View previous topic :: View next topic |
Author |
Message |
elover Apprentice
Joined: 20 Nov 2019 Posts: 170 Location: Spain
|
Posted: Thu Aug 01, 2024 10:23 am Post subject: What would be the perfect way to encrypt the swap? |
|
|
Following the wiki, they do it with a file, and creating a couple of scripts to mount and format, I have done exactly the same, but not with a file, but with a partition. Everything mounts fine but in the boot log it shows me that it does not find the partition.
Now I wonder if it can be mounted without having to format at each boot.
These are the steps I have done
cat /etc/local.d/swap.start
cryptsetup -d /etc/keys/swap.key open /dev/md/gentoo:swap cryptswap
mkswap /dev/mapper/cryptswap
swapon /dev/mapper/cryptswap
cat /etc/local.d/swap.stop
swapoff /dev/mapper/cryptswap
cryptsetup close cryptswap
cat /etc/conf.d/dmcrypt
swap=cryptswap
source=/dev/md/gentoo:swap
key=/etc/keys/swap.key
options='--key-file /etc/keys/swap.key'
The error: swapon: can't open /dev/mapper/cryptswap: File or directory does not exist |
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3419
|
Posted: Thu Aug 01, 2024 12:04 pm Post subject: |
|
|
The easiest way to do that is LVM on LUKS, which allows you to encrypt everything except for boot. You seem to have gotten creative though.
Is it a valid device path? /dev/md/gentoo:swap? : is not a common character, are you sure it's not e.g. substituted with - by the devicemapper/udev/whatever manages human-readable links?
Also, show us your lsblk _________________ Make Computing Fun Again |
|
Back to top |
|
|
elover Apprentice
Joined: 20 Nov 2019 Posts: 170 Location: Spain
|
Posted: Thu Aug 01, 2024 12:29 pm Post subject: |
|
|
I will try what you tell me
Edit: I remember that with /dev/md126 and /dev/md127 when I boot it changes, sometimes md126 is the root and sometimes the swap
Code: | lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 465,8G 0 disk
├─sda1 8:1 0 1G 0 part /boot/efi
├─sda2 8:2 0 8G 0 part
│ └─md127 9:127 0 47,9G 0 raid0
│ └─cryptswap 252:1 0 47,9G 0 crypt [SWAP]
└─sda3 8:3 0 456,8G 0 part
└─md126 9:126 0 2,3T 0 raid0
└─luks-513d955b-eebd-4095-8f7f-9e93902811b2 252:0 0 2,3T 0 crypt /
sdb 8:16 0 476,9G 0 disk
├─sdb1 8:17 0 1G 0 part
├─sdb2 8:18 0 8G 0 part
│ └─md127 9:127 0 47,9G 0 raid0
│ └─cryptswap 252:1 0 47,9G 0 crypt [SWAP]
└─sdb3 8:19 0 467,9G 0 part
└─md126 9:126 0 2,3T 0 raid0
└─luks-513d955b-eebd-4095-8f7f-9e93902811b2 252:0 0 2,3T 0 crypt /
sdc 8:32 0 476,9G 0 disk
├─sdc1 8:33 0 1G 0 part
├─sdc2 8:34 0 8G 0 part
│ └─md127 9:127 0 47,9G 0 raid0
│ └─cryptswap 252:1 0 47,9G 0 crypt [SWAP]
└─sdc3 8:35 0 467,9G 0 part
└─md126 9:126 0 2,3T 0 raid0
└─luks-513d955b-eebd-4095-8f7f-9e93902811b2 252:0 0 2,3T 0 crypt /
sdd 8:48 0 465,8G 0 disk
├─sdd1 8:49 0 1G 0 part
├─sdd2 8:50 0 8G 0 part
│ └─md127 9:127 0 47,9G 0 raid0
│ └─cryptswap 252:1 0 47,9G 0 crypt [SWAP]
└─sdd3 8:51 0 456,8G 0 part
└─md126 9:126 0 2,3T 0 raid0
└─luks-513d955b-eebd-4095-8f7f-9e93902811b2 252:0 0 2,3T 0 crypt /
sde 8:64 0 223,6G 0 disk
├─sde1 8:65 0 1G 0 part
├─sde2 8:66 0 8G 0 part
│ └─md127 9:127 0 47,9G 0 raid0
│ └─cryptswap 252:1 0 47,9G 0 crypt [SWAP]
└─sde3 8:67 0 214,6G 0 part
└─md126 9:126 0 2,3T 0 raid0
└─luks-513d955b-eebd-4095-8f7f-9e93902811b2 252:0 0 2,3T 0 crypt /
sdf 8:80 1 0B 0 disk
sdg 8:96 1 0B 0 disk
sdh 8:112 0 256,2G 0 disk
├─sdh1 8:113 0 1G 0 part
├─sdh2 8:114 0 8G 0 part
│ └─md127 9:127 0 47,9G 0 raid0
│ └─cryptswap 252:1 0 47,9G 0 crypt [SWAP]
└─sdh3 8:115 0 247,2G 0 part
└─md126 9:126 0 2,3T 0 raid0
└─luks-513d955b-eebd-4095-8f7f-9e93902811b2 252:0 0 2,3T 0 crypt / |
Last edited by elover on Thu Aug 01, 2024 12:32 pm; edited 1 time in total |
|
Back to top |
|
|
grknight Retired Dev
Joined: 20 Feb 2015 Posts: 1909
|
Posted: Thu Aug 01, 2024 12:30 pm Post subject: |
|
|
If you use the dmcrypt init script, do not use local.d scripts in addition to it.
