Linux Mint: How to enable cryptswap with custom password?
up vote
2
down vote
favorite
When you want to use hibernation and you care for security, you'd like to have the swap encrypted. But not with the random password, chosen for you at startup, but with a fixed one, supplied by you at the boot time, so the hibernated state would be available for resuming upon next boot.
There was a cool way to do this, that worked up until Mint 15: How to: get the whole system encrypted
This doesn't work anymore on Petra. Can anyone help me with working it out? The main culprit, the /usr/share/initramfs-tools/scripts/local-top
script didn't change, so I guess it has something to do with the kernel. It looks like the recent kernel just ignores all the scirpt, or at least the part that asks for a password for swap.
Oh, and I was able to get the password prompt, when I accidentally booted the Mint 16 with the kernel from Mint 15.
See also a related question:
How to ask for a password to mount crypted swap at boot time on Linux Mint 16 with initramfs-tools?
Some debug info
After opening the swap device with sudo cryptsetup luksOpen /dev/sda5 cryptswap
:
sudo lsblk -o name,uuid
NAME UUID
sda
├─sda1 F251-38C0
├─sda2 c66b8e51-dd1b-4d92-8605-a3ba7df6af83
├─sda3 77af32db-038d-4c10-b302-039634cf943a
├─sda4 7a3cde35-ab80-4618-ad76-7aa064d55f56
├─sda5 fc068dd2-759c-4779-b521-c73cc5499e86
│ └─cryptswap (dm-1) 964eafeb-c88b-49c8-8b5e-6f8395e040b4
├─sda6 926fa7cc-6f97-4672-85a7-a1ed8f5bd842
├─sda7 804b9c88-907b-43d9-b23f-964c32ecc2ac
└─sda8 ce2cd926-133f-4e20-86f8-45bc4844271c
└─adama-docs (dm-0) 61a32b98-3b65-4af6-81ff-da090cae039f
sr0
cat /etc/crypttab
#cryptswap1 /dev/sda5 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
swap UUID=fc068dd2-759c-4779-b521-c73cc5499e86 none luks
cat /etc/fstab
UUID=926fa7cc-6f97-4672-85a7-a1ed8f5bd842 / btrfs defaults,subvol=@,compress,autodefrag 0 1
# /boot was on /dev/sda2 during installation
UUID=c66b8e51-dd1b-4d92-8605-a3ba7df6af83 /boot ext3 defaults 0 2
# /boot/efi was on /dev/sda1 during installation
UUID=F251-38C0 /boot/efi vfat defaults 0 1
# /home was on /dev/sda6 during installation
UUID=926fa7cc-6f97-4672-85a7-a1ed8f5bd842 /home btrfs defaults,subvol=@home 0 2
# /mnt/ext4 was on /dev/sda7 during installation
UUID=804b9c88-907b-43d9-b23f-964c32ecc2ac /mnt/ext4 ext4 defaults 0 0
# swap was on /dev/sda5 during installation
UUID=964eafeb-c88b-49c8-8b5e-6f8395e040b4 none swap sw 0 0
/etc/initramfs-tools/conf.d/resume
RESUME=/dev/disk/by-uuid/964eafeb-c88b-49c8-8b5e-6f8395e040b4
update:
When I setup everything like above, the system does display the familiar password prompt. It doesn't do that every time, and if it does, it is a fraction of second before the login screen (Linux Mint uses mdm for login). I guess there is racing condition; the mounting of swap is done parallel with the system booting; I expect the system to wait booting until the swap is mounted, and do it as early as possible. Otherwise how could it resume the hibernated state?
There is a similar question for Ubuntu: https://askubuntu.com/questions/396136/encrypted-home-partition-encrypted-swap-working-hibernate It seems, that it worked for someone if he encrypted the root as well.
linux-mint boot init-script
bumped to the homepage by Community♦ 2 days ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
up vote
2
down vote
favorite
When you want to use hibernation and you care for security, you'd like to have the swap encrypted. But not with the random password, chosen for you at startup, but with a fixed one, supplied by you at the boot time, so the hibernated state would be available for resuming upon next boot.
There was a cool way to do this, that worked up until Mint 15: How to: get the whole system encrypted
This doesn't work anymore on Petra. Can anyone help me with working it out? The main culprit, the /usr/share/initramfs-tools/scripts/local-top
script didn't change, so I guess it has something to do with the kernel. It looks like the recent kernel just ignores all the scirpt, or at least the part that asks for a password for swap.
Oh, and I was able to get the password prompt, when I accidentally booted the Mint 16 with the kernel from Mint 15.
See also a related question:
How to ask for a password to mount crypted swap at boot time on Linux Mint 16 with initramfs-tools?
