Re: Swap encryption (via LUKS) and Hibernation (disk suspend)

To: debian-laptop@lists.debian.org
Subject: Re: Swap encryption (via LUKS) and Hibernation (disk suspend)
From: bob@proulx.com (Bob Proulx)
Date: Sat, 5 May 2007 09:56:31 -0600
Message-id: <[🔎] 20070505155631.GA30946@dementia.proulx.com>
Mail-followup-to: debian-laptop@lists.debian.org
In-reply-to: <[🔎] 20070505055440.GA3393@gmx.net>
References: <[🔎] 30914-55508@sneakemail.com> <[🔎] 1178299509.7932.9.camel@sophie.cantv.net> <[🔎] 20070505055440.GA3393@gmx.net>

Frank Ursel wrote:
> Gerardo Curiel wrote:
> > Right now, just using uswsusp , with a encrypted swap partition, it
> > works out of the box :D
> > 
> > The initramfs-tools package contains the needed hooks to unlock the
> > encrypted partition with cryptsetup.It works for me.
> 
> Not for me. The initramfs was build upon install and it recognized my
> encrypted swap, but after hibernation the correct device was not found.

I recently installed Etch on two different laptops, one a T42 and the
other a T43p.  On both the encrypted installation worked perfectly and
both were able to hibernate to encrypted swap and resume without
trouble.  It works for me.

I think some of the factors that affect this are if the laptop's acpi
bios is functional or not.  My previous laptop suffered from buggy
acpi problems and I never got suspend to ram to work and I always had
suspend to disk problems with it.  I could only get my previous laptop
to suspect to disk with swsusp2 and other patches.  (Using swsusp2 was
a lifesaver!)  The point here is that the problem may not be the Etch
installation as such but rather it may be a problem on the specific
model of machine it is being installed upon.  All other things being
equal some models of laptop may work perfectly while other models of
laptops will have problems.

The other place that might cause pproblems is that it is not
completely obvious how encryption should be installed.  First you do
this and then you do that.  It is possible to install the system with
a less than optimal configuration of encryption and that may also be
causing problems.

Let me very tersely describe this process.  The first thing is to
create a physical volume for encryption.  That enables a new option to
configure encrypted filesystems.  Then what I think is best is to use
lvm to manage all of the rest.  Therefore I create an lvm partition on
the newly created encrypted partition.  That enables a new option to
configure lvm.  Then create (at least) two logical volumes, one for
swap and one for everything else.  Then assign all of the partitions.
This creates both swap and filesystem partitions layered through lvm
layered through the encrypted partition.

This process enables one single encrypted partition and so a single
LUKS password at boot time needs to be entered.  But it supports
through lvm as many logical volumes as desired.  The Debian kernels
and mkinitrd are configured to set up the initrd automatically with
the layers of drivers needed to make this work out of the box.

It works for me.  Your mileage may vary.

Bob

Reply to:

Follow-Ups:
- Re: Swap encryption (via LUKS) and Hibernation (disk suspend)
  - From: q9u3x4c02@sneakemail.com
- Re: Swap encryption (via LUKS) and Hibernation (disk suspend)
  - From: q9u3x4c02@sneakemail.com

References:
- Swap encryption (via LUKS) and Hibernation (disk suspend)
  - From: q9u3x4c02@sneakemail.com
- Re: Swap encryption (via LUKS) and Hibernation (disk suspend)
  - From: Gerardo Curiel <gcuriel@gmail.com>
- Re: Swap encryption (via LUKS) and Hibernation (disk suspend)
  - From: Frank Ursel <listadress@gmx.net>

Prev by Date: Re: Etch on a Thinkpad T23
Next by Date: Re: Swap encryption (via LUKS) and Hibernation (disk suspend)
Previous by thread: Re: Swap encryption (via LUKS) and Hibernation (disk suspend)
Next by thread: Re: Swap encryption (via LUKS) and Hibernation (disk suspend)
Index(es):
- Date
- Thread