The dmcrypt init prepares the swap to be mounted automatically. Then, since you should list swap in fstab, the swap script will come after dmcrypt and do swapon as normal.
The question of the source from szatox is still valid and should be clarified.
edit: What does ls /dev/mapper output as well |
|
Back to top |
|
|
elover Apprentice
Joined: 20 Nov 2019 Posts: 170 Location: Spain
|
Posted: Thu Aug 01, 2024 12:36 pm Post subject: |
|
|
I remember that with /dev/md126 and /dev/md127 when I boot it changes, sometimes md126 is the root and sometimes the swap
Quote: | lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 465,8G 0 disk
├─sda1 8:1 0 1G 0 part /boot/efi
├─sda2 8:2 0 8G 0 part
│ └─md126 9:126 0 47,9G 0 raid0
└─sda3 8:3 0 456,8G 0 part
└─md127 9:127 0 2,3T 0 raid0
└─luks-513d955b-eebd-4095-8f7f-9e93902811b2 252:0 0 2,3T 0 crypt /
sdb 8:16 0 476,9G 0 disk
├─sdb1 8:17 0 1G 0 part
├─sdb2 8:18 0 8G 0 part
│ └─md126 9:126 0 47,9G 0 raid0
└─sdb3 8:19 0 467,9G 0 part
└─md127 9:127 0 2,3T 0 raid0
└─luks-513d955b-eebd-4095-8f7f-9e93902811b2 252:0 0 2,3T 0 crypt /
sdc 8:32 0 476,9G 0 disk
├─sdc1 8:33 0 1G 0 part
├─sdc2 8:34 0 8G 0 part
│ └─md126 9:126 0 47,9G 0 raid0
└─sdc3 8:35 0 467,9G 0 part
└─md127 9:127 0 2,3T 0 raid0
└─luks-513d955b-eebd-4095-8f7f-9e93902811b2 252:0 0 2,3T 0 crypt /
sdd 8:48 0 465,8G 0 disk
├─sdd1 8:49 0 1G 0 part
├─sdd2 8:50 0 8G 0 part
│ └─md126 9:126 0 47,9G 0 raid0
└─sdd3 8:51 0 456,8G 0 part
└─md127 9:127 0 2,3T 0 raid0
└─luks-513d955b-eebd-4095-8f7f-9e93902811b2 252:0 0 2,3T 0 crypt /
sde 8:64 0 223,6G 0 disk
├─sde1 8:65 0 1G 0 part
├─sde2 8:66 0 8G 0 part
│ └─md126 9:126 0 47,9G 0 raid0
└─sde3 8:67 0 214,6G 0 part
└─md127 9:127 0 2,3T 0 raid0
└─luks-513d955b-eebd-4095-8f7f-9e93902811b2 252:0 0 2,3T 0 crypt /
sdf 8:80 1 0B 0 disk
sdg 8:96 1 0B 0 disk
sdh 8:112 0 256,2G 0 disk
├─sdh1 8:113 0 1G 0 part
├─sdh2 8:114 0 8G 0 part
│ └─md126 9:126 0 47,9G 0 raid0
└─sdh3 8:115 0 247,2G 0 part
└─md127 9:127 0 2,3T 0 raid0
└─luks-513d955b-eebd-4095-8f7f-9e93902811b2 252:0 0 2,3T 0 crypt /
[/[/code] | code] |
|
Back to top |
|
|
elover Apprentice
Joined: 20 Nov 2019 Posts: 170 Location: Spain
|
Posted: Thu Aug 01, 2024 12:40 pm Post subject: |
|
|
grknight wrote: | If you use the dmcrypt init script, do not use local.d scripts in addition to it.
