Swap not working on clean 14.04 install using encrypted home
Solution 1
Known Bug
There is a bug (see below) that overwrites the UUID
for the partition as soon as data is written to it. Therefore, you cannot use the UUID
to reference the partition to use for encrypted swap.
These days, swap space is hardly ever used. On my machine, swap is only used when I open my 40th tab. When I have no swap, suddenly my computer starts lagging and the browser closes itself. Or in the case of the Chromium
browser, a lot of tabs will suddenly 'die'.
For this reason, referencing /dev/disk/by-uuid/
in your /etc/crypttab
might seem to be working for a while, but as soon as your swap space is actually used, it will overwrite the UUID
because the entire partition is used for encrypted data storage.
Easy Fix
The easy fix is to reference the swap partition by device in your /etc/crypttab
, e.g.:
cryptswap1 /dev/sda5 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
Warning: this is probably safe on a laptop (I use it like this), but if you are on a desktop with swappable drives or have other reasons for changing the drive/partition layout, you don't want to do this, as a normal storage partition might suddenly be used for swap.
Note: You need to reboot for this change to take effect, because only when booting will /dev/mapper/cryptswap1
be created.
Proper Fix
The proper way to fix this is to make sure the part of the raw partition that stores the UUID
is not overwritten by encrypted swap data, so it will still be there on reboot. However, I'm not sure where the UUID
is written and how much bytes it takes up. You could, at your own risk, test it like so:
cryptswap1 UUID=abe3c568-c8fd-4dfb-b8e9-0520d442dd61 /dev/urandom swap,offset=36,cipher=aes-cbc-essiv:sha256
Note the offset=36
.
Please if you have an Ubuntu One account log in and go to Bug #1310058 on Launchpad and choose (or click here): "This bug affects me too" so the bug will gain 'popularity' and is more prone to get fixed.
Update 2014-10-27
I also stumbled upon this. Not verified by me. It looks like offset
trick with more verbosity and comments about rebuilding a broken swap.
https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1310058/comments/22
Solution 2
I was having the same exact problem in Ubuntu 14.04 and came across this thread; this link that mutant provided worked well for me. I used the /dev/disk/by-id
reference rather than the /dev/sdXY, as that reference is not always pointing to the same physical partition. My /etc/crypttab
ended up like:
cryptswap1 /dev/disk/by-id/wwn-0x500...-part6 /dev/urandom swap, cipher=aes-cbc-essiv:sha256
Solution 3
Just use an unencrypted swap
... and keep /home encrypted
I tried a couple of the other solutions suggested here. Even though they kept working after a hot reboot, eventually they all failed after a shutdown and cold restart.
This tells us we are actually dealing with a double bug:
- The UUID of the swap drive gets overridden by the encryption system, and
- There is a timeout issue during booting.
These thoughts are also reflected in the comments to the pertaining bug filed at Launchpad. However, with the pending move from Upstart to systemd, little is done to resolve the bug on current LTS systems.
At this point, the following thoughts crossed my mind:
- During system installation, I asked to only encrypt my
\home
partition, nothing else. - The risks involved with not having an encrypted swap partition are rather limited.
- It is up to Canonical to clean up their act. I will waste no more time with this.
So, here is my solution to restore the swap as a normal, unencrypted swap without having to reinstall the whole operating system.
- If you have not done so already, install
blkid
:$ sudo apt-get install blkid
- Edit
/etc/crypttab
and delete the wholecryptswap1
line:$ sudo nano /etc/crypttab
- Start GParted from the system Settings menu.
- You will see a partition with an exclamation mark. This should be the faulty swap partition.
Carefully select it and reformat it to a
linux-swap
partition. After having applied this operation, you are informed about the new UUID of the restored normal swap partition. You are offered an opportunity to save this information. If you do not, know that you can always retrieve the new UUID from the command line withblkid
:$ sudo blkid
-
Now, it is time to restore
/etc/fstab
to its old glory:$ sudo nano /etc/fstab
- Remove the entire line containing a reference to
/dev/mapper/cryptswap1
. - Uncomment the old
swap
line by removing the hash#
in front ofUUID=...
. - Now, replace the old UUID with the new one obtained earlier.
- Write the file out by hitting Ctrl+O and exit
nano
with Ctrl+X.
- Remove the entire line containing a reference to
- Once done all that, you can already start using the new unencrypted swap with:
$ sudo swapon -a
- This solution survives both hot reboots and shutdown with cold restart.
Solution 4
Have a look at this. I fixed this issue by simply replacing UUID=... with /dev/sda3 in /etc/crypttab.
Related videos on Youtube
Jacin Montava
Updated on September 18, 2022Comments
-
Jacin Montava over 1 year
I'm trying to add menuitem to a submenu but I do not get them added to the id item that I am going through.
What I add by code is created at the end but what I want is that it is added to the 'R.id.sidemenu_groups' sub-menu that I have created in XML.
