Re: encrypted swap question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Aug 5, 2008 at 12:21 PM, Mike C <mike.cloaked@xxxxxxxxx> wrote:
> I have a machine with f9 clean installed and encrypted /, encrypted swap
> and encrypted /opt partitions.
>
> Of course during boot you are asked for the luks passphrase for all three
> partitions.
>
> ...
>
> I would like to to the same with the swap partition - but if I make a
> second keyfile in /root and refer to it on the swap partition line in
> /etc/crypttab in the same way as for /opt then it ignores this during boot and
> asks the user for the luks passphrase for the swap partition after asking for
> the passphrase for the root partition.

The / and primary swap partitions (or logical volumes) are handled a
bit differently than say /opt.  They are mounted very early in the boot
process, and in fact are handled by the initrd's nash scripts.  If you
change the LUKS options for these, you'll need to rebuild the initrd
(see mkinitrd) as well.  Or, you could just wait until the next kernel
update and it will correct things for you.

I'd use /dev/urandom for swap; unless it's a laptop and you'll
be doing suspend-to-ram (which I've heard could have LUKS
issues).
-- 
Deron Meranda

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux