LUKS - Linux Unified Key Setup

From Lolly's Wiki
Revision as of 15:38, 7 December 2015 by Lollypop (talk | contribs) (Die Seite wurde neu angelegt: „Kategorie:Linux ==Encrypted swap on LVM== ===Create logical volume for swap== <source lang=bash> # lvcreate -L 2g -n lv-swap vg-root Logical volume "lv-…“)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Kategorie:Linux

Encrypted swap on LVM

=Create logical volume for swap

# lvcreate -L 2g -n lv-swap vg-root
  Logical volume "lv-swap" created
# lvs /dev/vg-root/lv-swap
  LV      VG      Attr      LSize Pool Origin Data%  Move Log Copy%  Convert
  lv-swap vg-root -wi-ao--- 2.00g

Create and get the UUID

# mkswap /dev/vg-root/lv-swap
mkswap: /dev/vg-root/lv-swap: warning: don't erase bootbits sectors
        on whole disk. Use -f to force.
Setting up swapspace version 1, size = 2097148 KiB
no label, '''UUID=4764e516-d025-41de-ab5b-72070a3ae765'''

Save this UUID for the next step!!!

Create the crypted swap

Put this in your /etc/crypttab :

cryptswap1 UUID=4764e516-d025-41de-ab5b-72070a3ae765 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,offset=40,noearly

The UUID is the one from mkswap before!!!

Important things:

  1. offset=40 : Save the region where your UUID is written on disk.
  2. noearly  : Avoid race conditions of the init scripts (cryptdisks and cryptdisks-early).