The dmcrypt init prepares the swap to be mounted automatically. Then, since you should list swap in fstab, the swap script will come after dmcrypt and do swapon as normal.
The question of the source from szatox is still valid and should be clarified.
edit: What does ls /dev/mapper output as well |
If I remove it, it does not mount the swap |
|
Back to top |
|
|
grknight Retired Dev
Joined: 20 Feb 2015 Posts: 1909
|
Posted: Thu Aug 01, 2024 12:42 pm Post subject: |
|
|
elover wrote: | I remember that with /dev/md126 and /dev/md127 when I boot it changes, sometimes md126 is the root and sometimes the swap |
If this is the case, then use a PARTUUID or UUID as the source if the swap is meant to be on a RAID directly (found with the blkid command). e.g. source=UUID=abcd-dddd
If RAID devices are not discovered in time, then I would suggest adding rc_dmcrypt_want="mdraid" in /etc/rc.conf as well.
elover wrote: | If I remove it, it does not mount the swap |
Then the conf.d/dmcrypt or fstab is not configured correctly. Also ensure that dmcrypt is part of the boot runlevel.
Edit: For reference, here is a personal example that creates /dev/mapper/crypt-swap (comments removed):
Code: | rc_need="lvm"
dmcrypt_key_timeout=1
dmcrypt_retries=5
swap=crypt-swap
source='/dev/mapper/lvm-swap' |
Then my fstab looks like: Code: | /dev/mapper/crypt-swap none swap sw 0 0 |
|
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3419
|
Posted: Thu Aug 01, 2024 2:20 pm Post subject: |
|
|
Well, there's already some good info here, so I'll just add one more thing:
I don't know what raid mode you're using for SWAP, but it is definitely suboptimal.
6 individual partitions would give you more capacity, more IO, and probably some access pattern optimization at the cost of crashing something in case of a disk failure. In the unlikely case you really really can't afford crashing any swapped out process, 3 SWAPs on 2-disk mirrors would still create less artificial load than your current setup. _________________ Make Computing Fun Again |
|
Back to top |
|
|
elover Apprentice
Joined: 20 Nov 2019 Posts: 170 Location: Spain
|
Posted: Thu Aug 01, 2024 2:55 pm Post subject: |
|
|
Does not mount swap, but manual does
sudo cryptsetup luksOpen /dev/md/gentoo:swap -d /etc/keys/swap.key cryptswap
sudo swapon /dev/mapper/cryptswap
Code: | free -m
total usado libre compartido búf/caché disponible
Mem: 32002 3498 26525 213 2518 28504
Inter: 49079 0 49079 |
Code: | sudo blkid
/dev/sdd2: UUID="8d88f432-51eb-4c2f-b908-5ccf62f63f8e" UUID_SUB="11ff86f3-fa00-5e7a-7907-85b1128c0b2c" LABEL="gentoo:swap" TYPE="linux_raid_member" PARTUUID="7ee5be16-082d-4a45-9d83-8a1a960e8585"
/dev/sdd3: UUID="fe8503b5-ea54-486e-b43c-b91f665fcc9f" UUID_SUB="9c3a5125-5a56-1078-5de4-011f3bedd6f1" LABEL="gentoo:root" TYPE="linux_raid_member" PARTUUID="60e1b197-92e6-4f7e-9394-39994eb299c7"
/dev/sdd1: UUID="DF9D-4F07" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="733eca43-01b9-434b-85ab-aeef5675b0f2"
