← Back to branch summary

~ubuntu-branches/ubuntu/maverick/cryptsetup/maverick-proposed

~ubuntu-branches/ubuntu/maverick/cryptsetup/maverick-proposed

« back to all changes in this revision

Viewing changes to debian/CryptoSwap.HowTo

Committer: Bazaar Package Importer
Author(s): Reinhard Tartler
Date: 2008-08-30 17:52:16 UTC
Revision ID: james.westby@ubuntu.com-20080830175216-x6fwmbepq0nb45cx

Tags: 2:1.0.6-6ubuntu1

https://launchpad.net/bugs/110970

https://launchpad.net/bugs/139363

https://launchpad.net/bugs/151532

* drop almost all ubuntu specific changes from the cryptsetup package,
  because they have been merged in debian. Thanks a lot!
* merge from debian, remaining changes:
  - remove versioned build-depency on libdevmapper-dev, we are using a
    rather sophisticated loop for making sure the root filesystem appears.
* debian/rules: fix location of ltmain.sh
* don't exit usplash anymore in the init script. LP: #110970, #139363
* Disable error message 'failed to setup lvm device'. It is harmless, and
  caused by the fact that the udev rules provided by lvm2 are setting up
  the lvm on their own. In debian the scripts here are responsible for this
  but obviously fail in ubuntu. LP: #151532

files added:
debian/README.source

files removed:
debian/CryptoSwap.HowTo

debian/TODO

debian/doc/cryptdisks_start.8

debian/doc/cryptdisks_stop.8

debian/doc/crypttab.5

debian/doc/variables.xml

debian/scripts/decrypt_old_ssl

debian/scripts/gen-old-ssl-key

debian/usbcrypto.udev

files modified:
debian/CheckSystem.Doc

debian/NEWS

debian/README.Debian

debian/README.initramfs

debian/askpass.c

debian/changelog

debian/control

debian/copyright

debian/cryptdisks.functions

debian/doc/cryptdisks_start.xml

debian/doc/cryptdisks_stop.xml

debian/doc/crypttab.xml

debian/doc/manpages.xml

debian/doc/variables.xml.in

debian/docs

debian/initramfs/cryptopensc-hook

debian/initramfs/cryptroot-hook

debian/initramfs/cryptroot-script

debian/passdev.c

debian/patches/02_manpage.patch

debian/preinst

debian/rules

debian/scripts/cryptdisks_start

debian/scripts/cryptdisks_stop

debian/scripts/decrypt_gpg

debian/scripts/decrypt_ssl

debian/watch

Show diffs side-by-side

added added

removed removed

debian/CryptoSwap.HowTo

1

This document describes how to configure an encrypted swap partition

2

on Debian systems. An encrypted swap partition prevents spying on

3

plaintext secrets (passwords) that may be written to disk when memory

4

is swapped to disk.

5

6

First deactivate your swap: swapoff -a

7

8

Your /etc/fstab file should have a swap entry like this (/dev/hda9

9

might be a different partition on your system):

10

# <file system> <mount point> <type> <options> <dump> <pass>

11

/dev/hda9 none swap sw 0 0

12

13

Now just replace /dev/hda9 (or whatever your swap partition is)

14

with the new device name /dev/mapper/cswap:

15

# <file system> <mount point> <type> <options> <dump> <pass>

16

/dev/mapper/cswap none swap sw 0 0

17

18

After that add an entry in /etc/crypttab (replace /dev/hda9 with

19

your own swap partition):

20

# <target name> <source device> <key file> <options>

21

cswap /dev/hda9 /dev/random swap,cipher=aes-cbc-plain,size=128,hash=ripemd160

22

23

Now start your crypted device: /etc/init.d/cryptdisks start

24

And reactivate your swap: swapon -a

25

26

Thats it! You have a crypted swap device. Note that the

27

/dev/random device might not generate enough random bytes, so the boot

28

process can wait indefinitely unless you press some keys on your

29

keyboard. To be sure that booting is not interrupted, use the (less

30

secure) /dev/urandom device instead.

31

32

Read the crypttab(5) manpage for more information, for example options

33

to use a different encryption algorithm than the default.

34

Older »