systemd-swap icon indicating copy to clipboard operation
systemd-swap copied to clipboard

Published 20 hours ago verified publisher icon nefelim4ag

encrypted swap file support?

Open dou4cc opened this issue 6 years ago • 7 comments

dou4cc avatar Jun 22 '19 14:06 dou4cc

What you mean? Linux doesn't have encrypted swap.

nefelim4ag avatar Jun 25 '19 10:06 nefelim4ag

I'm guessing that @dou4cc means swap on a dm-crypt volume with a random key.

peterhoeg avatar Jun 26 '19 02:06 peterhoeg

@Nefelim4ag whether you accept the feature request?

dou4cc avatar Jul 02 '19 05:07 dou4cc

I'm don't see any sense in that, so nope. If you really care about your data, such things is your problem.

More over, why i must support dm-crypt and not support LUKS or vise-versa?

i.e. what if i insert code, which will send key to me from every computer with dm-crypt?

You must understand the concern, you can do encrypted swap partition by yourself.

nefelim4ag avatar Jul 02 '19 13:07 nefelim4ag

More over, why i must support dm-crypt and not support LUKS or vise-versa?

either of they be ok

i.e. what if i insert code, which will send key to me from every computer with dm-crypt?

well, even if not implement the feature, you can crack into dm-crypt

dou4cc avatar Jul 04 '19 11:07 dou4cc

@dou4cc I'm not sure which method of encrypted swap you are after, but I just tried this project for the first time and it is working for my method without modifying the configuration or service.

In my /etc/crypttab, I put:

#<name>  <device>                              <password>     <options>
swap     /dev/disk/by-id/nvme-eui.2f5f-part2   /dev/urandom   swap,cipher=aes-cbc-essiv:sha256,size=256

I then installed systemd-swap and enabled it before rebooting.

# swapon --show
NAME      TYPE      SIZE USED PRIO
/dev/dm-5 partition 6.5G   0B   -2

beanaroo avatar Sep 27 '19 05:09 beanaroo

Since we delete our swapfiles on shutdown the security seems to only matter in regards to hibernation.

vilgotf avatar Jun 05 '20 12:06 vilgotf