On Fri, 2009-02-20 at 05:22 +0100, Jonas wrote: > On 19/02/2009 Ross Boylan wrote: > > On Fri, 2009-02-20 at 01:11 +0000, Lurkos wrote: > > > I will follow these steps: > > > 1) umount swap with > > > # swapoff /dev/mapper/hda5_crypt > > > 2) close partion > > > # cryptsetup luksClose hda5_crypt > > > 3) modify /etc/crypttab > > > hda5_crypt /dev/hda5 /dev/random > > > cipher=cipher=aes-cbc-essiv:sha256,size=128,swap > > > (single line!) > > > 4) modify /etc/fstab > > > /dev/mapper/hda5_crypt none swap sw 0 0 > > > 5) reboot > > Thanks for your reply. Does this mean that swapon at step 5 is a bad > > idea? Don't I need to regenerate initrd's before booting? > > It's perfectly safe to do swapon as step 5 instead of reboot. you don't > need to reboot at all. In place of 5 I did cryptdisks_start sdb2_crypt swapon /dev/mapper/sdb2_crypt I think the first step was necessary. I was a little surprised the swap option in cryptab didn't get the swap going automatically, but it didn't (as reported by swapon -s). > > and no, you don't need to regenerate the initrd. information about > encrypted disks in initramfs is only required for encrypted rootfs and > for suspend/resume functions. but suspend/resume doesn't work anyway in > conjunction with random key for encrypted swap. > Thanks for the info. Thanks Lurkos and Jonas for your help. Everything looks good now. -- Ross Boylan wk: (415) 514-8146 185 Berry St #5700 ross@xxxxxxxxxxxxxxxx Dept of Epidemiology and Biostatistics fax: (415) 514-8150 University of California, San Francisco San Francisco, CA 94107-1739 hm: (415) 550-1062 --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx