Encrypted swap is essential if your usage sometimes require extra bit of memory on the legacy or solid state harddrive which happens to be fully encrypted.
In this post, i will briefly go through the steps in setting up encrypted swap partition on Debian GNU/Linux OS (Linux Mint variant) with a sysV init system.
To begin, let's save any changes to your work and check if the swap partition is in use using command 'free -m' and deactivate the existing non-encrypted swap partition using command 'sudo swapoff -a'.
Next step is to initialise the (yet to be encrypted) swap partition as a LUKS formatted partition using 'sudo luksFormat /dev/sdaX' for a legacy harddrive where sd is the prefix for a sata interface connected harddrive, a is the English letter name convention for the first harddrive detected as such, and X is the Indian numerical name convention for partition to be used as swap. We will need to enter a password or passphrase for the setting up. It is advisable to choose a unique password that is different from the root or user password on your Debian system.
Now, we can create the conventional Linux swap area on the Luks formatted partition using 'sudo mkswap /dev/mapper/encryptedswap'. We then open the LUKS formatted drive '/dev/sdaX' and mapped it to '/dev/mapper/encryptedswap' using 'sudo cryptsetup open --type luks /dev/sdaX encryptedswap'.
We are finalising the change by editing the ('crypttab' and ('fstab' admin folder (/etc/crypttab and /etc/fstab) :
Under /etc/crypttab
# <target name> <source device> <key file> <options>
cswap /dev/sdaX /dev/urandom swap,luks
Note: you can also use the /dev/disk/by-id/wwn-.....-partX name convention as the source device.
Under /etc/fstab (comment out or delete the existing swap partition)
# /dev/sdaX
/dev/mapper/cswap none swap sw 0 0
Next we run update the initramfs so that the configuration at the admin folder should load at boot using ' sudo update-initramfs -u '
We then run 'swapon -s' to activate the 'encryptedswap' and check the status of the 'encryptedswap' using 'sudo cryptsetup status encryptedswap'. The status should read as '/dev/mapper/encryptedswap is active and is in use. ' and further information is listed as type, cipher, keysize (usually 256 bits) , device, offset, size and mode (usually read/write) .
We can further run ' free -m' and ' lsblk -la ' to verify the status. 'encryptedswap' with type crypt mountpoint [SWAP] should be listed below ' /dev/sdaX ' under lsblk command.
Follow my blog with Bloglovin
In this post, i will briefly go through the steps in setting up encrypted swap partition on Debian GNU/Linux OS (Linux Mint variant) with a sysV init system.
To begin, let's save any changes to your work and check if the swap partition is in use using command 'free -m' and deactivate the existing non-encrypted swap partition using command 'sudo swapoff -a'.
Next step is to initialise the (yet to be encrypted) swap partition as a LUKS formatted partition using 'sudo luksFormat /dev/sdaX' for a legacy harddrive where sd is the prefix for a sata interface connected harddrive, a is the English letter name convention for the first harddrive detected as such, and X is the Indian numerical name convention for partition to be used as swap. We will need to enter a password or passphrase for the setting up. It is advisable to choose a unique password that is different from the root or user password on your Debian system.
Now, we can create the conventional Linux swap area on the Luks formatted partition using 'sudo mkswap /dev/mapper/encryptedswap'. We then open the LUKS formatted drive '/dev/sdaX' and mapped it to '/dev/mapper/encryptedswap' using 'sudo cryptsetup open --type luks /dev/sdaX encryptedswap'.
We are finalising the change by editing the ('crypttab' and ('fstab' admin folder (/etc/crypttab and /etc/fstab) :
Under /etc/crypttab
# <target name> <source device> <key file> <options>
cswap /dev/sdaX /dev/urandom swap,luks
Note: you can also use the /dev/disk/by-id/wwn-.....-partX name convention as the source device.
Under /etc/fstab (comment out or delete the existing swap partition)
# /dev/sdaX
/dev/mapper/cswap none swap sw 0 0
Next we run update the initramfs so that the configuration at the admin folder should load at boot using ' sudo update-initramfs -u '
We then run 'swapon -s' to activate the 'encryptedswap' and check the status of the 'encryptedswap' using 'sudo cryptsetup status encryptedswap'. The status should read as '/dev/mapper/encryptedswap is active and is in use. ' and further information is listed as type, cipher, keysize (usually 256 bits) , device, offset, size and mode (usually read/write) .
We can further run ' free -m' and ' lsblk -la ' to verify the status. 'encryptedswap' with type crypt mountpoint [SWAP] should be listed below ' /dev/sdaX ' under lsblk command.
Follow my blog with Bloglovin
No comments:
Post a Comment