Thomas Bächler schrieb:
How do you get both hibernation and full encryption working together?It is possible. Consider the following setup:You have two partitions, one small (50MB) /boot /dev/sda1, the rest /dev/sda2. Now you create a LUKS-Volume in /dev/sda2, let's call this volume enc. Inside /dev/mapper/enc create a LVM physical volume. Then, create your root, swap, home, ... filesystems as logical volumes inside the LVM (let's say they are called /dev/vg/{root,swap,home,...}. That way, you just need to enter ONE passphrase to be able to access all your volumes, including swap and root.The installer (AIF) can set all the above up correctly, however, the current version will make the wrong grub line. In the described setup, it should be:cryptdevice=/dev/sda2:enc root=/dev/vg/root resume=/dev/vg/swap ro Your mkinitcpio.conf should have the following line: HOOKS="base udev pata scsi sata keymap encrypt lvm2 resume filesystems" (note that lvm2 is before resume, not after)This setup will make it possible to use hibernation on an encrypted system without a separate key storage and without having to enter more than one passphrase. It is also a very elegant setup, as you have the usual advantages of LVM.Have fun!
Forgot to add: This is supported out of the box by Arch without any modifications to mkinitcpio hooks (unlike the other suggested setups).
I have it set up right now, but I only hibernate rarely, I like suspend to ram better.
Attachment:
signature.asc
Description: OpenPGP digital signature