Re: Encrypted swap and partitions
On Fri, Aug 15, 2003 at 07:24:57PM +0200, Vincent Bernat wrote:
> OoO Pendant le repas du vendredi 15 ao?t 2003, vers 19:18, Marc Singer
> <firstname.lastname@example.org> disait:
> >> Yes, it is possible. Use mcookie to build a password (or any other
> >> tool), then instruct losetup to read the password from stdin (-p 0).
> > I must defer to you on this since I cannot reproduce the reference.
> > What I recall is that the key was generated on-the-fly by one of the
> > kernel components.
> To setup encrypted swap, you can do :
> dd if=/dev/hda10 bs=1024 count=40 2>/dev/null | mcookie -f /dev/stdin | \
> losetup -p 0 -e aes -k 128 /dev/loop0 /dev/hda10
> (assuming that /dev/loop0 is free and /dev/hda10 is the swap)
> mkswap /dev/loop0
> swapon -p 0 /dev/loop0
> The dd is used as a third "random" source. Since the swap was
> previously encrypted, it is a "good" random source.
Then, if I understand you correctly, you agree that it is possible to
encrypt the swap space without user interaction.