Encrypted Swap Partition for 14.04
Solution 1
After some more trying and bootups I figured out that this seems to work for me:
NOTE: REPLACE the X in sdaX with YOUR partition-number! UUIDs did not work for me!
Install necessary packages:
sudo apt-get install cryptsetup
Format your partition to SWAP
sudo swapoff -a
sudo cryptsetup -d /dev/urandom create cryptswap /dev/sdaX
sudo mkswap -f /dev/mapper/cryptswap -v1 -Lhello-swap
Add or edit the following line to /etc/crypttab
:
cryptswap /dev/sdaX /dev/urandom swap
Add or edit the line in /etc/fstab
:
/dev/mapper/cryptswap none swap sw 0 0
Re-enable swap:
sudo swapon -s
Confirm that swap is enabled:
free -m | grep Swap:
or check your System Monitor app in the Resources tab.
Solution 2
Using 14.04LTS, I had the same problem as tomasb, that encrypted swap wasn't on after reboot. I discovered that /etc/crypttab wasn't being processed because the necessary init.d scripts (cryptdisks and cryptdisks-early) weren't installed.
I solved that problem with
$ sudo apt-get install cryptsetup
Rebooted and I had encrypted swap.
Related videos on Youtube
michel
Updated on September 18, 2022Comments
-
michel over 1 year
How can I produce an encrypted Swap Partition for 14.04 ? All the advices I saw here are for versions <14.04 and do not work for me.
I tried a lot but nothing lasted longer than a reboot.
On installation I decided to encrypt my home and 9 GiB partition for swap but this swap was never used by Kubuntu. Gparted finds an "unknown filesystem".
I many times formated it as swap, edited
fstab
andcrypttab
and used all the tricks mentioned in different answers here. The often mentioned PunyGeek letter does not work for me probably because/etc/initramfs-tools/conf.d/resume
does not even exist on my system. -
tomasb almost 10 yearsnot working after reboot
-
tomasb almost 10 yearsprobably better solution is to use ordinary swap file located in encrypted home for each user and start swapping after login; have found this bug since Ubuntu 7.04
-
kasperd about 9 yearsFirst of all, this bug has definitely not existed since 7.04. I have used encrypted swap with no problems in 9.10, 10.04, and 12.04. Secondly using encrypted swap is supposed to be more secure than a swap file in a home directory, since encrypted swap is done with a key, which is not persisted across reboots. Finally in order for a clean shutdown to happen as reliably as possible, it need to be possible to unmount all file systems, even if there is insufficient RAM to disable swap. In this respect a swap file will always be less reliable than a swap partition.
-
Stephan Henningsen over 7 yearsI added this step to the accepted answer so everything is contained in there.
-
KrisWebDev over 7 yearsIt probably misses an
update-initramfs -u
at the end, in order for the initamfs cryptroot hook script to embed the kernel drivers (aes, sha256, etc) in the initramfs, to be effective after reboot.