[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Encrypted root partition
From: |
Efraim Flashner |
Subject: |
Re: Encrypted root partition |
Date: |
Wed, 18 Jan 2017 22:53:25 +0200 |
User-agent: |
Mutt/1.7.2 (2016-11-26) |
On Wed, Jan 18, 2017 at 03:38:57AM -0800, Chris Marusich wrote:
> Chris Marusich <address@hidden> writes:
>
> As a bonus, I realized that one could use this feature to encrypt swap,
> also. You can encrypt your swap area by using a swap file in the root
> file system. Specifically, if you do something like this...
>
> # Make the file readable/writable only by root.
> sudo dd if=/dev/zero of=/swapfile bs=1MiB count=10240
> sudo chmod 600 /swapfile
> sudo mkswap --label swap /swapfile
>
> and then you add a single line to your operating system configuration
> file like this...
>
> (swap-devices '("/swapfile"))
>
> then your swap file will be automatically mounted during boot. You
> don't even have to enter your LUKS passphrase an additional time. I was
> pleasantly surprised to find out that encrypted swap was this easy!
>
This seems like something that would be nice to add to the manual :)
--
Efraim Flashner <address@hidden> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
signature.asc
Description: PGP signature