Hello, I'm trying to setup a partman recipe with a random keyed cypto swap. Here is a working lvm recipe: #+begin_src partman-auto/text/boot_lvm :: 128 2048 256 ext4 $defaultignore{ } $primary{ } $bootable{ } method{ format } format{ } use_filesystem{ } filesystem{ ext4 } label{ /boot } mountpoint{ /boot } options/nodev{ nodev } options/noexec{ noexec } options/nosuid{ nosuid } options/nosuid{ noatime } . 1024 1024 -1 ext4 $defaultignore{ } $primary{ } method{ lvm } . 512 1024 200% linux-swap $lvmok{ } lv_name{ swap } method{ swap } format{ } . 1024 2048 2048 ext4 $lvmok{ } lv_name{ root } method{ format } format{ } use_filesystem{ } filesystem{ ext4 } label{ / } mountpoint{ / } options/nosuid{ noatime } . 512 4096 1024 ext4 $lvmok{ } lv_name{ tmp } method{ format } format{ } use_filesystem{ } filesystem{ ext4 } label{ /tmp } mountpoint{ /tmp } options/nosuid{ nosuid } options/nodev{ nodev } options/noexec{ noexec } options/nosuid{ noatime } . 1024 3072 2048 ext4 $lvmok{ } lv_name{ usr } method{ format } format{ } use_filesystem{ } filesystem{ ext4 } label{ /usr } mountpoint{ /usr } options/nosuid{ noatime } . 1024 1024 1024 ext4 $lvmok{ } lv_name{ var } method{ format } format{ } use_filesystem{ } filesystem{ ext4 } label{ /var } mountpoint{ /var } options/nosuid{ noatime } . 512 2048 1024 ext4 $lvmok{ } lv_name{ var+log } method{ format } format{ } use_filesystem{ } filesystem{ ext4 } label{ /var/log } mountpoint{ /var/log } options/nosuid{ nosuid } options/nodev{ nodev } options/noexec{ noexec } options/nosuid{ noatime } . 3096 2048 5120 ext4 $lvmok{ } lv_name{ var+cache } method{ format } format{ } use_filesystem{ } filesystem{ ext4 } label{ /var/cache } mountpoint{ /var/cache } options/nosuid{ noatime } . 500 100 -1 ext4 $lvmok{ } lv_name{ toremove } method{ keep } . #+end_src Now, I replace the swap bloc with the following: #+begin_src 512 1024 200% linux-swap $lvmok{ } lv_name{ cswap } method{ crypto } crypto_type{ dm-crypt } cipher{ aes } keyhash{ sha256 } keytype{ random } keysize{ 256 } ivalgorithm{ xts-essiv:sha256 } . #+end_src I only get an inactive crypt volume, I don't find any documentation on how to use it, for swap in the present case, or /tmp. Regards. -- Daniel Dehennin Récupérer ma clef GPG: gpg --keyserver pgp.mit.edu --recv-keys 0x6A2540D1
Attachment:
pgp1jkK5TFMem.pgp
Description: PGP signature