Dale Amon wrote: > I'm trying to work out how to cleanly integrate a > cryptoswap option into the normal rcS.d scripts, but > seem to be stuck in a catch-22. > > I have to set up the swap partition before the first > swapon -a; this occurs in S10checkroot.sh. > > Since a system might be running devfs, I also have > the constraint of doing it after S01devfsd; so all > would seem okay... except that I need /dev/urandom, > and it is not available until S55urandom because it > writes files in /var/lib. > > The root fs is not writeable until after S10checkroot.sh, > so I can't change the sequence. > > Does anyone see a way out of this quandary? Mount swap partitions after /dev/urandom is initialized (see loop-AES' README file) or encrypt root partition and you can set up swap partitions with fixed keys that will be protected by root partition encryption. Regards, Jari Ruusu <jari.ruusu@pp.inet.fi> - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
