encrypted swap partition

For using an encrypted swap partition the following steps are necessary:

  1. patch the file /etc/init.d/mountall.sh. Replace the line swapon -a 2> /dev/null with a call to /etc/init.d/mount-cryptoswap.sh.
  2. add the script /etc/init.d/mount-cryptoswap.sh.

/etc/init.d/mount-cryptoswap.sh

#
# mount-cryptoswap.sh - mount the swap partition encrypted
#

SWAPDEVICES=`cat /etc/fstab | grep "swap" | cut -f 1 | tr '\n' ' '`

NR=0
for DEVICE in ${SWAPDEVICES}; do
  echo "Creating encrypted swap on ${DEVICE}"

  swapoff "${DEVICE}"

  head -c 2880 /dev/urandom | uuencode -m - | head -n 65 | tail -n 64 | \
      cryptsetup create "swap${NR}" "${DEVICE}"
  mkswap "/dev/mapper/swap${NR}"

  swapon "/dev/mapper/swap${NR}"

  NR=$((${NR}+1))
done

exit 0

verification

To verify the successful setup you can do the following steps:

  1. Running free you should be able to see activated swap space.
  2. Running dmsetup ls should display one or more swap devices; usually it looks like this:
$ dmsetup ls
swap0   (254, 0)
 
harry/encrypted_swap_partition.txt · Last modified: 2004/08/18 10:34 (external edit)
Locations of visitors to this page

 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki