[arch-general] Full system encryption with support for hibernation
vlad
vla at uni-bonn.de
Mon Oct 26 19:33:25 EDT 2009
On Sun, Oct 25, 2009 at 05:01:11PM +0100, Thomas Bächler wrote:
>
> It is possible. Consider the following setup:
>
> You have two partitions, one small (50MB) /boot /dev/sda1, the rest
> /dev/sda2. Now you create a LUKS-Volume in /dev/sda2, let's call
> this volume enc. Inside /dev/mapper/enc create a LVM physical
> volume. Then, create your root, swap, home, ... filesystems as
> logical volumes inside the LVM (let's say they are called
> /dev/vg/{root,swap,home,...}. That way, you just need to enter ONE
> passphrase to be able to access all your volumes, including swap and
> root.
>
> The installer (AIF) can set all the above up correctly, however, the
> current version will make the wrong grub line. In the described
> setup, it should be:
>
> cryptdevice=/dev/sda2:enc root=/dev/vg/root resume=/dev/vg/swap ro
>
> Your mkinitcpio.conf should have the following line:
>
> HOOKS="base udev pata scsi sata keymap encrypt lvm2 resume filesystems"
> (note that lvm2 is before resume, not after)
>
> This setup will make it possible to use hibernation on an encrypted
> system without a separate key storage and without having to enter
> more than one passphrase. It is also a very elegant setup, as you
> have the usual advantages of LVM.
>
> Have fun!
>
Thanks, helpful hints.
But does this also work with "suspend-to-ram"?
I mean, when suspending to ram everything remains unencrypted?
Do I see this right?
Vlad
--
More information about the arch-general
mailing list