Some debug info
After opening the swap device with sudo cryptsetup luksOpen /dev/sda5 cryptswap
:
sudo lsblk -o name,uuid
NAME UUID
sda
├─sda1 F251-38C0
├─sda2 c66b8e51-dd1b-4d92-8605-a3ba7df6af83
├─sda3 77af32db-038d-4c10-b302-039634cf943a
├─sda4 7a3cde35-ab80-4618-ad76-7aa064d55f56
├─sda5 fc068dd2-759c-4779-b521-c73cc5499e86
│ └─cryptswap (dm-1) 964eafeb-c88b-49c8-8b5e-6f8395e040b4
├─sda6 926fa7cc-6f97-4672-85a7-a1ed8f5bd842
├─sda7 804b9c88-907b-43d9-b23f-964c32ecc2ac
└─sda8 ce2cd926-133f-4e20-86f8-45bc4844271c
└─adama-docs (dm-0) 61a32b98-3b65-4af6-81ff-da090cae039f
sr0
cat /etc/crypttab
#cryptswap1 /dev/sda5 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
swap UUID=fc068dd2-759c-4779-b521-c73cc5499e86 none luks
cat /etc/fstab
UUID=926fa7cc-6f97-4672-85a7-a1ed8f5bd842 / btrfs defaults,subvol=@,compress,autodefrag 0 1
# /boot was on /dev/sda2 during installation
UUID=c66b8e51-dd1b-4d92-8605-a3ba7df6af83 /boot ext3 defaults 0 2
# /boot/efi was on /dev/sda1 during installation
UUID=F251-38C0 /boot/efi vfat defaults 0 1
# /home was on /dev/sda6 during installation
UUID=926fa7cc-6f97-4672-85a7-a1ed8f5bd842 /home btrfs defaults,subvol=@home 0 2
# /mnt/ext4 was on /dev/sda7 during installation
UUID=804b9c88-907b-43d9-b23f-964c32ecc2ac /mnt/ext4 ext4 defaults 0 0
# swap was on /dev/sda5 during installation
UUID=964eafeb-c88b-49c8-8b5e-6f8395e040b4 none swap sw 0 0
/etc/initramfs-tools/conf.d/resume
RESUME=/dev/disk/by-uuid/964eafeb-c88b-49c8-8b5e-6f8395e040b4
update:
When I setup everything like above, the system does display the familiar password prompt. It doesn't do that every time, and if it does, it is a fraction of second before the login screen (Linux Mint uses mdm for login). I guess there is racing condition; the mounting of swap is done parallel with the system booting; I expect the system to wait booting until the swap is mounted, and do it as early as possible. Otherwise how could it resume the hibernated state?
There is a similar question for Ubuntu: https://askubuntu.com/questions/396136/encrypted-home-partition-encrypted-swap-working-hibernate It seems, that it worked for someone if he encrypted the root as well.
linux-mint boot init-script
bumped to the homepage by Community♦ 2 days ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Could you write what you already did?
– Mikhail Morfikov
Jan 12 '14 at 14:18
@MikhailMorfikov thank you for your interest in helping me. I did exactly the steps from the forum forums.linuxmint.com/… which worked very well until new kernel came.
– Adam Ryczkowski
Mar 2 '14 at 15:11
Could you give content of the files and output of the commands in the answer?
– Mikhail Morfikov
Mar 2 '14 at 15:26
@MikhailMorfikov Question updated.
– Adam Ryczkowski
Mar 2 '14 at 15:33
add a comment |
up vote
2
down vote
favorite
up vote
2
down vote
favorite
When you want to use hibernation and you care for security, you'd like to have the swap encrypted. But not with the random password, chosen for you at startup, but with a fixed one, supplied by you at the boot time, so the hibernated state would be available for resuming upon next boot.
There was a cool way to do this, that worked up until Mint 15: How to: get the whole system encrypted
This doesn't work anymore on Petra. Can anyone help me with working it out? The main culprit, the /usr/share/initramfs-tools/scripts/local-top
script didn't change, so I guess it has something to do with the kernel. It looks like the recent kernel just ignores all the scirpt, or at least the part that asks for a password for swap.
Oh, and I was able to get the password prompt, when I accidentally booted the Mint 16 with the kernel from Mint 15.
See also a related question:
How to ask for a password to mount crypted swap at boot time on Linux Mint 16 with initramfs-tools?
Some debug info
After opening the swap device with sudo cryptsetup luksOpen /dev/sda5 cryptswap
:
sudo lsblk -o name,uuid
NAME UUID
sda
├─sda1 F251-38C0
├─sda2 c66b8e51-dd1b-4d92-8605-a3ba7df6af83
├─sda3 77af32db-038d-4c10-b302-039634cf943a
├─sda4 7a3cde35-ab80-4618-ad76-7aa064d55f56
├─sda5 fc068dd2-759c-4779-b521-c73cc5499e86
│ └─cryptswap (dm-1) 964eafeb-c88b-49c8-8b5e-6f8395e040b4
├─sda6 926fa7cc-6f97-4672-85a7-a1ed8f5bd842
├─sda7 804b9c88-907b-43d9-b23f-964c32ecc2ac
└─sda8 ce2cd926-133f-4e20-86f8-45bc4844271c
└─adama-docs (dm-0) 61a32b98-3b65-4af6-81ff-da090cae039f
sr0
cat /etc/crypttab
#cryptswap1 /dev/sda5 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
swap UUID=fc068dd2-759c-4779-b521-c73cc5499e86 none luks
cat /etc/fstab
UUID=926fa7cc-6f97-4672-85a7-a1ed8f5bd842 / btrfs defaults,subvol=@,compress,autodefrag 0 1
# /boot was on /dev/sda2 during installation
UUID=c66b8e51-dd1b-4d92-8605-a3ba7df6af83 /boot ext3 defaults 0 2
# /boot/efi was on /dev/sda1 during installation
UUID=F251-38C0 /boot/efi vfat defaults 0 1
# /home was on /dev/sda6 during installation
UUID=926fa7cc-6f97-4672-85a7-a1ed8f5bd842 /home btrfs defaults,subvol=@home 0 2
# /mnt/ext4 was on /dev/sda7 during installation
UUID=804b9c88-907b-43d9-b23f-964c32ecc2ac /mnt/ext4 ext4 defaults 0 0
# swap was on /dev/sda5 during installation
UUID=964eafeb-c88b-49c8-8b5e-6f8395e040b4 none swap sw 0 0
/etc/initramfs-tools/conf.d/resume
RESUME=/dev/disk/by-uuid/964eafeb-c88b-49c8-8b5e-6f8395e040b4
update:
When I setup everything like above, the system does display the familiar password prompt. It doesn't do that every time, and if it does, it is a fraction of second before the login screen (Linux Mint uses mdm for login). I guess there is racing condition; the mounting of swap is done parallel with the system booting; I expect the system to wait booting until the swap is mounted, and do it as early as possible. Otherwise how could it resume the hibernated state?
