Ubuntu :: Encrypted Swap And Suspend-to-disk
Feb 15, 2010
I have installed ubuntu via the alternate installer, activating encrypted home directories, which in turn enabled to have encrypted swap partitions and disabled hibernation (suspend-to-disk). I understand the arguments for having an encrypted swapspace in these cases. However, I'd like to be nevertheless able to hibernate. Now that the system is already set up, I cannot change and completely encrypt my harddisk via LUKS+LVM as it is suggested in numerous places.Instead, I tried the following. I created two swap partitions (sda7 and sda: one being encrypted via cryptsetup, to be used as a 'real' swap (sda7). Another without encryption, which is not listed in /etc/fstab, so that it is not normally used by the system. I have then configured uswsusp in order to use sda8 as a resume partition:
[code]...
I have decided to encrypt the resume image - I don't care entering a password once every time I resume, it just shouldn't be at every boot. And this way, I can have hibernation without the uncomfortable solution of having my decrypted, open files on the disk as clear text. However, as sda8 is not 'mounted' when I want to suspend, I get the following error:
[code]...
When I try to suspend now, it works. The image seems to get correctly written to sda8. However, on reboot, the image does not seem to be detected and the system is not resuming. I end up with a fresh login screen. would be also to unmount sda8 upon resume, is this better done by entering a hook in /etc/pm/sleep.d or can I just continue in the wrapper script above by executing s2disk.unwrapped only by calling it (without 'exec'), and entering a swapoff line behind it?
View 1 Replies
ADVERTISEMENT
Jul 1, 2010
I read an article earlier that suggested the swap partition is encrypted by default if you select an encrypted /home folder during installation, is that true (for Lucid)? I am suspecting it isn't because my hibernation works, which I believe shouldn't be the case?
View 3 Replies
View Related
Jan 31, 2011
I have read somewhere, that Ubuntu can not suspend itself into a swap file, is that true?
View 6 Replies
View Related
Feb 21, 2011
i started on the "Installation & Upgrades" Forum. So this is basically a repost. I configured an encrypted swap during the installation process of my kubuntu maverick using the manual install CD. I do not use LVM. This worked fine but I made the mistake of assigning a password to the encrypted swap. I would like to change this in favor for a random key. I tried to change /etc/crypttab in the following way:
[code]...
Now the system still asks for a password for sda7_crypt at startup, but does not recognize the old password. It seems that the swap gets a random key and works fine anyway, so I really want to remove only the question for the PW at boot time. This is not a big issue, but it is annoying. When the system is up I can do swapoff and swapon without problems and no password is needed. Directly after boot swap works:
[code]...
View 1 Replies
View Related
May 8, 2010
I've set up a Lucid system with software RAID and encryption, with three encrypted partions - swap (/dev/md1), the root filesystem (/dev/md2), and /home (/dev/md3). The unencrypted /boot partition is /dev/md0.
This works well but the passphrase had to be entered three times at bootup. Obviously it would be preferable to enter the passphrase once to unlock the root partition, then have the others unlocked via key files. So I added key files to the swap and home partitions and modified /etc/crypttab to use them:
Code:
md1_crypt UUID=8066adbc-584c-4766-b188-bc2a7b61a2f0 /root/keys/swap-key luks,swap
md2_crypt UUID=bac82294-f3b9-45e4-89ad-407cf8b19b7b none luks
md3_crypt UUID=7d82a0b7-c811-4cc3-9fe7-1961c74b5ff2 /root/keys/home-key luks
The key files are owned by root and have 0400 protection. (The /root/keys
[Code].....
Since the swap partition is no longer referenced in fstab or crypttab, why is there still a bootup password prompt for it? What else needs to be done to stop it?
View 1 Replies
View Related
Jun 2, 2010
While this is the second notebook I've had the luxury of running Slackware on, I have never used the the suspend to RAM / swap functions so all of this is new to me. With this new notebook and new installation of Slackware 13.1 I decided to give it a shot as it's definitely a power sucker. The machine is a Lenovo W510 with an NVidia graphics card running KDE. When I tell KDE to go to Sleep (RAM suspension) it looks like it does so properly by blanking the screen and pushing things to RAM. Is there a way to verify that Sleep is working? Anyway after unlocking the system my mouse pointer is no longer visible, however it is still active as I can hover over items to reveal their popups.
At this point none of my conky displays are transparent anymore, nor are they actively displaying stats. The windows I have set to display with 88% opacity are no longer as such and are completely opaque. It is as if all the custom window settings are ignored. If I move the the mouse towards the bottom of the screen the screen starts to go crazy with this rainbow of colors across the top of the screen and the only way to get out of this is to press Ctrl-ESC to bring up a System Activity window. I have not tried Hibernate yet as I would like to get this resolved first. Is Slackware 13.1 supposed to be able to Sleep/Hibernate with no special configuration and creation of scripts provided that the system can handle these functions?