/dev/md127: UUID="07d0e21f-f59b-4421-9da5-63aa18945ab9" TYPE="crypto_LUKS"
/dev/sdb2: UUID="8d88f432-51eb-4c2f-b908-5ccf62f63f8e" UUID_SUB="90737658-b034-716f-b073-87a8e22e7555" LABEL="gentoo:swap" TYPE="linux_raid_member" PARTUUID="9021898e-72f2-4c92-9a4f-0fca7aa38be0"
/dev/sdb3: UUID="fe8503b5-ea54-486e-b43c-b91f665fcc9f" UUID_SUB="0ac19470-fdf8-4f16-48d5-39d22efedf4f" LABEL="gentoo:root" TYPE="linux_raid_member" PARTUUID="f6257c3c-a090-41b3-89d0-33cc5f7e5e6a"
/dev/sdi1: BLOCK_SIZE="2048" UUID="2024-07-01-18-09-00-00" LABEL="ARCH_202407" TYPE="iso9660" PARTUUID="c862cd74-01"
/dev/sdi2: LABEL_FATBOOT="ARCHISO_EFI" LABEL="ARCHISO_EFI" UUID="0F18-AE4A" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="c862cd74-02"
/dev/mapper/luks-513d955b-eebd-4095-8f7f-9e93902811b2: LABEL="root" UUID="c3f356b6-2045-44c6-90dc-485b8ad57a49" UUID_SUB="a7996395-9d2a-4816-bc0b-0553f53eb546" BLOCK_SIZE="4096" TYPE="btrfs"
/dev/sde2: UUID="8d88f432-51eb-4c2f-b908-5ccf62f63f8e" UUID_SUB="15d798ee-2862-6ffa-fc4e-b62b3e82c8d5" LABEL="gentoo:swap" TYPE="linux_raid_member" PARTUUID="f2e41571-033e-4a7e-be6c-447551f7e299"
/dev/sde3: UUID="fe8503b5-ea54-486e-b43c-b91f665fcc9f" UUID_SUB="2c8285ac-25d8-628d-30c6-11f17889d77f" LABEL="gentoo:root" TYPE="linux_raid_member" PARTUUID="e8d44bdf-3ca7-4d3e-adcc-76be79de3ee1"
/dev/sdc2: UUID="8d88f432-51eb-4c2f-b908-5ccf62f63f8e" UUID_SUB="4f135b73-d9db-0802-f491-77ff42397b5a" LABEL="gentoo:swap" TYPE="linux_raid_member" PARTUUID="d5976e9c-0ebc-47f2-ad1a-f8515b7f9a46"
/dev/sdc3: UUID="fe8503b5-ea54-486e-b43c-b91f665fcc9f" UUID_SUB="80b2b0b1-c536-d48b-f99d-58ab32619fd8" LABEL="gentoo:root" TYPE="linux_raid_member" PARTUUID="aacc47b1-4070-4e48-8ef5-b6db6084b262"
/dev/md126: UUID="513d955b-eebd-4095-8f7f-9e93902811b2" TYPE="crypto_LUKS"
/dev/sda2: UUID="8d88f432-51eb-4c2f-b908-5ccf62f63f8e" UUID_SUB="7f23cdbf-4e2f-c836-9248-f11547c3c58d" LABEL="gentoo:swap" TYPE="linux_raid_member" PARTUUID="096b21b7-d019-4b6b-81d2-21851317c72f"
/dev/sda3: UUID="fe8503b5-ea54-486e-b43c-b91f665fcc9f" UUID_SUB="c2721680-995f-e1f2-6793-9661fb50260d" LABEL="gentoo:root" TYPE="linux_raid_member" PARTUUID="735f21b1-3db6-47fe-9c1a-1df208adb3ed"
/dev/sda1: LABEL_FATBOOT="efi" LABEL="efi" UUID="32AC-BCB2" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="d4fe2104-552d-4ba6-9e00-abb71a4e2c42"
/dev/sdh3: UUID="fe8503b5-ea54-486e-b43c-b91f665fcc9f" UUID_SUB="8f9ba2ec-ad93-5335-d154-4d6a2bc081c2" LABEL="gentoo:root" TYPE="linux_raid_member" PARTUUID="a2427cba-8ca1-4ecd-8638-e2741ed5e0f7"
/dev/sdh2: UUID="8d88f432-51eb-4c2f-b908-5ccf62f63f8e" UUID_SUB="2c8f2352-a0b8-859e-82a2-3cda30a09db5" LABEL="gentoo:swap" TYPE="linux_raid_member" PARTUUID="75b09efe-b6a3-4f1b-9c53-9002c435d419"
/dev/mapper/cryptswap: UUID="dbf64f84-1b03-4383-9cb1-b0c3e30618fd" TYPE="swap"
/dev/sdb1: PARTUUID="1af41589-6e61-41c7-9057-26853c8e8d9d"
/dev/sde1: PARTUUID="38342576-b429-4389-8ecc-37fbb545a402"
/dev/sdc1: PARTUUID="f6121c14-5633-4b1f-b87e-0dc7bdac7147"
/dev/sdh1: PARTUUID="aad2f521-e2b4-4508-9e34-28da05247533" |
/etc/conf.d/dmcrypt
