Re: Swap encryption (via LUKS) and Hibernation (disk suspend)
On Saturday 05 May 2007 11:56, Bob Proulx wrote:
> I recently installed Etch on two different laptops, one a T42 and the
> other a T43p. On both the encrypted installation worked perfectly and
> both were able to hibernate to encrypted swap and resume without
> trouble. It works for me.
That is of great relief, thank you. I was wondering how the installer actually
dealt with setting up encryption. I cannot find any documentation on the
procedures it takes, as I know that there are different (optimal and not so
optimal) ways of setting up LUKS.
Did you also use LVM2 by any chance? I would actually like to have both LVM2
and LUKS if possible.
> I think some of the factors that affect this are if the laptop's acpi
> bios is functional or not. My previous laptop suffered from buggy
> acpi problems and I never got suspend to ram to work and I always had
> suspend to disk problems with it. I could only get my previous laptop
> to suspect to disk with swsusp2 and other patches. (Using swsusp2 was
> a lifesaver!) The point here is that the problem may not be the Etch
> installation as such but rather it may be a problem on the specific
> model of machine it is being installed upon. All other things being
> equal some models of laptop may work perfectly while other models of
> laptops will have problems.
>From my experiences, it is almost always based on the machine's hardware. Not
counting software issues such as the suspend buttons not working or programs
not invoking the proper command.
> The other place that might cause pproblems is that it is not
> completely obvious how encryption should be installed. First you do
> this and then you do that. It is possible to install the system with
> a less than optimal configuration of encryption and that may also be
> causing problems.
>
> Let me very tersely describe this process. The first thing is to
> create a physical volume for encryption. That enables a new option to
> configure encrypted filesystems. Then what I think is best is to use
> lvm to manage all of the rest. Therefore I create an lvm partition on
> the newly created encrypted partition. That enables a new option to
> configure lvm. Then create (at least) two logical volumes, one for
> swap and one for everything else. Then assign all of the partitions.
> This creates both swap and filesystem partitions layered through lvm
> layered through the encrypted partition.
>
> This process enables one single encrypted partition and so a single
> LUKS password at boot time needs to be entered. But it supports
> through lvm as many logical volumes as desired. The Debian kernels
> and mkinitrd are configured to set up the initrd automatically with
> the layers of drivers needed to make this work out of the box.
Thank you very much for that explanation. It is great news to know that the
Debian developers created such a fine installer.
> It works for me. Your mileage may vary.
I really hope my mileage will not vary! I am really worried of the
installation working and even suspend and hibernation working correctly but
then one day, whether due to upgrade or whatnot, hibernation fails, corrupts
swap and upon resume, corrupts my data.
Reply to: