Encrypted Swap Partition for 14.04

partitioning 14.04 encryption swap

15,234

Solution 1

After some more trying and bootups I figured out that this seems to work for me:

NOTE: REPLACE the X in sdaX with YOUR partition-number! UUIDs did not work for me!

Install necessary packages:

sudo apt-get install cryptsetup

Format your partition to SWAP

sudo swapoff -a
sudo cryptsetup -d /dev/urandom create cryptswap /dev/sdaX
sudo mkswap -f /dev/mapper/cryptswap -v1 -Lhello-swap

Add or edit the following line to /etc/crypttab:

cryptswap /dev/sdaX /dev/urandom swap

Add or edit the line in /etc/fstab:

/dev/mapper/cryptswap none swap sw 0 0

Re-enable swap:

sudo swapon -s

Confirm that swap is enabled:

free -m | grep Swap:

or check your System Monitor app in the Resources tab.

Solution 2

Using 14.04LTS, I had the same problem as tomasb, that encrypted swap wasn't on after reboot. I discovered that /etc/crypttab wasn't being processed because the necessary init.d scripts (cryptdisks and cryptdisks-early) weren't installed.

I solved that problem with

$ sudo apt-get install cryptsetup

Rebooted and I had encrypted swap.

15,234

michel

Updated on September 18, 2022

Comments

michel over 1 year

How can I produce an encrypted Swap Partition for 14.04 ? All the advices I saw here are for versions <14.04 and do not work for me.

I tried a lot but nothing lasted longer than a reboot.

On installation I decided to encrypt my home and 9 GiB partition for swap but this swap was never used by Kubuntu. Gparted finds an "unknown filesystem".

I many times formated it as swap, edited fstab and crypttab and used all the tricks mentioned in different answers here. The often mentioned PunyGeek letter does not work for me probably because /etc/initramfs-tools/conf.d/resume does not even exist on my system.
tomasb almost 10 years

not working after reboot
tomasb almost 10 years

probably better solution is to use ordinary swap file located in encrypted home for each user and start swapping after login; have found this bug since Ubuntu 7.04
kasperd about 9 years

First of all, this bug has definitely not existed since 7.04. I have used encrypted swap with no problems in 9.10, 10.04, and 12.04. Secondly using encrypted swap is supposed to be more secure than a swap file in a home directory, since encrypted swap is done with a key, which is not persisted across reboots. Finally in order for a clean shutdown to happen as reliably as possible, it need to be possible to unmount all file systems, even if there is insufficient RAM to disable swap. In this respect a swap file will always be less reliable than a swap partition.
Stephan Henningsen over 7 years

I added this step to the accepted answer so everything is contained in there.
KrisWebDev over 7 years

It probably misses an update-initramfs -u at the end, in order for the initamfs cryptroot hook script to embed the kernel drivers (aes, sha256, etc) in the initramfs, to be effective after reboot.