There is a similar question for Ubuntu: https://askubuntu.com/questions/396136/encrypted-home-partition-encrypted-swap-working-hibernate It seems, that it worked for someone if he encrypted the root as well.
linux-mint boot init-script
When you want to use hibernation and you care for security, you'd like to have the swap encrypted. But not with the random password, chosen for you at startup, but with a fixed one, supplied by you at the boot time, so the hibernated state would be available for resuming upon next boot.
There was a cool way to do this, that worked up until Mint 15: How to: get the whole system encrypted
This doesn't work anymore on Petra. Can anyone help me with working it out? The main culprit, the /usr/share/initramfs-tools/scripts/local-top
script didn't change, so I guess it has something to do with the kernel. It looks like the recent kernel just ignores all the scirpt, or at least the part that asks for a password for swap.
Oh, and I was able to get the password prompt, when I accidentally booted the Mint 16 with the kernel from Mint 15.
See also a related question:
How to ask for a password to mount crypted swap at boot time on Linux Mint 16 with initramfs-tools?
Some debug info
After opening the swap device with sudo cryptsetup luksOpen /dev/sda5 cryptswap
:
sudo lsblk -o name,uuid
NAME UUID
sda
├─sda1 F251-38C0
├─sda2 c66b8e51-dd1b-4d92-8605-a3ba7df6af83
├─sda3 77af32db-038d-4c10-b302-039634cf943a
├─sda4 7a3cde35-ab80-4618-ad76-7aa064d55f56
├─sda5 fc068dd2-759c-4779-b521-c73cc5499e86
│ └─cryptswap (dm-1) 964eafeb-c88b-49c8-8b5e-6f8395e040b4
├─sda6 926fa7cc-6f97-4672-85a7-a1ed8f5bd842
├─sda7 804b9c88-907b-43d9-b23f-964c32ecc2ac
└─sda8 ce2cd926-133f-4e20-86f8-45bc4844271c
└─adama-docs (dm-0) 61a32b98-3b65-4af6-81ff-da090cae039f
sr0
cat /etc/crypttab
#cryptswap1 /dev/sda5 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
swap UUID=fc068dd2-759c-4779-b521-c73cc5499e86 none luks
cat /etc/fstab
UUID=926fa7cc-6f97-4672-85a7-a1ed8f5bd842 / btrfs defaults,subvol=@,compress,autodefrag 0 1
# /boot was on /dev/sda2 during installation
UUID=c66b8e51-dd1b-4d92-8605-a3ba7df6af83 /boot ext3 defaults 0 2
# /boot/efi was on /dev/sda1 during installation
UUID=F251-38C0 /boot/efi vfat defaults 0 1
# /home was on /dev/sda6 during installation
UUID=926fa7cc-6f97-4672-85a7-a1ed8f5bd842 /home btrfs defaults,subvol=@home 0 2
# /mnt/ext4 was on /dev/sda7 during installation
UUID=804b9c88-907b-43d9-b23f-964c32ecc2ac /mnt/ext4 ext4 defaults 0 0
# swap was on /dev/sda5 during installation
UUID=964eafeb-c88b-49c8-8b5e-6f8395e040b4 none swap sw 0 0
/etc/initramfs-tools/conf.d/resume
RESUME=/dev/disk/by-uuid/964eafeb-c88b-49c8-8b5e-6f8395e040b4
update:
When I setup everything like above, the system does display the familiar password prompt. It doesn't do that every time, and if it does, it is a fraction of second before the login screen (Linux Mint uses mdm for login). I guess there is racing condition; the mounting of swap is done parallel with the system booting; I expect the system to wait booting until the swap is mounted, and do it as early as possible. Otherwise how could it resume the hibernated state?
There is a similar question for Ubuntu: https://askubuntu.com/questions/396136/encrypted-home-partition-encrypted-swap-working-hibernate It seems, that it worked for someone if he encrypted the root as well.
linux-mint boot init-script
linux-mint boot init-script
edited Apr 13 '17 at 12:37
Community♦
1
1
asked Jan 12 '14 at 8:53
Adam Ryczkowski
2,26162746
2,26162746
bumped to the homepage by Community♦ 2 days ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 2 days ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Could you write what you already did?
– Mikhail Morfikov
Jan 12 '14 at 14:18
@MikhailMorfikov thank you for your interest in helping me. I did exactly the steps from the forum forums.linuxmint.com/… which worked very well until new kernel came.
– Adam Ryczkowski
Mar 2 '14 at 15:11
Could you give content of the files and output of the commands in the answer?
– Mikhail Morfikov
Mar 2 '14 at 15:26
@MikhailMorfikov Question updated.
– Adam Ryczkowski
Mar 2 '14 at 15:33
add a comment |
Could you write what you already did?
