Talk:Dm-crypt/Swap encryption

From ArchWiki

Enter Passphrase

Anyone know what to do about the "Please enter passphrase for disk myswap (swap)!" and "systemd-ask-password" msgs diplaying at bootup? Occurs with the Without suspend-to-disk mode. Voukait (talk) 07:32, 8 May 2016 (UTC)Reply[reply]

Which hooks do you use in mkinitcpio for the encryption? Any kernel parameter for "resume=" that might trigger it? --Indigo (talk) 09:32, 8 May 2016 (UTC)Reply[reply]
Ive been investigating this further and it appears that it is this issue. Which looks like the problem is caused by formating the partition as swap, and then the runtime encryption fails because it detects it as a swap drive. As soon as I can change the partition type, I will confirm.

Voukait (talk) 23:38, 10 May 2016 (UTC)Reply[reply]

Adding my 2cents here: I was having the same problem due to a mistake I made when following the steps. It seems that I had used the wrong cipher (i.e. I mixed two different techniques: with kernel naming and with label, because I did it all in order before encountering the warning about the potential changes of names and decided to adapt to it.) To correct it, I had to replace : safeSwap LABEL=cryptswap /dev/urandom swap,offset=2048,cipher=aes-cbc-essiv:sha256,size=512 #WRONG CIPHER METHOD with: safeSwap LABEL=cryptswap /dev/urandom swap,offset=2048,cipher=aes-xts-plain64,size=512 #WORKS LIKE A CHARM I therefore suggest emphasizing the fact that the chosen cipher type is important to save other people's time. I was maybe not the only one to fall for it, if I can refer to this thread: Bruno- (talk) 19:35, 5 September 2020 (UTC)Reply[reply]

Dm-crypt/Swap + systemd-networkd = system not booting

See also Talk:Systemd-networkd#systemd-networkd + Dm-crypt/Swap = system not booting

I encountered issue on fresh install on small VPS (1Gb RAM, 1vCPU) that if I have systemd-networkd and crypt-swap then boot process hangs while waiting for crypt-swap device. Posted workaround here:

Gregosky (talk) 06:29, 16 January 2020 (UTC)Reply[reply]

Alternative approach for ZFS with swap on a Luks partition

I am using the approach listed on this website,

With this approach the Luks cryptroot partition is partitioned further into a SWAP and ZFS root partition. The advantage of this approach is that a single password is needed for both ZFS and SWAP parition.

—This unsigned comment is by Trumee (talk) 08:23, 3 April 2021‎. Please sign your posts with ~~~~!

tune2fs -O read-only

In the section Without suspend-to-disk support > UUID and LABEL, wouldn’t it be a good idea to mark the ext2 filesystem as read-only with tune2fs -O read-only?

Kugland (talk) 08:23, 1 January 2022 (UTC)Reply[reply]

suspend-to-disk mkinitcpio hook: suggest something like /dev/disk/by-uuid/<uuid> over /dev/<device>

In section Suspend-to-disk support --> Using a swap partition --> mkinitcpio hook, in `/etc/initcpio/hooks/openswap`, I think it'd be better to suggest `/dev/disk/by-uuid/<uuid>` over `/dev/<device>`, if going by the recommendation to not use block device names in config files. Keiichiiownsu12 (talk) 19:37, 20 November 2023 (UTC)Reply[reply]

Sounds reasonable. You can use a pseudo-variable for the UUID value: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX. Also, /dev/disk/by-uuid/ can be replaced with UUID=. -- nl6720 (talk) 08:57, 21 November 2023 (UTC)Reply[reply]