Re: Re: change from fixed LUKS w/password to random encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2009-02-20 at 05:22 +0100, Jonas wrote:
> On 19/02/2009 Ross Boylan wrote:
> > On Fri, 2009-02-20 at 01:11 +0000, Lurkos wrote:
> > > I will follow these steps:
> > > 1) umount swap with
> > > # swapoff /dev/mapper/hda5_crypt
> > > 2) close partion
> > > # cryptsetup luksClose hda5_crypt
> > > 3) modify /etc/crypttab
> > > hda5_crypt /dev/hda5 /dev/random
> > > cipher=cipher=aes-cbc-essiv:sha256,size=128,swap
> > > (single line!)
> > > 4) modify /etc/fstab
> > > /dev/mapper/hda5_crypt none swap sw 0 0
> > > 5) reboot
> > Thanks for your reply.  Does this mean that swapon at step 5 is a bad
> > idea?  Don't I need to regenerate initrd's before booting?
> 
> It's perfectly safe to do swapon as step 5 instead of reboot. you don't
> need to reboot at all.
In place of 5 I did
cryptdisks_start sdb2_crypt
swapon /dev/mapper/sdb2_crypt

I think the first step was necessary.  I was a little surprised the swap
option in cryptab didn't get the swap going automatically, but it didn't
(as reported by swapon -s).

> 
> and no, you don't need to regenerate the initrd. information about
> encrypted disks in initramfs is only required for encrypted rootfs and
> for suspend/resume functions. but suspend/resume doesn't work anyway in
> conjunction with random key for encrypted swap.
> 
Thanks for the info.

Thanks Lurkos and Jonas for your help.  Everything looks good now.

-- 
Ross Boylan                                      wk:  (415) 514-8146
185 Berry St #5700                               ross@xxxxxxxxxxxxxxxx
Dept of Epidemiology and Biostatistics           fax: (415) 514-8150
University of California, San Francisco
San Francisco, CA 94107-1739                     hm:  (415) 550-1062


---------------------------------------------------------------------
dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx


[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux