptsetup luksFormat /dev/sda3
cryptsetup luksOpen /dev/sda3 lukssda3
mkswap /dev/mapper/lukssda3
add to /etc/fstab:
Code:
/dev/mapper/lukssda3 swap swap
I used "lukssda3" here because that's what mkinitrd will call it.
This swap partition needs to be decryptable at fresh boot up time (not resuming), and needs to be automatic if the root partition is already decrypted, so:
Code:
dd if=/dev/random of=/root/swap_key bs=1 count=20
cryptsetup luksAddKey /dev/sda3 /root/swap_key
This way it can be decrypted with either the passphrase or the /root/swap_key file. To get decrypted at boot, added this to /etc/rc.d/rc.local:
Code:
#Setting up swap here, because it's both encrypted and used for hibernation,
#and Slackware's scripts don't support that. If the machine is resuming,
#this is not run at boot up (nothing else is either).
cryptsetup luksOpen --key-file /root/swap_key /dev/sda3 lukssda3
swapon -a
/etc/lilo.conf:
Code:
image = /boot/vmlinuz-huge-5.12.14
#mkinitrd -h /dev/mapper/lukssda3 -l uk -c -k 5.12.14 -s /root/initrd-tree -f ext4 -r lukssda2 -C /dev/sda3 -o /boot/initrd-5.12.14-resume.gz
initrd = /boot/initrd-5.12.14-resume.gz
root = /dev/mapper/lukssda2
label = 5.12.14-resume
read-only
image = /boot/vmlinuz-huge-5.12.14
#mkinitrd -l uk -c -k 5.12.14 -s /root/initrd-tree -f ext4 -r lukssda2 -C /dev/sda2 -o /boot/initrd-5.12.14.gz
initrd = /boot/initrd-5.12.14.gz
root = /dev/mapper/lukssda2
label = 5.12.14-fresh
read-only
image = /boot/vmlinuz-huge-5.12.14
#as fresh
initrd = /boot/initrd-5.12.14.gz
root = /dev/mapper/lukssda2
label = 5.12.14-rescue
read-only
append="rescue"
This way, it defaults to resuming, and does so just by decrypting the swap partition, doesn't need to decrypt root - that's already decrypted in the hibernated system in the swap space. This boot up will fail if the machine was previously shutdown without hibernating, I couldn't see a way to make it detect that and just boot up normally (without patching mkinitrd).
Off topic, but for running scripts at resume time I did this, which I also couldn't find any documentation for. Created file /etc/rc.d/rc.local_resume with my stuff I want to run at resume time, and script hibertnate.sh which calls that rc.local_resume script when it resumes, which is just this:
Code:
#!/bin/bash
echo disk > /sys/power/state
/etc/rc.d/rc.local_resume
Then in my window manager bound a hotkey to run
Code:
sudo /path/to/hibertnate.sh
and put this in /etc/sudoers:
Code:
ldarby ALL = (root) NOPASSWD: /path/to/hibernate.sh