Difference between revisions of "Talk:Dm-crypt/Swap encryption"

From ArchWiki
Jump to navigation Jump to search
(don't place custom hooks in /lib/initcpio)
Line 26: Line 26:
 
[[User:Voukait|Voukait]] ([[User talk:Voukait|talk]]) 23:38, 10 May 2016 (UTC)
 
[[User:Voukait|Voukait]] ([[User talk:Voukait|talk]]) 23:38, 10 May 2016 (UTC)
  
== don't place custom hooks in /lib/initcpio ==
+
== <s>don't place custom hooks in /lib/initcpio</s> ==
 
I'm not sure, but I think the recommended location for custom hooks is /etc/initcpio, not /lib/initcpio as currently mentioned in the article.
 
I'm not sure, but I think the recommended location for custom hooks is /etc/initcpio, not /lib/initcpio as currently mentioned in the article.
 
Section in question is: https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#mkinitcpio_hook
 
Section in question is: https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#mkinitcpio_hook
Line 33: Line 33:
  
 
[[User:Mearon|Mearon]] ([[User talk:Mearon|talk]]) 02:33, 6 December 2016 (UTC)
 
[[User:Mearon|Mearon]] ([[User talk:Mearon|talk]]) 02:33, 6 December 2016 (UTC)
 +
 +
:[https://wiki.archlinux.org/index.php?title=Dm-crypt/Swap_encryption&diff=458578&oldid=454940 Fixed]. Moving a hook around won't break it, so if it worked before, it'll work now. -- [[User:nl6720|nl6720]] ([[User talk:nl6720|talk]]) 07:41, 6 December 2016 (UTC)

Revision as of 07:42, 6 December 2016

Partuuid

Since partuuid associated with the partition in GPT, and not the FS, they would persist on encrypted swap, right?

—This unsigned comment is by Osteichthyes (talk) 19:40, 3 April 2016‎. Please sign your posts with ~~~~!

Yes, PARTUUID/PARTLABEL works fine with GPT. Just remember that the partition will be formatted on every boot, so if you ever decide to use the partition for something else - you should also change its PARTUUID/PARTLABEL. And if you copy disks with dd you are duplicating those PARTUUIDs along with it. So there are some (albeit unlikely) cases where this is more likely to cause problems than using actual partition content as identifier. Frostschutz (talk) 20:03, 3 April 2016 (UTC)
+1. Couple of thoughts - I'm unsure how we want to handle it: We don't mention either MBR or GPT on this subpage. The reason for this is that we want to have general dm-crypt related partitioning info in the dedicated Dm-crypt/Drive preparation#Partitioning section. Now, for any crypt-swap we have the big warning to use persistent naming, for its own reason. It is, however, generally useful to apply persistent naming. The dm-crypt subpages generally use UUID as example, since it is the singular best known persistent naming. Take aside a re-encrypting swap UUID is a good generic for the examples in my opinion.
So, what's the best way to handle MBR/GPT differences:
  1. Expand Dm-crypt/Drive_preparation#Partitioning to include persistent naming for dm-crypt and the crosslinks to Persistent_block_device_naming, then shrink/crosslink the info on this page, or
  2. Add GPT options for this subpage anyway, regardless of how Dm-crypt/Drive_preparation#Partitioning is expanded, simply because it is important to choose the best variant for swap.
  3. Do nothing (since nothing is wrong).
Opinions? --Indigo (talk) 13:43, 6 April 2016 (UTC)
Adding option 3 above, which appears to be the preference of all in this talk item. Closing.
--Indigo (talk) 09:08, 6 May 2016 (UTC)

Enter Passphrase

Anyone know what to do about the "Please enter passphrase for disk myswap (swap)!" and "systemd-ask-password" msgs diplaying at bootup? Occurs with the Without suspend-to-disk mode. Voukait (talk) 07:32, 8 May 2016 (UTC)

Which hooks do you use in mkinitcpio for the encryption? Any kernel parameter for "resume=" that might trigger it? --Indigo (talk) 09:32, 8 May 2016 (UTC)
Ive been investigating this further and it appears that it is this issue. https://bbs.archlinux.org/viewtopic.php?id=176927 Which looks like the problem is caused by formating the partition as swap, and then the runtime encryption fails because it detects it as a swap drive. As soon as I can change the partition type, I will confirm.

Voukait (talk) 23:38, 10 May 2016 (UTC)

don't place custom hooks in /lib/initcpio

I'm not sure, but I think the recommended location for custom hooks is /etc/initcpio, not /lib/initcpio as currently mentioned in the article. Section in question is: https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#mkinitcpio_hook

I don't have the time atm to go through it, I think an edit should be done carefully and maybe tested(?), so that the guide still works...

Mearon (talk) 02:33, 6 December 2016 (UTC)

Fixed. Moving a hook around won't break it, so if it worked before, it'll work now. -- nl6720 (talk) 07:41, 6 December 2016 (UTC)