Le 13/01/2019 à 22:22, Neven Sajko via arch-general a écrit :
Do you need the swap to be persistent across reboots in order to support hibernation? If not, it is sufficient to have the swap mounted with a randomized key. I would like to be able to resume from hibernation, yes.
If you do need hibernation support, the simple method would be to use a swap file residing on the encrypted / Simple as in "already well supported", but not optimal, as swap depends on a filesystem.
The more complex method would be to copy the initramfs encrypt hook and modify it to support an additional encrypted device with a different password. I want full disk encryption. There is nothing controversial about FDE, it is already covered in the Wiki, except that I want FDE without LVM.
None of this needs kpartx. Thank you for input, indeed all your suggestions would work, but I am going for the optimal solution here, and kpartx (or an equivalent devmapper program) seems to be a requirement for that.
OK, I know understand your requirements and indeed something like kpartx is required if you want to be independent from LVM or the filesystem. I’m not sure what adding it in the ISO would require (outside having it in the repo of course), but anyway you can still add it yourself it if you have an internet access during installation. ;) Feel free to enhance the wiki with this example, being quite different from the LVM one it might interest others, and eventually lead to the inclusion of kpartx in the repos (and latter maybe even in the ISO, though again I’m not sure about the criterion here). Regards, Bruno