– Mikhail Morfikov
Jan 12 '14 at 14:18
@MikhailMorfikov thank you for your interest in helping me. I did exactly the steps from the forum forums.linuxmint.com/… which worked very well until new kernel came.
– Adam Ryczkowski
Mar 2 '14 at 15:11
Could you give content of the files and output of the commands in the answer?
– Mikhail Morfikov
Mar 2 '14 at 15:26
@MikhailMorfikov Question updated.
– Adam Ryczkowski
Mar 2 '14 at 15:33
Could you write what you already did?
– Mikhail Morfikov
Jan 12 '14 at 14:18
Could you write what you already did?
– Mikhail Morfikov
Jan 12 '14 at 14:18
@MikhailMorfikov thank you for your interest in helping me. I did exactly the steps from the forum forums.linuxmint.com/… which worked very well until new kernel came.
– Adam Ryczkowski
Mar 2 '14 at 15:11
@MikhailMorfikov thank you for your interest in helping me. I did exactly the steps from the forum forums.linuxmint.com/… which worked very well until new kernel came.
– Adam Ryczkowski
Mar 2 '14 at 15:11
Could you give content of the files and output of the commands in the answer?
– Mikhail Morfikov
Mar 2 '14 at 15:26
Could you give content of the files and output of the commands in the answer?
– Mikhail Morfikov
Mar 2 '14 at 15:26
@MikhailMorfikov Question updated.
– Adam Ryczkowski
Mar 2 '14 at 15:33
@MikhailMorfikov Question updated.
– Adam Ryczkowski
Mar 2 '14 at 15:33
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
I still don't know what setup you have, and what actually is going on when you try to hibernate your machine, but I'll try to answer the question.
I have debian testing distro, but I think there shouldn't be a problem to set this up on your pc. Just look at my setup, maybe you'll figure out what's wrong in your case.
This is my test disk:
root:~# lsblk -o name,uuid
NAME UUID
sda
├─sda1 727035387035047F
├─sda2 c55b13b7-ca46-488e-a78c-ac229cb6634c
├─sda3 1c379414-bac2-45d9-85c5-25163c663341
│ └─sda3_crypt (dm-0) 44cd4817-c27f-47aa-a7d5-b64276817a74
└─sda4 7774cf98-35fd-42fd-9891-7255c916fe02
└─sda4 (dm-1) 0905595d-db03-4cc9-93d6-7d1262c140a4
sda2
is for boot partition, sda3
, there's my linux, and sda4
is the swap partition. sda3
and sda4
are encrypted, and you want to unlock the swap partition at boot. You have to edit some files to do so.
/etc/fstab
file:
UUID=0905595d-db03-4cc9-93d6-7d1262c140a4 swap swap defaults 0 0
/etc/initramfs-tools/conf.d/resume
file:
RESUME=/dev/disk/by-uuid/0905595d-db03-4cc9-93d6-7d1262c140a4
/etc/crypttab
file:
swap UUID=7774cf98-35fd-42fd-9891-7255c916fe02 none luks
Now you have to regenerate the initramfs:
update-initramfs -u -k all
This solution works for me on my testing debian. I didn't do anything else, booting, unlocking and hibernation work without a problem.
UPDATE
I think I figured that out. I installed the system and did what I had written in the answer, but this didn't work. Maybe it's because of upstart -- I'm using sysvinit. So I installed the system again, now using the encrypted build-in feature. Then I checked all the three files, and only the /etc/fstab
file was different -- it appears that you can't use UUIDs in /etc/fstab
when you want to mount or interact with encrypted devices. So, I installed the system once more (unencrypted), and I created a separate partition for swap. The two files /etc/initramfs-tools/conf.d/resume
and /etc/crypttab
stay the same, but in the /etc/fstab
file I added the following line:
/dev/mapper/swap none swap sw 0 0
And it worked -- I had splash password screen, and it stopped booting until the right password was given. I also checked whether hibernation works, and it works as expected.
It doesn't work for Linux Mint 16. The computer never asks for a password, just displays a message about being unable to mount some disks (actually twice). I have an impression there is a problem with the local-top/cryptroot script. I've pasted it here pastebin.com/SFMBPiZg, so you can check whether your version is different from mine.
– Adam Ryczkowski
Mar 2 '14 at 15:28
Update: during boot, the system doesn't inform me that some of the disks failed to mount (it was a remnant from my previous attempts to solve the problem). Now it doesn't ask about anything, just fails to ask me for password and never informs me that something went wrong.
– Adam Ryczkowski
Mar 2 '14 at 15:36
1
You have wrong UUIDs. Don't copy it. Addfc068dd2-759c-4779-b521-c73cc5499e86
to thecrypttab
file, and964eafeb-c88b-49c8-8b5e-6f8395e040b4
tofstab
file. You also have to update the/etc/initramfs-tools/conf.d/resume
file and addRESUME=/dev/disk/by-uuid/964eafeb-c88b-49c8-8b5e-6f8395e040b4
. And then runupdate-initramfs -u -k all
. And it will work
– Mikhail Morfikov
Mar 2 '14 at 16:47
Yes, unbelievable stupid mistake on my part... but still - I copied the right ones and PC didn't ask for a password. I've updated the question with the new contents of the mentioned files
– Adam Ryczkowski
Mar 2 '14 at 19:14
I think the problem is that the scripts/usr/share/initramfs-tools/scripts/local-top
never actually try to do anything with the swap. Judging by their names (dmraid
,cryptopensec
andcryptroot
), they were never designed to work with encrypted swap, and have no provisions for asking for a password for swap. That's why they were modified by the Mint forum member. I don't really know how to debug them (I guess it could be done using the recovery boot option by I have 0 experience).
