Skip to main content

Basic Set Up Encrypted Swap on LMDE 2

Encrypted swap is essential if your usage sometimes require extra bit of memory on the legacy or solid state harddrive which happens to be fully encrypted.

In this post, i will briefly go through the steps in setting up encrypted swap partition on Debian GNU/Linux OS (Linux Mint variant) with a sysV init system.

To begin, let's save any changes to your work and check if the swap partition is in use using command 'free -m'  and deactivate the existing non-encrypted swap partition using command 'sudo swapoff -a'.

Next step is to initialise the (yet to be encrypted) swap partition as a LUKS formatted partition using 'sudo luksFormat /dev/sdaX' for a legacy harddrive where sd is the prefix for a sata interface connected harddrive, a is the English letter name convention for the first harddrive detected as such, and X is the Indian numerical name convention for partition to be used as swap. We will need to enter a password or passphrase for the setting up. It is advisable to choose a unique password that is different from the root or user password on your Debian system.

Now, we can create the conventional Linux swap area on the Luks formatted partition using 'sudo mkswap /dev/mapper/encryptedswap'. We then open the LUKS formatted drive '/dev/sdaX' and mapped it to '/dev/mapper/encryptedswap' using 'sudo  cryptsetup  open  --type  luks  /dev/sdaX  encryptedswap'.

We are finalising the change by editing the ('crypttab' and ('fstab' admin folder (/etc/crypttab and /etc/fstab) :

Under /etc/crypttab
# <target name> <source device>         <key file>      <options>
cswap /dev/sdaX /dev/urandom swap,luks

Note: you can also use the /dev/disk/by-id/wwn-.....-partX name convention as the source device.

Under /etc/fstab (comment out  or delete the existing swap partition)
# /dev/sdaX
/dev/mapper/cswap       none   swap    sw      0       0
Next we run update the initramfs so that the configuration at the admin folder should load at boot using ' sudo update-initramfs -u '

We then run 'swapon -s' to activate the 'encryptedswap' and check the status of the 'encryptedswap' using 'sudo cryptsetup status encryptedswap'. The status should read as '/dev/mapper/encryptedswap is active and is in use. ' and further information is listed as type, cipher, keysize (usually 256 bits) , device, offset, size and mode (usually read/write) .

We can further run ' free -m' and ' lsblk -la ' to verify the status. 'encryptedswap' with type crypt mountpoint [SWAP] should be listed below ' /dev/sdaX ' under lsblk command.


Follow my blog with Bloglovin

Comments

Post a Comment

Popular posts from this blog

Repairing Fedora Grub using Fedora Live USB

First, Prepare the Fedora Workstation Live CD using Fedora Media Writer. Next, run the Workstation Live CD and run the console. Then, enter the following commands if you are running the separate boot and root partition: 1) sudo mount /dev/sdaX /mnt Note: sdaX is the root partition 2) sudo mount /dev/sdaW /mnt/boot Note: sdaW is the boot partition The following files are essential for running the essential processes for repairing grub and shall be mounted: 3) sudo mount --bind /dev /mnt/dev 4) sudo mount --bind /proc /mnt/proc 5) sudo mount --bind /sys /mnt/sys 6) sudo mount --bind /var/run /mnt/var/run Now, you are ready to go into the Fedora partitions to repair the grub files. The path should be changed to root user from liveuser> to root>: 7) sudo chroot /mnt If you are running dual boot Windows and Fedora system, the following command will replace the Metro Interface: 8) grub2-install /dev/sda With a dual-boot or multi-boot systems, the follow
Post a Comment
Read more

Installing SUSE Imagewriter on Linux Mint Debian Edition

The original title for this post is "Installing SUSE Imagewriter on Ubuntu LTS". Download Zip, save to preferred directory:~/Downloads However due to data loss of the blog, i decide to rewrite this article using Linux Mint Debian Editi on ( a similar distribution to Ubuntu ). First we have to download the source from Github (https://github.com/openSUSE/imagewriter) Download ZIP, save to preferred directory: ~/Downloads Extract imagewriter-master.zip in /home/username/Downloads and in terminal run the command: cd /home/username/Downloads/imagewriter-master Install the latest version of qt4-qmake and libqt4-dev by running: sudo apt-get update && sudo apt-get install qt4-qmake libqt4-dev Instructions for Linux Installation on github Follow the instructions in README.md by running the command: qmake DEFINES=USEHAL imagewriter.pro  Follow by the command: qmake DEFINES=USEUDISKS imagewriter.pro Next run the command: qmake DEFINE
Post a Comment
Read more

Fixing time on sysvinit and systemd

If you have a system that boot using different GNU/Linux init systems such as sysvinit (aka System 5) and systemd (aka System 500) in addition to proprietary Windows system, you may face incorrect time display on one of the aforementioned system. The difference in time display is dependent on the time difference of your location and the UTC time. Further complication may result from concept like Daylight Saving Time (DST). If the Bios is set to localtime, you may fix it in systemd boot system using 'timedatectl' command like: sudo timedatectl set-local-rtc 1 However, if you are using sysvinit and Bios is using localtime, you can set inform the system that local time is being used using 'hwclock' command like: sudo hwclock --localtime or to synchronize the hardware clock with system time and inform the system using: sudo hwclock --systohc --localtime If Bios is using UTC time, you may revert the change with 'timedatectl' like: sudo timedatectl set-lo
Post a Comment
Read more