this post was submitted on 05 Sep 2024
5 points (100.0% liked)

Arch Linux

126 readers
1 users here now

Discussion community about the Arch Linux distro.

Wiki : https://wiki.archlinux.org/

Site : https://archlinux.org/

Packages : https://archlinux.org/packages/

GitLab : https://gitlab.archlinux.org/archlinux

Downloads : https://archlinux.org/download/

founded 10 months ago
MODERATORS
 

For context:
I've encrypted the swap partition with:

cryptsetup -v luksFormat /dev/${DEVICE}
cryptsetup luksOpen /dev/${DEVICE} swap

And what I want is for the user to be able to enter their password only once to decrypt their root partition which would contain a keyfile to then decrypt their swap partition.

Does anyone know if this is possible?
Just thought I'd ask to see if anyone's done this already

Links:

top 1 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 3 months ago

Use a different encryption key for your swap partition, then put that in a file on your (encrypted) root. In /etc/crypttab, where you list the encrypted partition and the device name for the unencrypted view, you can list the key file too. That way the swap partition will be automatically decrypted during the boot process and before swap is enabled.

I believe there may be issues resuming from suspend doing this, but I've not tested that.