– Adam Ryczkowski
Mar 2 '14 at 19:19
|
show 10 more comments
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f108962%2flinux-mint-how-to-enable-cryptswap-with-custom-password%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
I still don't know what setup you have, and what actually is going on when you try to hibernate your machine, but I'll try to answer the question.
I have debian testing distro, but I think there shouldn't be a problem to set this up on your pc. Just look at my setup, maybe you'll figure out what's wrong in your case.
This is my test disk:
root:~# lsblk -o name,uuid
NAME UUID
sda
├─sda1 727035387035047F
├─sda2 c55b13b7-ca46-488e-a78c-ac229cb6634c
├─sda3 1c379414-bac2-45d9-85c5-25163c663341
│ └─sda3_crypt (dm-0) 44cd4817-c27f-47aa-a7d5-b64276817a74
└─sda4 7774cf98-35fd-42fd-9891-7255c916fe02
└─sda4 (dm-1) 0905595d-db03-4cc9-93d6-7d1262c140a4
sda2
is for boot partition, sda3
, there's my linux, and sda4
is the swap partition. sda3
and sda4
are encrypted, and you want to unlock the swap partition at boot. You have to edit some files to do so.
/etc/fstab
file:
UUID=0905595d-db03-4cc9-93d6-7d1262c140a4 swap swap defaults 0 0
/etc/initramfs-tools/conf.d/resume
file:
RESUME=/dev/disk/by-uuid/0905595d-db03-4cc9-93d6-7d1262c140a4
/etc/crypttab
file:
swap UUID=7774cf98-35fd-42fd-9891-7255c916fe02 none luks
Now you have to regenerate the initramfs:
update-initramfs -u -k all
This solution works for me on my testing debian. I didn't do anything else, booting, unlocking and hibernation work without a problem.
UPDATE
I think I figured that out. I installed the system and did what I had written in the answer, but this didn't work. Maybe it's because of upstart -- I'm using sysvinit. So I installed the system again, now using the encrypted build-in feature. Then I checked all the three files, and only the /etc/fstab
file was different -- it appears that you can't use UUIDs in /etc/fstab
when you want to mount or interact with encrypted devices. So, I installed the system once more (unencrypted), and I created a separate partition for swap. The two files /etc/initramfs-tools/conf.d/resume
and /etc/crypttab
stay the same, but in the /etc/fstab
file I added the following line:
/dev/mapper/swap none swap sw 0 0
And it worked -- I had splash password screen, and it stopped booting until the right password was given. I also checked whether hibernation works, and it works as expected.
It doesn't work for Linux Mint 16. The computer never asks for a password, just displays a message about being unable to mount some disks (actually twice). I have an impression there is a problem with the local-top/cryptroot script. I've pasted it here pastebin.com/SFMBPiZg, so you can check whether your version is different from mine.
– Adam Ryczkowski
Mar 2 '14 at 15:28
Update: during boot, the system doesn't inform me that some of the disks failed to mount (it was a remnant from my previous attempts to solve the problem). Now it doesn't ask about anything, just fails to ask me for password and never informs me that something went wrong.
– Adam Ryczkowski
Mar 2 '14 at 15:36
1
You have wrong UUIDs. Don't copy it. Addfc068dd2-759c-4779-b521-c73cc5499e86
to thecrypttab
file, and964eafeb-c88b-49c8-8b5e-6f8395e040b4
tofstab
file. You also have to update the/etc/initramfs-tools/conf.d/resume
file and addRESUME=/dev/disk/by-uuid/964eafeb-c88b-49c8-8b5e-6f8395e040b4
. And then runupdate-initramfs -u -k all
. And it will work
– Mikhail Morfikov
Mar 2 '14 at 16:47
Yes, unbelievable stupid mistake on my part... but still - I copied the right ones and PC didn't ask for a password. I've updated the question with the new contents of the mentioned files
– Adam Ryczkowski
Mar 2 '14 at 19:14
I think the problem is that the scripts/usr/share/initramfs-tools/scripts/local-top
never actually try to do anything with the swap. Judging by their names (dmraid
,cryptopensec
andcryptroot
), they were never designed to work with encrypted swap, and have no provisions for asking for a password for swap. That's why they were modified by the Mint forum member. I don't really know how to debug them (I guess it could be done using the recovery boot option by I have 0 experience).
– Adam Ryczkowski
Mar 2 '14 at 19:19
|
show 10 more comments
up vote
0
down vote
I still don't know what setup you have, and what actually is going on when you try to hibernate your machine, but I'll try to answer the question.
I have debian testing distro, but I think there shouldn't be a problem to set this up on your pc. Just look at my setup, maybe you'll figure out what's wrong in your case.
This is my test disk:
root:~# lsblk -o name,uuid
NAME UUID
sda
├─sda1 727035387035047F
├─sda2 c55b13b7-ca46-488e-a78c-ac229cb6634c
├─sda3 1c379414-bac2-45d9-85c5-25163c663341
│ └─sda3_crypt (dm-0) 44cd4817-c27f-47aa-a7d5-b64276817a74
└─sda4 7774cf98-35fd-42fd-9891-7255c916fe02
└─sda4 (dm-1) 0905595d-db03-4cc9-93d6-7d1262c140a4
sda2
is for boot partition, sda3
, there's my linux, and sda4
is the swap partition. sda3
and sda4
are encrypted, and you want to unlock the swap partition at boot. You have to edit some files to do so.
