Short answer:
No gentoo does not have direct support for encrypted rootfs/swap (for
hibernate). However, I've heard that there's a strong pushing towards
dracut for initramfs handling (well parts of the dev community however),
if genkernel does not fulfil your needs. That is however from an OpenRC
POV, I'd say. Systemd handles encrypted block devices a little different
and you might end up with a lot more mambo jambo, than a little shell
scripting, to get things into place.
Certainly the gentoo community might have pointers to various
possibilities including those some of them tried already ;-).
Regards
-Sven
P.S.: https://wiki.gentoo.org/wiki/Initramfs/Guide for Gentoo'S
initramfs approaches...
Am 23.10.2016 um 12:52 schrieb Heiko Rosemann:
Hi David,
[cropped]
I don't know if gentoo has a similar setup ready out of the box.
Good luck, and remember to backup early and often ;)
Heiko
On 10/23/2016 12:27 AM, Sven Eschenberg wrote:
Not really a cryptsetup question.
You should be aware of the fact, that suspend to disk on a randomly
encrypted swap cannot work (for obvious reasons). In any way, you'll
need to start the kernel and give it a way to read the disk image. The
diskimage however should be encrypted for obvious reasons.
How can you resolve the hen and egg problem?
You can't with complete randomness.
You'll have to either:
1.) have a fixed passphrase for your swap, unlock swap during boot and
then resume
2.) store your in memory image at some other place than swap, again,
that place should be encrypted - you could possibly store the image on
/, then you'll have to unlock / during boot to resume.
3.) forget about suspend alltogether.
To answer your questions to some extent:
The kernel will first try to find a suspend image signature on the
default swap partition, the location can however be overridden with
resume=, the gory details are in the kernel's documentation on boot
parameters. The kernel will resume, if there's an image accessible, this
can however be overridden with hibernate= .
Regards
-Sven
Am 22.10.2016 um 15:55 schrieb David Niklas:
Hello,
I use a random encrypted swap partition, and I want to suspend my system
to disk. I'm having two problems.
1. How does the kernel know where to resume from/at all?
2. How do I get the random passphrase for decrypting the swap (and
remember it)?
Gentoo linux
cryptsetup 1.7.2
###### /etc/conf.d/dmcrypt #########
swap=swap
options=' -c aes -h sha256 -d /dev/urandom '
source='/dev/sda2'
####################################
Thanks,
David
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