View 10 Replies
View Related
May 28, 2010
I use the follow command to create a encrypted swap:
Code:
bash# echo "cryptswap /dev/sda5 none swap" >> /etc/crypttab
and edit the 'fstab' file :
Code:
/dev/sda6 / ext4 defaults 1 1
/dev/mapper/cryptswap swap swap defaults 0 0
That's work fine, but I found the permission of '/dev/mapper/cryptswap' is like this:
Code:
hello@world:~$ ls -l /dev/mapper/cryptswap
brw-rw-r-- 1 root disk 253, 4 2010-05-28 12:55 /dev/mapper/cryptswap
Other users can read the file '/dev/mapper/cryptswap', does it harm the system's security ?
View 4 Replies
View Related
Apr 30, 2016
I installed Debian 8 Jessie with full disk encryption and chose to have everything on the same partition. After install, I notice that my 8GB laptop has a 16GB swap. Is there a way to reduce the swap to 8GB (or maybe 4) whilst not affecting the encryption?
I have a 1TB HDD so space is not an issue but I dislike such waste. The setup used LVM.
View 2 Replies
View Related
Feb 23, 2011
I've chosen to encrypt my swap partition while I was installing opensuse 11.3 on my PC.
I want to know how I can change its password(passphrase)?
View 2 Replies
View Related
Oct 29, 2014
Setting up a randomly passworded swap partition in Debian installer with the default settings (aes-xts-plain64 w/ AES-256 key strength) gives the following line in /etc/crypttab:
Code: Select all####_crypt /dev/#### /dev/urandom cipher=aes-xts-plain64,size=256,swap
However according to cryptsetup manpage when using XTS mode the key size must be doubled so in effect the 'size=256' parameter above is actually resulting in AES-128 strength, no? To get 256 bit key length the size option should be set to 512. Quote from cryptsetup manpage:
For XTS mode (a possible future default), use "aes-xts-plain" or better "aes-xts-plain64" as cipher specification and optionally set a key size of 512 bits with the -s option. Key size for XTS mode is twice that for other modes for the same security level.
View 3 Replies
View Related
Mar 25, 2011
am using 10.10 maverick and after installing ubuntu on an 8gig sd card the swap partition (1.55 gigs) is not being used, i am not sure what to do
View 9 Replies
View Related
Jul 18, 2010
Ive managed to screw up an encrypted disk experiment, basically at boot i get ask to enter my password which i lost.
Only a data partition is encrypted, the linux system is unecrypted.
However, the skip option thats presented that should work via S does not work. every key in input adds one * behind the password prompt.
The password prompt changes from white to red though. as if in the white phase you should be able to skip.
Im to lazy at the moment to swap the drive and comment the drive in fstab
I already booted in single, but still the mount occours. is there another way to get the system booting?
ubuntu server 10.04
View 1 Replies
View Related
Mar 3, 2010
I just wondering if there is such widget that I can put 'suspend to disk' and/or 'suspend to ram' onto my main panel like the logout button.I do not use 'Application Launcher' much but that is the only place I can find 'suspend to disk/ram' options/buttons.
View 7 Replies
View Related
Jan 20, 2011
After i click hibernate system begin to, but then it returns from suspend progress bar back to screensaver.
from dmesg:
Code:
[56908.741010] PM: Marking nosave pages: 000000000009f000 - 0000000000100000
[56908.741016] PM: Basic memory bitmaps created
[56909.338255] [drm] Requested: e: 20000 m: 0 p: 16
[56909.338259] [drm] Setting: e: 20000 m: 0 p: 16
[code]....
View 9 Replies
View Related
Aug 8, 2010
I'm using two swap disks. Changing the order they are in in /etc/fstab and using "pri" in fstab doesn't have any effect. This is what it looks like /etc/fstab
#swap on other disk
UUID=90a1550c-84d6-4bde-8bc1-7c15292980f1 none swap sw,pri=-1 0 0
#swap on same disk
UUID=13b70e65-f1c3-4728-920f-9e92467d1df0 none swap sw,pri=-2 0 0
[Code]...
Its opposite of what it is in fstab, and changes to fstab have no effect.
View 1 Replies
View Related
Aug 5, 2010
I just installed openSUSE 11.3 but cannot get hibernation (or suspend to disk) working. It does not go to hibernation but instead it just locks the screen. The relevant error in /var/log/pm-suspend.log looks like below.
According to /usr/lib/pm-utils/sleep.d/30s2disk-check '/dev/dm-1' must be the swap partition. What i don't understand is that why the error says swap partition is not active. There is no error for swap partition during boot time. Boot message says that swap partition is activated.