/etc/fstab
file:
UUID=0905595d-db03-4cc9-93d6-7d1262c140a4 swap swap defaults 0 0
/etc/initramfs-tools/conf.d/resume
file:
RESUME=/dev/disk/by-uuid/0905595d-db03-4cc9-93d6-7d1262c140a4
/etc/crypttab
file:
swap UUID=7774cf98-35fd-42fd-9891-7255c916fe02 none luks
Now you have to regenerate the initramfs:
update-initramfs -u -k all
This solution works for me on my testing debian. I didn't do anything else, booting, unlocking and hibernation work without a problem.
UPDATE
I think I figured that out. I installed the system and did what I had written in the answer, but this didn't work. Maybe it's because of upstart -- I'm using sysvinit. So I installed the system again, now using the encrypted build-in feature. Then I checked all the three files, and only the /etc/fstab
file was different -- it appears that you can't use UUIDs in /etc/fstab
when you want to mount or interact with encrypted devices. So, I installed the system once more (unencrypted), and I created a separate partition for swap. The two files /etc/initramfs-tools/conf.d/resume
and /etc/crypttab
stay the same, but in the /etc/fstab
file I added the following line:
/dev/mapper/swap none swap sw 0 0
And it worked -- I had splash password screen, and it stopped booting until the right password was given. I also checked whether hibernation works, and it works as expected.
It doesn't work for Linux Mint 16. The computer never asks for a password, just displays a message about being unable to mount some disks (actually twice). I have an impression there is a problem with the local-top/cryptroot script. I've pasted it here pastebin.com/SFMBPiZg, so you can check whether your version is different from mine.
– Adam Ryczkowski
Mar 2 '14 at 15:28
Update: during boot, the system doesn't inform me that some of the disks failed to mount (it was a remnant from my previous attempts to solve the problem). Now it doesn't ask about anything, just fails to ask me for password and never informs me that something went wrong.
– Adam Ryczkowski
Mar 2 '14 at 15:36
1
You have wrong UUIDs. Don't copy it. Addfc068dd2-759c-4779-b521-c73cc5499e86
to thecrypttab
file, and964eafeb-c88b-49c8-8b5e-6f8395e040b4
tofstab
file. You also have to update the/etc/initramfs-tools/conf.d/resume
file and addRESUME=/dev/disk/by-uuid/964eafeb-c88b-49c8-8b5e-6f8395e040b4
. And then runupdate-initramfs -u -k all
. And it will work
– Mikhail Morfikov
Mar 2 '14 at 16:47
Yes, unbelievable stupid mistake on my part... but still - I copied the right ones and PC didn't ask for a password. I've updated the question with the new contents of the mentioned files
– Adam Ryczkowski
Mar 2 '14 at 19:14
I think the problem is that the scripts/usr/share/initramfs-tools/scripts/local-top
never actually try to do anything with the swap. Judging by their names (dmraid
,cryptopensec
andcryptroot
), they were never designed to work with encrypted swap, and have no provisions for asking for a password for swap. That's why they were modified by the Mint forum member. I don't really know how to debug them (I guess it could be done using the recovery boot option by I have 0 experience).
– Adam Ryczkowski
Mar 2 '14 at 19:19
|
show 10 more comments
up vote
0
down vote
up vote
0
down vote
I still don't know what setup you have, and what actually is going on when you try to hibernate your machine, but I'll try to answer the question.
I have debian testing distro, but I think there shouldn't be a problem to set this up on your pc. Just look at my setup, maybe you'll figure out what's wrong in your case.
This is my test disk:
root:~# lsblk -o name,uuid
NAME UUID
sda
├─sda1 727035387035047F
├─sda2 c55b13b7-ca46-488e-a78c-ac229cb6634c
├─sda3 1c379414-bac2-45d9-85c5-25163c663341
│ └─sda3_crypt (dm-0) 44cd4817-c27f-47aa-a7d5-b64276817a74
└─sda4 7774cf98-35fd-42fd-9891-7255c916fe02
└─sda4 (dm-1) 0905595d-db03-4cc9-93d6-7d1262c140a4
sda2
is for boot partition, sda3
, there's my linux, and sda4
is the swap partition. sda3
and sda4
are encrypted, and you want to unlock the swap partition at boot. You have to edit some files to do so.
/etc/fstab
file:
UUID=0905595d-db03-4cc9-93d6-7d1262c140a4 swap swap defaults 0 0
/etc/initramfs-tools/conf.d/resume
file:
RESUME=/dev/disk/by-uuid/0905595d-db03-4cc9-93d6-7d1262c140a4
/etc/crypttab
file:
swap UUID=7774cf98-35fd-42fd-9891-7255c916fe02 none luks
Now you have to regenerate the initramfs:
update-initramfs -u -k all
This solution works for me on my testing debian. I didn't do anything else, booting, unlocking and hibernation work without a problem.