swap=cryptswap
source=UUID=8d88f432-51eb-4c2f-b908-5ccf62f63f8e
key=/etc/keys/swap.key
fstab
Code: | UUID=c3f356b6-2045-44c6-90dc-485b8ad57a49 / btrfs defaults,noatime,compress=zstd,subvol=/root 0 1
UUID=32AC-BCB2 /boot/efi vfat defaults,noatime,fmask=0177,dmask=0077,noexec,nodev,nosuid,discard 0 2
UUID=dbf64f84-1b03-4383-9cb1-b0c3e30618fd none swap defaults,discard 0 0
tmpfs /tmp tmpfs rw,nosuid,nodev,size=4G,mode=1777 0 0
tmpfs /var/tmp/portage tmpfs size=16G,uid=portage,gid=portage,mode=0775,noatime 0 0
|
efisetub
Code: | efibootmgr --verbose --create --disk "/dev/sda" --part "1" --label "gentoo" --loader '\vmlinuz.efi' --unicode 'initrd=\initramfs.img'" rd.vconsole.keymap=es rd.md.uuid=8d88f432:51eb4c2f:b9085ccf:62f63f8e rd.md.uuid=fe8503b5:ea54486e:b43cb91f:665fcc9f rd.luks.uuid=513d955b-eebd-4095-8f7f-9e93902811b2 root=UUID=c3f356b6-2045-44c6-90dc-485b8ad57a49 rd.luks.options=discard" |
|
|
Back to top |
|
|
grknight Retired Dev
Joined: 20 Feb 2015 Posts: 1909
|
Posted: Thu Aug 01, 2024 3:01 pm Post subject: |
|
|
dmcrypt OpenRC service for swap does not use LUKS and does not use "key="
Use the /dev/mapper path in the fstab not a UUID since it is formatted every boot
Make sure that no LUKS header is on the swap device or dmcrypt service will fail
If you want to mimic what dmcrypt is doing, then the command is: cryptsetup -c aes -h sha1 -d /dev/urandom create $target $source
Last edited by grknight on Thu Aug 01, 2024 3:17 pm; edited 1 time in total |
|
Back to top |
|
|
elover Apprentice
Joined: 20 Nov 2019 Posts: 170 Location: Spain
|
Posted: Thu Aug 01, 2024 3:16 pm Post subject: |
|
|
Then I have to remove the key, and remove luks? the swap can not be encrypted with openrc?
because I have done this.
Remove the swap from the fstab
create /etc/local.d/swap.start
cryptsetup -d /etc/keys/swap.key open /dev/md/gentoo:swap cryptswap
swapon /dev/mapper/cryptswap
And now it works and I don't get error in log rc.log Edit: if it shows the luks error, I'm going to leave it unencrypted as I had it before.
log rc.log
Code: |
rc boot logging started at Thu Aug 1 17:08:51 2024
termencoding | * Setting terminal encoding [UTF-8] ...
[ ok ]
hwclock | * Setting system clock using the hardware clock [UTC] ...
dmcrypt | * Setting up dm-crypt mappings ...
keymaps | * Setting keyboard mode [UTF-8] ...
[ ok ]
keymaps | * Loading key mappings [es] ...
[ ok ]
dmcrypt | * The swap you have defined is a LUKS partition. Aborting crypt-swap setup.
[ ok ]
[ ok ]
hostname | * Setting hostname to gentoo from /etc/conf.d/hostname ...
fsck | * Checking local filesystems ...
[ ok ]
fsck |fsck.fat 4.2 (2021-01-31)
loopback | * Bringing up network interface lo ...
sysctl | * Configuring kernel parameters ...
procfs | * Mounting misc binary format filesystem ...
[ ok ]
[ ok ]
[ ok ]
fsck |/dev/sda1: 7 files, 20884/261627 clusters
[ ok ]
binfmt | * Loading custom binary format handlers ...
[ ok ]
root | * Remounting root filesystem read/write ...
[ ok ]
root | * Remounting filesystems ...
