Table of Contents
encrypted swap partition
For using an encrypted swap partition the following steps are necessary:
- patch the file
/etc/init.d/mountall.sh. Replace the lineswapon -a 2> /dev/nullwith a call to/etc/init.d/mount-cryptoswap.sh. - add the script
/etc/init.d/mount-cryptoswap.sh.
/etc/init.d/mount-cryptoswap.sh
#
# mount-cryptoswap.sh - mount the swap partition encrypted
#
SWAPDEVICES=`cat /etc/fstab | grep "swap" | cut -f 1 | tr '\n' ' '`
NR=0
for DEVICE in ${SWAPDEVICES}; do
echo "Creating encrypted swap on ${DEVICE}"
swapoff "${DEVICE}"
head -c 2880 /dev/urandom | uuencode -m - | head -n 65 | tail -n 64 | \
cryptsetup create "swap${NR}" "${DEVICE}"
mkswap "/dev/mapper/swap${NR}"
swapon "/dev/mapper/swap${NR}"
NR=$((${NR}+1))
done
exit 0
verification
To verify the successful setup you can do the following steps:
- Running
freeyou should be able to see activated swap space. - Running
dmsetup lsshould display one or more swap devices; usually it looks like this:
$ dmsetup ls swap0 (254, 0)
|
|