UPDATE
I think I figured that out. I installed the system and did what I had written in the answer, but this didn't work. Maybe it's because of upstart -- I'm using sysvinit. So I installed the system again, now using the encrypted build-in feature. Then I checked all the three files, and only the /etc/fstab
file was different -- it appears that you can't use UUIDs in /etc/fstab
when you want to mount or interact with encrypted devices. So, I installed the system once more (unencrypted), and I created a separate partition for swap. The two files /etc/initramfs-tools/conf.d/resume
and /etc/crypttab
stay the same, but in the /etc/fstab
file I added the following line:
/dev/mapper/swap none swap sw 0 0
And it worked -- I had splash password screen, and it stopped booting until the right password was given. I also checked whether hibernation works, and it works as expected.
I still don't know what setup you have, and what actually is going on when you try to hibernate your machine, but I'll try to answer the question.
I have debian testing distro, but I think there shouldn't be a problem to set this up on your pc. Just look at my setup, maybe you'll figure out what's wrong in your case.
This is my test disk:
root:~# lsblk -o name,uuid
NAME UUID
sda
├─sda1 727035387035047F
├─sda2 c55b13b7-ca46-488e-a78c-ac229cb6634c
├─sda3 1c379414-bac2-45d9-85c5-25163c663341
│ └─sda3_crypt (dm-0) 44cd4817-c27f-47aa-a7d5-b64276817a74
└─sda4 7774cf98-35fd-42fd-9891-7255c916fe02
└─sda4 (dm-1) 0905595d-db03-4cc9-93d6-7d1262c140a4
sda2
is for boot partition, sda3
, there's my linux, and sda4
is the swap partition. sda3
and sda4
are encrypted, and you want to unlock the swap partition at boot. You have to edit some files to do so.
/etc/fstab
file:
UUID=0905595d-db03-4cc9-93d6-7d1262c140a4 swap swap defaults 0 0
/etc/initramfs-tools/conf.d/resume
file:
RESUME=/dev/disk/by-uuid/0905595d-db03-4cc9-93d6-7d1262c140a4
/etc/crypttab
file:
swap UUID=7774cf98-35fd-42fd-9891-7255c916fe02 none luks
Now you have to regenerate the initramfs:
update-initramfs -u -k all
This solution works for me on my testing debian. I didn't do anything else, booting, unlocking and hibernation work without a problem.
UPDATE
I think I figured that out. I installed the system and did what I had written in the answer, but this didn't work. Maybe it's because of upstart -- I'm using sysvinit. So I installed the system again, now using the encrypted build-in feature. Then I checked all the three files, and only the /etc/fstab
file was different -- it appears that you can't use UUIDs in /etc/fstab
when you want to mount or interact with encrypted devices. So, I installed the system once more (unencrypted), and I created a separate partition for swap. The two files /etc/initramfs-tools/conf.d/resume
and /etc/crypttab
stay the same, but in the /etc/fstab
file I added the following line:
/dev/mapper/swap none swap sw 0 0
And it worked -- I had splash password screen, and it stopped booting until the right password was given. I also checked whether hibernation works, and it works as expected.
edited Mar 3 '14 at 11:18
answered Mar 1 '14 at 18:08
Mikhail Morfikov
4,540114470
4,540114470
It doesn't work for Linux Mint 16. The computer never asks for a password, just displays a message about being unable to mount some disks (actually twice). I have an impression there is a problem with the local-top/cryptroot script. I've pasted it here pastebin.com/SFMBPiZg, so you can check whether your version is different from mine.
– Adam Ryczkowski
Mar 2 '14 at 15:28
Update: during boot, the system doesn't inform me that some of the disks failed to mount (it was a remnant from my previous attempts to solve the problem). Now it doesn't ask about anything, just fails to ask me for password and never informs me that something went wrong.
– Adam Ryczkowski
Mar 2 '14 at 15:36
1
You have wrong UUIDs. Don't copy it. Addfc068dd2-759c-4779-b521-c73cc5499e86
to thecrypttab
file, and964eafeb-c88b-49c8-8b5e-6f8395e040b4
tofstab
file. You also have to update the/etc/initramfs-tools/conf.d/resume
file and addRESUME=/dev/disk/by-uuid/964eafeb-c88b-49c8-8b5e-6f8395e040b4
. And then runupdate-initramfs -u -k all
. And it will work
– Mikhail Morfikov
Mar 2 '14 at 16:47
Yes, unbelievable stupid mistake on my part... but still - I copied the right ones and PC didn't ask for a password. I've updated the question with the new contents of the mentioned files
– Adam Ryczkowski
Mar 2 '14 at 19:14
I think the problem is that the scripts/usr/share/initramfs-tools/scripts/local-top
never actually try to do anything with the swap. Judging by their names (dmraid
,cryptopensec
andcryptroot
), they were never designed to work with encrypted swap, and have no provisions for asking for a password for swap. That's why they were modified by the Mint forum member. I don't really know how to debug them (I guess it could be done using the recovery boot option by I have 0 experience).
– Adam Ryczkowski
Mar 2 '14 at 19:19
|
show 10 more comments
It doesn't work for Linux Mint 16. The computer never asks for a password, just displays a message about being unable to mount some disks (actually twice). I have an impression there is a problem with the local-top/cryptroot script. I've pasted it here pastebin.com/SFMBPiZg, so you can check whether your version is different from mine.
– Adam Ryczkowski
Mar 2 '14 at 15:28
Update: during boot, the system doesn't inform me that some of the disks failed to mount (it was a remnant from my previous attempts to solve the problem). Now it doesn't ask about anything, just fails to ask me for password and never informs me that something went wrong.
