> Do you need the swap to be persistent across reboots in order to support > hibernation? If not, it is sufficient to have the swap mounted with a > randomized key. I would like to be able to resume from hibernation, yes. > If you do need hibernation support, the simple method would be to use a > swap file residing on the encrypted / Simple as in "already well supported", but not optimal, as swap depends on a filesystem. > The more complex method would be to copy the initramfs encrypt hook and > modify it to support an additional encrypted device with a different > password. I want full disk encryption. There is nothing controversial about FDE, it is already covered in the Wiki, except that I want FDE without LVM. > None of this needs kpartx. > > -- > Eli Schwartz > Bug Wrangler and Trusted User Thank you for input, indeed all your suggestions would work, but I am going for the optimal solution here, and kpartx (or an equivalent devmapper program) seems to be a requirement for that. Regards, Neven Sajko
