Last week Soren helped me move my manually cryptsetup’d swap partition into the initramfs logic so that I could hibernate. Bottom line was:
- Create
/etc/initramfs-tools/conf.d/cryptrootfor your partition, based on the logic and defaults in/usr/share/initramfs-tools/scripts/local-top/cryptroot. - Convert the existing encrypted swap to the new configuration.
- Update initrd, reboot, enjoy.
Assuming your swap partition (in encrypted form) is stored at /dev/laptopvg/swaprawlv, and you want your accessible swap partition as /dev/mapper/swap, here are the above steps in detail:
Doing step 1 is simple, we’re assuming the defaults from the cryptroot script above:
echo source=/dev/laptopvg/swaprawlv target=swap > /etc/initramfs-tools/conf.d/cryptroot
Step 2 hurt my head. Make sure you’ve unmounted your swap before attempting this, or you can destroy the partition contents. The parameters come from the cryptroot script again:
swapoff /dev/mapper/swap vol_id /dev/mapper/swap cryptsetup -c aes-cbc-essiv:sha256 -h sha256 -s 256 create swap2 /dev/laptopvg/swaprawlv dd if=/dev/mapper/swap of=/dev/mapper/swap2 bs=4k cryptsetup remove swap vol_id /dev/mapper/swap2
Step 3 is simple again:
update-initramfs -u shutdown -r now
Ta-da!
© 2008, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 License.
I know this is a year old, but in the chance someone stumbles across this, putting usr/share/initramfs-tools/scripts/local-top/cryptroot in /etc/initramfs-tools/conf.d will spit out errors when you try updating your initrd. If you try this and freak out when you can’t update your initrd, just delete the cryptroot file you put in /etc/initramfs-tools/conf.d.
Comment by Chris — October 24, 2009 @ 2:01 am
Sorry if it was confusing, but these instructions do not intend for one to put that file in conf.d. One is supposed to read it for defaults, etc. See the “step 1” details for what’s expected.
Also, recent version of Ubuntu use “blkid” instead of “vol_id”.
Comment by kees — October 24, 2009 @ 1:14 pm