– Adam Ryczkowski
Mar 2 '14 at 15:36
1
You have wrong UUIDs. Don't copy it. Addfc068dd2-759c-4779-b521-c73cc5499e86
to thecrypttab
file, and964eafeb-c88b-49c8-8b5e-6f8395e040b4
tofstab
file. You also have to update the/etc/initramfs-tools/conf.d/resume
file and addRESUME=/dev/disk/by-uuid/964eafeb-c88b-49c8-8b5e-6f8395e040b4
. And then runupdate-initramfs -u -k all
. And it will work
– Mikhail Morfikov
Mar 2 '14 at 16:47
Yes, unbelievable stupid mistake on my part... but still - I copied the right ones and PC didn't ask for a password. I've updated the question with the new contents of the mentioned files
– Adam Ryczkowski
Mar 2 '14 at 19:14
I think the problem is that the scripts/usr/share/initramfs-tools/scripts/local-top
never actually try to do anything with the swap. Judging by their names (dmraid
,cryptopensec
andcryptroot
), they were never designed to work with encrypted swap, and have no provisions for asking for a password for swap. That's why they were modified by the Mint forum member. I don't really know how to debug them (I guess it could be done using the recovery boot option by I have 0 experience).
– Adam Ryczkowski
Mar 2 '14 at 19:19
It doesn't work for Linux Mint 16. The computer never asks for a password, just displays a message about being unable to mount some disks (actually twice). I have an impression there is a problem with the local-top/cryptroot script. I've pasted it here pastebin.com/SFMBPiZg, so you can check whether your version is different from mine.
– Adam Ryczkowski
Mar 2 '14 at 15:28
It doesn't work for Linux Mint 16. The computer never asks for a password, just displays a message about being unable to mount some disks (actually twice). I have an impression there is a problem with the local-top/cryptroot script. I've pasted it here pastebin.com/SFMBPiZg, so you can check whether your version is different from mine.
– Adam Ryczkowski
Mar 2 '14 at 15:28
Update: during boot, the system doesn't inform me that some of the disks failed to mount (it was a remnant from my previous attempts to solve the problem). Now it doesn't ask about anything, just fails to ask me for password and never informs me that something went wrong.
– Adam Ryczkowski
Mar 2 '14 at 15:36
Update: during boot, the system doesn't inform me that some of the disks failed to mount (it was a remnant from my previous attempts to solve the problem). Now it doesn't ask about anything, just fails to ask me for password and never informs me that something went wrong.
– Adam Ryczkowski
Mar 2 '14 at 15:36
1
1
You have wrong UUIDs. Don't copy it. Add
fc068dd2-759c-4779-b521-c73cc5499e86
to the crypttab
file, and 964eafeb-c88b-49c8-8b5e-6f8395e040b4
to fstab
file. You also have to update the /etc/initramfs-tools/conf.d/resume
file and add RESUME=/dev/disk/by-uuid/964eafeb-c88b-49c8-8b5e-6f8395e040b4
. And then run update-initramfs -u -k all
. And it will work– Mikhail Morfikov
Mar 2 '14 at 16:47
You have wrong UUIDs. Don't copy it. Add
fc068dd2-759c-4779-b521-c73cc5499e86
to the crypttab
file, and 964eafeb-c88b-49c8-8b5e-6f8395e040b4
to fstab
file. You also have to update the /etc/initramfs-tools/conf.d/resume
file and add RESUME=/dev/disk/by-uuid/964eafeb-c88b-49c8-8b5e-6f8395e040b4
. And then run update-initramfs -u -k all
. And it will work– Mikhail Morfikov
Mar 2 '14 at 16:47
Yes, unbelievable stupid mistake on my part... but still - I copied the right ones and PC didn't ask for a password. I've updated the question with the new contents of the mentioned files
– Adam Ryczkowski
Mar 2 '14 at 19:14
Yes, unbelievable stupid mistake on my part... but still - I copied the right ones and PC didn't ask for a password. I've updated the question with the new contents of the mentioned files
– Adam Ryczkowski
Mar 2 '14 at 19:14
I think the problem is that the scripts
/usr/share/initramfs-tools/scripts/local-top
never actually try to do anything with the swap. Judging by their names (dmraid
, cryptopensec
and cryptroot
), they were never designed to work with encrypted swap, and have no provisions for asking for a password for swap. That's why they were modified by the Mint forum member. I don't really know how to debug them (I guess it could be done using the recovery boot option by I have 0 experience).– Adam Ryczkowski
Mar 2 '14 at 19:19
I think the problem is that the scripts
/usr/share/initramfs-tools/scripts/local-top
never actually try to do anything with the swap. Judging by their names (dmraid
, cryptopensec
and cryptroot
), they were never designed to work with encrypted swap, and have no provisions for asking for a password for swap. That's why they were modified by the Mint forum member. I don't really know how to debug them (I guess it could be done using the recovery boot option by I have 0 experience).– Adam Ryczkowski
Mar 2 '14 at 19:19
|
show 10 more comments
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f108962%2flinux-mint-how-to-enable-cryptswap-with-custom-password%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Could you write what you already did?
– Mikhail Morfikov
Jan 12 '14 at 14:18
@MikhailMorfikov thank you for your interest in helping me. I did exactly the steps from the forum forums.linuxmint.com/… which worked very well until new kernel came.
– Adam Ryczkowski
Mar 2 '14 at 15:11
Could you give content of the files and output of the commands in the answer?
– Mikhail Morfikov
Mar 2 '14 at 15:26
@MikhailMorfikov Question updated.
– Adam Ryczkowski
Mar 2 '14 at 15:33