codeblog

3/5/2008

swapping encryption, hurting your head

Filed under: Security, Ubuntu — kees @ 11:18 am

Last week Soren helped me move my manually cryptsetup’d swap partition into the initramfs logic so that I could hibernate. Bottom line was:

  1. Create /etc/initramfs-tools/conf.d/cryptroot for your partition, based on the logic and defaults in /usr/share/initramfs-tools/scripts/local-top/cryptroot.
  2. Convert the existing encrypted swap to the new configuration.
  3. Update initrd, reboot, enjoy.

Assuming your swap partition (in encrypted form) is stored at /dev/laptopvg/swaprawlv, and you want your accessible swap partition as /dev/mapper/swap, here are the above steps in detail:

Doing step 1 is simple, we’re assuming the defaults from the cryptroot script above:

    echo source=/dev/laptopvg/swaprawlv target=swap > /etc/initramfs-tools/conf.d/cryptroot

Step 2 hurt my head. Make sure you’ve unmounted your swap before attempting this, or you can destroy the partition contents. The parameters come from the cryptroot script again:

    swapoff /dev/mapper/swap
vol_id /dev/mapper/swap
cryptsetup -c aes-essiv:sha256 -h sha256 -s 256 create swap2 /dev/laptopvg/swaprawlv
dd if=/dev/mapper/swap of=/dev/mapper/swap2 bs=4k
cryptsetup remove swap
vol_id /dev/mapper/swap2

Step 3 is simple again:

    update-initramfs -u
shutdown -r now

Ta-da!

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • bodytext
  • del.icio.us
  • Facebook
  • Google
  • Technorati

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

Powered by WordPress