This is the code:
<?xml version="1.0" encoding="utf-8"?>
<group android:id="@+id/sidemenu_principal" android:checkableBehavior="single"> <item android:id="@+id/nav_user_contacts" android:icon="@drawable/ic_menu_gallery" android:title="Favoritos" /> <item android:id="@+id/nav_team_contacts" android:icon="@drawable/ic_menu_gallery" android:title="Contactos de la empresa" /> <!--<item android:id="@+id/nav_slideshow" android:icon="@drawable/ic_menu_slideshow" android:title="Registro" /> <item android:id="@+id/nav_manage" android:icon="@drawable/ic_menu_manage" android:title="Favoritos" />--> </group> <item android:id="@+id/sidemenu_groups" android:title="Departamentos"> <menu android:checkableBehavior="single"> <item android:id="@+id/add_item" android:icon="@drawable/ic_menu_manage" android:title="Add Item" /> </menu> </item> <item android:title="Ajustes"> <menu android:id="@+id/sidemenu_other"> <item android:id="@+id/nav_settings" android:icon="@drawable/ic_menu_manage" android:title="Ajustes" /> <item android:id="@+id/nav_send" android:icon="@drawable/ic_menu_send" android:title="Send" /> </menu> </item>
private void makeMenu() { final Menu menu = navigationView.getMenu(); final SubMenu subMenu = menu.addSubMenu("Departamentos"); subMenu.add(R.id.sidemenu_groups, Menu.CATEGORY_SECONDARY, 0, "Menu3"); }
How can I add diferents items to R.id.sidemenu_groups?
Thanks in advance
-
Anake about 10 yearsI don't know anything about encrypted partitions, but that first error suggests that the swap partition hasn't been mounted. Also the mounting line for it in the /etc/fstab is commented out. I would try just uncommenting that line and restarting to check if that fixes it
-
ajn about 10 yearsI'm quite sure that it is supposed to be commented out and the cryptswap1 line is responsible for mounting it indirectly using the information in /etc/crypttab. Your suggestion would surely mount it in an unencrypted fashion?
-
Admin about 10 yearsWill this work? https://ubuntuforums.org/showthread.php?t=2224129 I am unsure about some of the commands and I don't want to screw up Ubuntu.
-
ajn about 10 yearsIt looks similiar to what I tried, I would expect it to work for one reboot then stop working again once you've activated the encrypted swap for the first time.
-
ajn about 10 yearsFor the moment I've just gone back to using regular swap. The main scenario I'm using encryption against is if someone steals my laptop and someone with moderate linux skills decided to poke around to see if they can find something interesting, i.e most likely just try to boot using usb and mount my home partition. I don't have anything that I believe someone would find valuable enough to try to start recovering fragments of it from the swap. It really should be an install option to use encrypted home + regular swap.
-
adosaiguas almost 10 yearsI followed the solution described in the link provided by @Simon and it dis work for me.
-
αғsнιη over 9 yearsSee this answer of mine. I hope it helps.
-
-
tomasb almost 10 yearsthis issue is very old i wonder why they didn't fixed it already, now i am facing the same problem with my desktop and can't get it running, fixed it on my laptop in the past but can't remember how :(
-
Paul Williams over 9 yearsrun "sudo fdisk -l" first to check what your swap partition is called, it may be "/etc/sda5" or other, then edit cryptab as described by mutant. This worked for me and survives a reboot. This is definitely a bug as I got this problem with a fresh install on a new SSD. I did go for the "encrypt home directory" option at install, much better to encrypt /home after installation, especially if you are copying over files from an old /home from a previous installation.
-
Aman Alam over 9 yearsThe
sudo fdisk -l
was something nobody was telling. Thanks for this! :) -
Tommy Trussell about 9 yearsI just want to note the bug is being tracked at bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/953875 as of a few days ago (mid March 2015) the status is "fixed released," though that fix only explicitly applies to 15.04. I'm looking to see whether it's being backported to 14.04 LTS... and what the "official" update procedure might be
-
Redsandro about 9 years@TommyTrussell: Not backporting would be crazy for LTS. Bugs for crucial things like this still open almost a year after release is why even the biggist Linux distros will never be on par with OSX and Windows. Unfortunately.
-
Tommy Trussell about 9 yearsI am not aware of public discussion of bugs as they are being fixed in OSX and Windows, so how can they be "on par"? In my experience with OSX, bugs get fixed or not; no public discussion, so they are "opaque." I merely mentioned the new bug number (because the one you linked had been marked duplicate) so you could update your reference. As you can see from the discussion at the forum posting mentioned in Bug 953875, the most stable fix might differ depending on the init system, which is changing in 15.04. SO the 14.04 fix may have technical challenges for forward compatibility.
-
Redsandro about 9 yearsI'm merely saying you'll never see something like "Oh by the way, SWAP is broken" on a system like Windows or OSX. This is the kind of core functionality that would never get RTM before being tested and fixed. That's all. As for security, no public discussions but there's still statistics.
-
Serge Stroobandt about 9 yearsThis is the proper & easy fix!
-
fifaltra over 8 yearsThis is the only answer that worked for me, although I tried everything else.
-
Leon Hennessy about 8 yearsIn gparted my swap partition has the boot flag. Will this still work, or will I be left unable to boot up?
-
underscore_d almost 8 yearsYou should at least warn people that
/dev/sd*
paths can change on a whim and lead to the wrong partition being destroyed by swap data./dev/disk/by-id
is superior. -
Serge Stroobandt almost 8 years@ChristianSkjødt Your swap partition should not have its boot flag set. Anyhow, above procedure would not affect any of that.
-
Jacin Montava over 6 yearsThanks but I need the three items inside this: [code]<item android:title="Departamentos"> <menu android:id="@+id/sidemenu_groups" android:checkableBehavior="single"> <!--- I need the items here --> <item android:id="@+id/add_item" android:icon="@drawable/ic_menu_manage" android:title="Add Item" /> </menu> </item>
-
Alok over 6 yearsSee the edits in my answer and try to implement and tell me whether you are getting the desired result
-
Jacin Montava over 6 yearsI'm sorry but I dont have enough reputation :(
-
Umar Ata over 6 yearsplease post complete answer with proper explanation and reference links to your answer, and try to post the code ass well to propose a proper solution