Re: What is the correct way to set encrypted swap with systemd?

To: debian-user@lists.debian.org
Subject: Re: What is the correct way to set encrypted swap with systemd?
From: Sven Hartge <sven@svenhartge.de>
Date: Sat, 28 Mar 2015 14:32:58 +0100
Message-id: <[🔎] 0bg8v4gjjrv8@mids.svenhartge.de>
References: <[🔎] 5515DD3A.40807@gmail.com>

~Stack~ <i.am.stack@gmail.com> wrote:

> Remember back a few months ago when systemd wouldn't stop fsck'ing my
> swap partition?

Why would systemd fsck the swap? swap does not need fscking.

> I know it has to do with encrypted swap partitions. I proved that last
> time and I can prove it this time too. The method I have been using for
> a _very_ long time and has _always_ worked pre-systemd is this:
> $ grep swap /etc/crypttab
> sda3_crypt UUID=ef2496cd-ca4d-43aa-8c90-dba084029f6e /dev/urandom
> cipher=aes-xts-plain64,size=256,swap

> $ grep swap /etc/fstab
> /dev/mapper/sda3_crypt none            swap sw             0       0

I have the same setup on Debian Sid with systemd, just like you:

,----[ /etc/crypttab
| # <target name> <source device>         <key file>      <options>
| cswap   /dev/disk/by-id/md-uuid-a805edd5:bcfd4c98:ce747c2c:77d42131     /dev/urandom    swap,cipher=aes-cbc-essiv:sha256,size=256
`----

,----[ /etc/fstab
| /dev/mapper/cswap               none            swap    sw,pri=1        0       0
`----

And this just works. My setup is even more complex, because the
to-be-swap partition is on a md-RAID device.

The journal contains:

,----
| ~# journalctl --since="2015-03-28 13:19:40" | grep -i swap
| Mar 28 13:19:40 skuld systemd[1]: Expecting device dev-mapper-cswap.device...
| Mar 28 13:19:44 skuld systemd[1]: Starting Cryptography Setup for cswap...
| Mar 28 13:19:45 skuld mkswap[998]: Setting up swapspace version 1, size = 3901692 KiB
| Mar 28 13:19:45 skuld mkswap[998]: no label, UUID=93b9f463-bb59-4eb9-bc62-0fe2c3448f4e
| Mar 28 13:19:45 skuld systemd[1]: Started Cryptography Setup for cswap.
| Mar 28 13:19:45 skuld systemd[1]: Found device /dev/mapper/cswap.
| Mar 28 13:19:45 skuld systemd[1]: Activating swap /dev/mapper/cswap...
| Mar 28 13:19:45 skuld kernel: Adding 3901692k swap on /dev/mapper/cswap.  Priority:1 extents:1 across:3901692k FS
| Mar 28 13:19:45 skuld systemd[1]: Activated swap /dev/mapper/cswap.
| Mar 28 13:19:45 skuld systemd[1]: Starting Swap.
| Mar 28 13:19:45 skuld systemd[1]: Reached target Swap.
`----

And presto: encrypted swap.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

Reply to:

Follow-Ups:
- Re: [solved] What is the correct way to set encrypted swap with systemd?
  - From: ~Stack~ <i.am.stack@gmail.com>

References:
- What is the correct way to set encrypted swap with systemd?
  - From: ~Stack~ <i.am.stack@gmail.com>

Prev by Date: Re: Planning a new Debian box!
Next by Date: temporarily disable shutdown
Previous by thread: Re: What is the correct way to set encrypted swap with systemd?
Next by thread: Re: [solved] What is the correct way to set encrypted swap with systemd?
Index(es):
- Date
- Thread