/usr/lib/pm-utils/sleep.d/06autofs hibernate hibernate:Shutting down automount ..done
success.
/usr/lib/pm-utils/sleep.d/30s2disk-check hibernate hibernate:INFO: checking for suspend-to-disk prerequisites...
ERROR: resume partition '/dev/dm-1' not active, can not suspend
[code]...
Below is fdisk -l information for the disk which has swap partition.
/dev/dm-0p1 1 2089 16779861 82 Linux swap / Solaris
Partition 1 does not start on physical sector boundary.
/dev/dm-0p2 2090 3395 10482431+ 83 Linux
[code].....
View 5 Replies
View Related
Apr 5, 2011
Is it better to use:
Code: -c aes-cbc-essiv -y -s 512 Or:
Code: -c aes-xts-plain -y -s 512
I've never encrypted a disk before; I'm following the Arch wiki (I'm a newbie, basically). Should I try and encrypt my swap partition (I've got 512 MB RAM, 1 GB swap)? Ideally, I'd like to make it so it's not feasible for someone (even a very skilled someone) to access my files (and system -- I'm encrypting /), but still make it fairly fast and usable for day-to-day operations. If it matters any, I'm using JFS.
View 3 Replies
View Related
Feb 23, 2010
I was running Ubuntu 9.04 Desktop on a headless Pentium 4 machine which is our file, mail, web & fax server. The two x 250GB SATA hard disks were in a RAID 1 array with full disk encryption. Ran the 9.10 upgrade via WEBMIN and it failed. I should have known then to copy over everything to a backup disk, but instead I rebooted.
On restart the machine accepted my encryption passphrase but promptly hung with a mountall symbol lookup error - code 127. So I can't start the machine to get at the disks, and using a Live CD is useless as it has no way to open the RAID array to get at the encrypted partitions. Although we have data backed up (as at last night) I'd hoped not to have to rebuild the entire server from scratch. But its looking bad.I have taken one drive out and plugged it into another machine (Hercules), and the partitions show up as /dev/sdb1 /dev/sdb2 /dev/sdb3.
If it weren't for RAID, I could open /dev/sdb2 the main partition) in Disk Utility and enter my encryption passphrase to get access. But RAID adds a layer of obstruction that I have not yet overcome. I used mdadm to scan the above partitions and created the /etc/mdadm.conf file, which I edited to show the 2nd drive as missing (rather than risk corrupting both drives). I activated the RAID array with mdadm, and cat shows:
Code:
root@HERCULES# cat /proc/mdstat
Personalities : [raid1]
md1 : active raid1 sdb3[0]
1815232 blocks [2/1] [U_]
[Code]...
I've been searching the web for hours but have yet to find someone with a solution to this situation. If anyone has a thought on how to access this disk I'd be pleased to hear from you. In the meantime I will start building a new (9.10) machine from scratch, without RAID, 'cos that's probably going to be necessary.
View 1 Replies
View Related
Apr 11, 2016
I tried to access files from my old hard drive that used to be in a Mac (which unfortunately isn't working anymore). I connected it to my computer which I am running debian gnome on. So my question is how do i access a mac os extended disk image. The disk is encrypted and when i try to open it it says that i don't have permission. I think its encrypted in AES 128 bit.
View 4 Replies
View Related
Jan 15, 2016
Is it better to install LUKS to raw disk (/dev/sdb) or disk partition (/dev/sdb1)? What are best LUKS options?
"cryptsetup benchmark" output
Code: Select allPBKDF2-sha1 1310720 iterations per second
PBKDF2-sha256 862315 iterations per second
PBKDF2-sha512 590414 iterations per second
[Code] ....
Is slow hash better or how to choose it? It is clear that aes-xts is best choise. Is 265 bit key good?
View 3 Replies
View Related
Oct 4, 2009
I just upgraded my F9 system to F10 using they preupgrade method, and though nothing seems to have failed during the upgrade I can't boot my system any longer.I have a completly encrypted system, and so I need to enter a passphrase at boot. The new F10 system does boot and I do get a Password: prompt but the passphrase is not accepted.My passphrase doesn't contain any odd characters to prevent problems with keyboard mappings. Just plain letters (upper and lower case) and digits
View 9 Replies
View Related
Oct 11, 2010
Can I delete the ext and swap partitions from disk management on windows 7 ? Because I want to install a fresh new copy of ubuntu 10.10 . I know it would affect windows 7 boot up.I can handle it by system restore Anyway can I do it or not ?
