Ubuntu

swap dont work with encrypted home

Asked by tres86dx

I have this problem in 14.04 but it is happening since 12.04, see report in bug, Bug #1186811

I had found a workaround that work with 14.02 post #7 (in the bug report). But it not work in 14.04

I want to manually set a root, swap and home partition and encrypt home during the installation. I choose "something else" in the setup. After the installation ubuntu is working well, but without swap partition.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
Rusty Shackleford
Solved:
Last query:
Last reply:
Revision history for this message
Best Rusty Shackleford (shackleford071250) said : 		#1

The solution I found was to use a device path reference in /etc/crypttab instead of the UUID. On my example swap was installed on /dev/sda6, so the line in /etc/cryptab is:

cryptswap1 /dev/sda6 /dev/urandom swap,cipher=aes-cbc-essiv:sha256

Seems to work fine for laptops. Some sources suggest using the disk by-id reference instead. Haven't tried that though. The by-id reference can be found by looking at the output of ls -l /dev/disk/by-id/ and noting which is associated with the swap partition you setup during install.

Revision history for this message
Rusty Shackleford (shackleford071250) said : 		#2

I finally got the time to look at the bug report you linked to and saw that my response is kind of the reverse of what it has: it changes a /dev/... reference to a UUID. It also comments out the line in fstab. My understanding is the problem arises because the UUID is changes each time at startup for the swap partition when you have enabled encryption and this is why you need to use the /dev/... or by-id references.

I have not made any changes to fstab, and as mentioned use /dev/sd... I've successfully set up four Ubuntu 14.04 systems for people this way and swap is working on all of them. So maybe try along these lines again.

I found the solution I used and the by-id method as the accepted answer at this link: http://askubuntu.com/questions/462775/swap-not-working-on-clean-14-04-install-using-encrypted-home

I would think this is a higher priority bug since it is a potential security risk.

Revision history for this message
tres86dx (tres86dx-ubuntu) said : 		#3

Rusty Shackleford: Thanks very much, for your quickly answer. I supposed that the problem were with the partition ID, but I don't knew how solve it.
When I replaced the uuid with dev/sdxx in the fstab and crypptab files the problem was solved.I restarted the system several times and always with swap memory activated. I tested with free -m command and tried to encrypt the swap again with sudo ecryptfs-setup-swap command and the system answer is: WARNING: [/dev/mapper/cryptswap1] already appears to be encrypted, skipping.

For this reason I assume that all is well.

I reported the bug two years ago and is still not fixed.

I agree with you than is important bug, for two reason the security and the swap memory in herself. I have plenty of ram memory and can work without swap, but maybe for other people is not the case.

And the workaround is not easy to deploying for the most users.

Thanks again

best regards

Revision history for this message
tres86dx (tres86dx-ubuntu) said : 		#4

Thanks Rusty Shackleford, that solved my question.