LUKS - Linux Unified Key Setup: Difference between revisions
From Lolly's Wiki
Jump to navigationJump to search
(Die Seite wurde neu angelegt: „Kategorie:Linux ==Encrypted swap on LVM== ===Create logical volume for swap== <source lang=bash> # lvcreate -L 2g -n lv-swap vg-root Logical volume "lv-…“) |
No edit summary |
||
| Line 2: | Line 2: | ||
==Encrypted swap on LVM== | ==Encrypted swap on LVM== | ||
===Create logical volume for swap== | ===Create logical volume for swap=== | ||
<source lang=bash> | <source lang=bash> | ||
# lvcreate -L 2g -n lv-swap vg-root | # lvcreate -L 2g -n lv-swap vg-root | ||
| Line 35: | Line 35: | ||
# offset=40 : Save the region where your UUID is written on disk. | # offset=40 : Save the region where your UUID is written on disk. | ||
# noearly : Avoid race conditions of the init scripts (cryptdisks and cryptdisks-early). | # noearly : Avoid race conditions of the init scripts (cryptdisks and cryptdisks-early). | ||
====Start the crypted partition==== | |||
<source lang=bash> | |||
# cryptdisks_start cryptswap1 | |||
* Starting crypto disk... | |||
* cryptswap1 (starting).. | |||
* cryptswap1 (started)... | |||
</source> | |||
====Check the status==== | |||
<source lang=bash> | |||
# cryptsetup status cryptswap1 | |||
/dev/mapper/cryptswap1 is active. | |||
type: PLAIN | |||
cipher: aes-cbc-essiv:sha256 | |||
keysize: 256 bits | |||
device: /dev/mapper/vg--root-lv--swap | |||
offset: 40 sectors | |||
size: 4194264 sectors | |||
mode: read/write | |||
</source> | |||
====Make the swapFS==== | |||
<source lang=bash> | |||
# mkswap /dev/mapper/cryptswap1 | |||
mkswap: /dev/mapper/cryptswap1: warning: don't erase bootbits sectors | |||
on whole disk. Use -f to force. | |||
Setting up swapspace version 1, size = 2097128 KiB | |||
no label, UUID=ccdd1d28-0504-4682-8ece-8b6ef381d7e9 | |||
</source> | |||
This new UUID has no relevance for /etc/crypttab. | |||
===Edit the /etc/fstab=== | |||
<source lang=bash> | |||
# vit /etc/fstab | |||
... | |||
/dev/mapper/cryptswap1 none swap sw 0 0 | |||
</source> | |||
Reboot to test your settings. | |||
Revision as of 16:47, 7 December 2015
Encrypted swap on LVM
Create logical volume for swap
# lvcreate -L 2g -n lv-swap vg-root
Logical volume "lv-swap" created
# lvs /dev/vg-root/lv-swap
LV VG Attr LSize Pool Origin Data% Move Log Copy% Convert
lv-swap vg-root -wi-ao--- 2.00g
Create and get the UUID
# mkswap /dev/vg-root/lv-swap
mkswap: /dev/vg-root/lv-swap: warning: don't erase bootbits sectors
on whole disk. Use -f to force.
Setting up swapspace version 1, size = 2097148 KiB
no label, '''UUID=4764e516-d025-41de-ab5b-72070a3ae765'''
Save this UUID for the next step!!!
Create the crypted swap
Put this in your /etc/crypttab :
cryptswap1 UUID=4764e516-d025-41de-ab5b-72070a3ae765 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,offset=40,noearly
The UUID is the one from mkswap before!!!
Important things:
- offset=40 : Save the region where your UUID is written on disk.
- noearly : Avoid race conditions of the init scripts (cryptdisks and cryptdisks-early).
Start the crypted partition
# cryptdisks_start cryptswap1
* Starting crypto disk...
* cryptswap1 (starting)..
* cryptswap1 (started)...
Check the status
# cryptsetup status cryptswap1
/dev/mapper/cryptswap1 is active.
type: PLAIN
cipher: aes-cbc-essiv:sha256
keysize: 256 bits
device: /dev/mapper/vg--root-lv--swap
offset: 40 sectors
size: 4194264 sectors
mode: read/write
Make the swapFS
# mkswap /dev/mapper/cryptswap1
mkswap: /dev/mapper/cryptswap1: warning: don't erase bootbits sectors
on whole disk. Use -f to force.
Setting up swapspace version 1, size = 2097128 KiB
no label, UUID=ccdd1d28-0504-4682-8ece-8b6ef381d7e9
This new UUID has no relevance for /etc/crypttab.
Edit the /etc/fstab
# vit /etc/fstab
...
/dev/mapper/cryptswap1 none swap sw 0 0
Reboot to test your settings.
