15

How can I produce an encrypted Swap Partition for 14.04 ? All the advices I saw here are for versions <14.04 and do not work for me.

I tried a lot but nothing lasted longer than a reboot.

On installation I decided to encrypt my home and 9 GiB partition for swap but this swap was never used by Kubuntu. Gparted finds an "unknown filesystem".

I many times formated it as swap, edited fstab and crypttab and used all the tricks mentioned in different answers here. The often mentioned PunyGeek letter does not work for me probably because /etc/initramfs-tools/conf.d/resume does not even exist on my system.

Zanna
  • 70,465
michel
  • 361

3 Answers3

19

After some more trying and bootups I figured out that this seems to work for me:

NOTE: REPLACE the X in sdaX with YOUR partition-number! UUIDs did not work for me!

Install necessary packages:

sudo apt-get install cryptsetup

Format your partition to SWAP

sudo swapoff -a
sudo cryptsetup -d /dev/urandom create cryptswap /dev/sdaX
sudo mkswap -f /dev/mapper/cryptswap -v1 -Lhello-swap

Add or edit the following line to /etc/crypttab:

cryptswap /dev/sdaX /dev/urandom swap

Add or edit the line in /etc/fstab:

/dev/mapper/cryptswap none swap sw 0 0

Re-enable swap:

sudo swapon -s

Confirm that swap is enabled:

free -m | grep Swap:

or check your System Monitor app in the Resources tab.

Community
  • 1
michel
  • 361
  • 2
    not working after reboot – tomasb Jul 18 '14 at 19:26
  • 1
    the -v1 argument not effective since only one version is working now – tomasb Jul 18 '14 at 19:59
  • I like adding a label to partitions so that it later reminds me that this was something I made and not automatically done by the system. So I'd add something like this to the command: -L$HOSTNAME-swap – Stephan Henningsen Oct 19 '16 at 09:13
  • It probably misses an update-initramfs -u at the end, in order for the initamfs cryptroot hook script to embed the kernel drivers (aes, sha256, etc) in the initramfs, to be effective after reboot. – KrisWebDev Oct 31 '16 at 08:50
3

Using 14.04LTS, I had the same problem as tomasb, that encrypted swap wasn't on after reboot. I discovered that /etc/crypttab wasn't being processed because the necessary init.d scripts (cryptdisks and cryptdisks-early) weren't installed.

I solved that problem with

$ sudo apt-get install cryptsetup

Rebooted and I had encrypted swap.

Hugh McCurdy
  • 121
0

This actually worked for me, but i'm not sure if it is a good solution (multiple users):

sudo gedit /etc/init/cryptdisks.conf

search line near bottom of the file containing do_start and add 

/etc/init.d/cryptdisks reload

just below;

assuming all stuff in michel's answer is done

tomasb
  • 113
  • 7
  • probably better solution is to use ordinary swap file located in encrypted home for each user and start swapping after login; have found this bug since Ubuntu 7.04 – tomasb Jul 18 '14 at 20:06
  • First of all, this bug has definitely not existed since 7.04. I have used encrypted swap with no problems in 9.10, 10.04, and 12.04. Secondly using encrypted swap is supposed to be more secure than a swap file in a home directory, since encrypted swap is done with a key, which is not persisted across reboots. Finally in order for a clean shutdown to happen as reliably as possible, it need to be possible to unmount all file systems, even if there is insufficient RAM to disable swap. In this respect a swap file will always be less reliable than a swap partition. – kasperd Mar 14 '15 at 18:12