Sam Simpson wrote:
> I'm thinking of using the following on shutdown:
>
> swapoff -a
> dd if=/dev/zero of=/dev/hda1 bs=1024k count=64
> sync
> mkswap /dev/hda1
> sync
> swapon -a
>
> (after checking that hda1 is swap ;). Any comments or improvements?
If you are using loop-AES, just set up encrypted swap like this:
First, run "swapoff -a" to turn off swap devices in your /etc/fstab file.
Second, add "loop=/dev/loop?" and "encryption=AES128" options to swap lines
in your /etc/fstab file. Example:
/dev/hda666 none swap sw,loop=/dev/loop6,encryption=AES128 0 0
^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^
Third, run "swapon -a" and "rm -rf /var/log/ksymoops" and you are done.
Running "swapon -a" will set up loop devices using random keys, run mkswap
on them, and enable encrypted swap on specified loop devices. Usually your
distro's startup scripts will run the "swapon -a" command so you don't need
to change your startup scripts at all. As expected, "swapoff -a" will tear
down such loop devices.
Regards,
Jari Ruusu <jari.ruusu@xxxxxxxxxx>
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