[ ok ]
mtab | * Updating /etc/mtab ...
mtab | * Creating mtab symbolic link
[ ok ]
localmount | * Mounting local filesystems ...
[ ok ]
swap | * Activating swap devices ...
seedrng | * Seeding random number generator ...
[ ok ]
seedrng | * Seeding 256 bits and crediting
seedrng | * Saving 256 bits of creditable seed for next boot
systemd-tmpfiles-setup | * Create Volatile Files and Directories ...
[ ok ]
[ ok ]
bootmisc | * Creating user login records ...
[ ok ]
save-termencoding | * Saving terminal encoding ...
save-keymaps | * Saving key mapping ...
[ ok ]
dbus | * Starting dbus ...
[ ok ]
[ ok ]
elogind | * Starting elogind ...
[ ok ]
rc boot logging stopped at Thu Aug 1 17:08:53 2024
rc default logging started at Thu Aug 1 17:08:53 2024
bluetooth | * Starting bluetooth ...
virtlogd | * Starting virtlogd ...
dhcpcd | * Starting DHCP Client Daemon ...
[ ok ]
[ ok ]
sshd | * Starting sshd ...
[ ok ]
sendmail | * Starting sendmail ...
netmount | * Mounting network filesystems ...
libvirtd | * Starting libvirtd ...
[ ok ]
[ ok ]
display-manager | * Starting display-manager ...
[ ok ]
[ ok ]
[ ok ]
local | * Starting local ...
[ ok ]
rc default logging stopped at Thu Aug 1 17:08:56 2024] |
|
|
Back to top |
|
|
gentoo_ram Guru
Joined: 25 Oct 2007 Posts: 502 Location: San Diego, California USA
|
Posted: Thu Aug 01, 2024 10:49 pm Post subject: |
|
|
Is there a reason you need to use a particular key? Is this so you can resume out of swap or something? Otherwise, why do you care about the key for swap?
The default configuration in /etc/conf.d/dmcrypt is to initialize swap with a random key every time the machine boots. The idea is that swap will be encrypted on disk and you can't recover the swap data between boots. That's usually what people want.
/etc/conf.d/dmcrypt:
Code: | # Swap partitions. These should come first so that no keys make their
# way into unencrypted swap.
# If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom
# If no makefs is given then mkswap will be assumed
swap=swap-a
source=/dev/nvme0n1p2
options="-d /dev/urandom"
|
fstab:
Code: | /dev/mapper/swap-a none swap sw,pri=-1 0 0
|
dmsetup table:
Code: | swap-a: 0 16777216 crypt aes-xts-plain64 0000000000000000000000000000000000000000000000000000000000000000 0 259:2 0
|
Change the 'source' to whatever you need and make sure /etc/init.d/dmcrypt is started at the boot level. |
|
Back to top |
|
|
elover Apprentice
Joined: 20 Nov 2019 Posts: 170 Location: Spain
|
Posted: Fri Aug 02, 2024 7:43 am Post subject: |
|
|
In the rc.log I get this:
WARNING: Default encryption options (aes-xts-plain64, key size 256 bits) are being used and may be incompatible with earlier versions of dmcrypt. For unencrypted mode, always use the --cipher, --key-size and, if no key file is used, also --hash options.
Code: |
sudo dmsetup table /dev/dm-1
0 100552704 crypt aes-xts-plain64 0000000000000000000000000000000000000000000000000000000000000000 0 9:126 0 |
Code: | free -h
total usado libre compartido búf/caché disponible
Mem: 31Gi 4,6Gi 24Gi 320Mi 2,7Gi 26Gi
Inter: 47Gi 0B 47Gi |
|
|
Back to top |
|
|
grknight Retired Dev
Joined: 20 Feb 2015 Posts: 1909
|
Posted: Fri Aug 02, 2024 12:30 pm Post subject: |
|
|
elover wrote: | In the rc.log I get this:
WARNING: Default encryption options (aes-xts-plain64, key size 256 bits) are being used and may be incompatible with earlier versions of dmcrypt. For unencrypted mode, always use the --cipher, --key-size and, if no key file is used, also --hash options. |
The options specified by gentoo_ram are incomplete and causing this message.
The default, used by OpenRC, is options="-c aes -h sha1 -d /dev/urandom"
If you want to choose a different cipher and hash, replace as needed but they should be specified to avoid the message (it really doesn't mean much as it is only used once). |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|