View previous topic :: View next topic |
Author |
Message |
noqrax n00b
Joined: 04 Oct 2016 Posts: 51
|
Posted: Mon Nov 07, 2016 9:32 am Post subject: [SOLVED]OpenRC and cryptdm for encrypting swap partition |
|
|
Hello,
I have very unsafe configuration of my system due to:
/etc/conf.d/dmcrypt
Code: | swap=swap
source='/dev/sda2'
options='-c aes-xts-plain64 -s 256 -h sha256 -d /dev/urandom' |
If I change hdd layout it can potentionally overwrite my data during loading. I need label or id to define source. Can u help me with syntax?
Last edited by noqrax on Mon Nov 07, 2016 5:20 pm; edited 1 time in total |
|
Back to top |
|
|
Apheus Guru
Joined: 12 Jul 2008 Posts: 422
|
Posted: Mon Nov 07, 2016 10:35 am Post subject: |
|
|
dmcrypt supports the same UUID and PARTUUID syntax as fstab. From the comments in the file:
Quote: | # Arguments:
#-----------
# target=<name> == Mapping name for partition.
# swap=<name> == Mapping name for swap partition.
# source='<dev>' == Real device for partition.
# Note: You can (and should) specify a tag like UUID
# for blkid (see -t option). This is safer than using
# the full path to the device. |
However, since UUID is a filesystem property, and the swap filesystem gets regenerated at every boot, you have to use PARTUUID (which is a partition property):
Code: | swap=swap
source="PARTUUID=xxxxxxxx-01"
options="-c aes-xts-plain64 -s 256 -d /dev/urandom" |
Use "blkid" to find your PARTUUID.
The -h option is of no use because the key is not calculated from a passphrase/file, but read in directly from urandom. Newer cryptsetup versions print a hint about that if -h is present. _________________ My phrenologist says I'm stupid. |
|
Back to top |
|
|
noqrax n00b
Joined: 04 Oct 2016 Posts: 51
|
Posted: Mon Nov 07, 2016 5:19 pm Post subject: |
|
|
Thank you! |
|
Back to top |
|
|
|