View 5 Replies
View Related
Mar 3, 2010
My system does not power off completely after I trigger the "suspend to disk" function. The monitor gets blank and the usb-mouse does not light anymore, but the power led is still on and the pc fans can be heared. Interestingly, neither pressing the power button nor the reset button starts the pc in this state. I have to unplug the electrical power and then press the power button. After that, the system resumes nicely from the hibernation state as it should. I know that the hardware itself is capable of powering off because it worked perfectly before with opensuse 10.2, and I didn't change any bios settings either. I tried the option acpi=force, but to no avail.
View 2 Replies
View Related
Feb 19, 2010
After returning from suspend to disk, RF devices (wlan and bluetooth) are disabled. Running lspci indicates that no wireless network device is available, and no drivers are loaded. Furthermore, the LED on the front of the laptop remains off - this is always on when RF devices are available. There is an Fn-F1 function key to toggle wireless, but this does not function to either enable or disable.
Rebooting the system does not re-enable the RF devices, and there is no option in the BIOS. The only workaround I have at present is to boot into windows vista and use the Fn-F1 function key. This pops up a small hotkey utility with the option to disable/enable the wi-fi and bluetooth (independently). Upon confirming the dialog, the RF device light immediately illuminates. Rebooting into fedora and wireless devices are working once again.
I am running kernel 2.6.31.12-174.2.3.fc12.x86_64, with the latest compat-wireless drivers. I can provide much more debug information (dmidecode, acpidump, boot logs, lspci etc...), I am just unable to determine what is relevant
# rfkill list
0: hci0: Bluetooth
Soft blocked: no
Hard blocked: no
[code]....
View 2 Replies
View Related
Sep 8, 2011
As far as I know hard drives are faster at the beginning of the disk. If this is true, why does Ubuntu put the swap partition to the back of the disk by default?
View 1 Replies
View Related
Aug 31, 2009
Has anyone configured a linux installation using an entire disk as swap space? I'm thinking about doing this with one or two 250G hard drives. We are experimenting with very large swap space.I would think that would be feasible, and actually faster with more disks. But I've never tried it.
View 2 Replies
View Related
Sep 5, 2011
I can see from /var/log/messages error messages and weird crashes that the disk in my laptop is on the way out. I plan to replace it but to do this I'd rather not have to install everything again.My laptop has these partitions:Windows Recovery (10GB)Windows 7 (NTFS 96.6GB)Linux /boot (ext4 100MB)Linux LVM (encrypted, 143GB)I need software that will allow me to create an image (or images) of all these partitions, save the image(s) to a USB hard drive and restore from those images once I've put the new, blank, hard drive into the laptop. Does anyone know of software (either open source or commercial pay-ware) or a technique to do this?
View 1 Replies
View Related
Dec 23, 2009
I have an external 300GB (Toshiba) disk which I encrypted (using cryptsetup luksFormat) and then installed an NTFS filesystem on (need to be able to use it in both Linux and Windows - using FreeOTFE). The disk mounts fine in windows and on my Fedora 10 system it automounts.
I can manually mount it on the RHEL5.3 system, and gnome-mount gets as far as recognising that it is encrypted and asking for the key, but it doesn't then mount it - I then have to manually mount the /dev/mapper/luks... device.
Does anyone know how to do this - if it works in Fedora 10 it ought to be possible to get it to work in EL5.3 I'd have thought.
View 4 Replies
View Related
Oct 29, 2009
How can I get a LUKS encrypted partition on an external USB device automounted with r/w access for non-privileged users?
Background:
I just reformatted an external USB device with ext4. The only partition is LUKS encrypted. Now, when I plug the device to my computer, KDE notifies me and asks me to enter the LUKS passphrase. Then it mounts the device. Little snag here: Non-privileged users have read-only access.
My user is a member of group plugdev, but not of group disk, as this was discouraged several times, e. g. by Robby Workman. With non-encrypted disks regular users have read/write access, or can change the filemodes accordingly, as far as I recall (currently I have no more non-encrypted disks left to verify it...)
View 11 Replies
View Related
Mar 22, 2010
I've been struggling with suspend to disk (hibernate if you prefer) for a while, it works after a fresh boot and for several days' worth of overnight hibernation as I go about my work, but eventually it stops working - it gets to the splash screen but the bar only makes it a little way to the left before stopping, and then after a timeout the system just returns to the "session locked" screen - no real error messages.
I've done my best to try to find out what's causing it to break but I'm really struggling, the suspend process doesn't appear to write anything helpful to the dmesg log or the /var/log/pm-suspend.log - the only thing that I've seen at about the right point in time is cifsd, but I can't be sure that it's a problem with cifs as hibernate continues to work immediately after mounting windows shares with cifs.
System:
Phenom-II X3
4Gb ram
OpenSUSE 11.1
[code]....
View 7 Replies
View Related
