n Wed, 07 May 2003 18:53:00 +0300 Jari Ruusu <jari.ruusu@xxxxxxxxxx> wrote: > Sam Simpson wrote: > > I'm thinking of using the following on shutdown: > > > > swapoff -a > > dd if=/dev/zero of=/dev/hda1 bs=1024k count=64 > > sync > > mkswap /dev/hda1 > > sync > > swapon -a > > > > (after checking that hda1 is swap ;). Any comments or improvements? > > If you are using loop-AES, just set up encrypted swap like this: > > First, run "swapoff -a" to turn off swap devices in your /etc/fstab file. > Second, add "loop=/dev/loop?" and "encryption=AES128" options to swap lines > in your /etc/fstab file. Example: > > /dev/hda666 none swap sw,loop=/dev/loop6,encryption=AES128 0 0 > ^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^ > Third, run "swapon -a" and "rm -rf /var/log/ksymoops" and you are done. > > Running "swapon -a" will set up loop devices using random keys, run mkswap > on them, and enable encrypted swap on specified loop devices. Usually your > distro's startup scripts will run the "swapon -a" command so you don't need > to change your startup scripts at all. As expected, "swapoff -a" will tear > down such loop devices. > > Regards, > Jari Ruusu <jari.ruusu@xxxxxxxxxx> > > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ > > Is that work with kernelI (with losetup and mount) patch? Any kernel Int cipher may be selected? - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
