encrypted swap question
IKnowNot at comcast.net
IKnowNot at comcast.net
Fri Aug 8 11:58:34 UTC 2008
Mike wrote:
> Mike C <mike.cloaked <at> gmail.com> writes:
>
>
>> The /etc/crypttab line has
>> luks-sda6 /dev/sda6 /root/keyfileswap
>> where /root/keyfileswap has been added as another key to the swap partition
>> using cryptsetup lukesAddKey
>>
>
> Seems this is in bugzilla:
> https://bugzilla.redhat.com/show_bug.cgi?id=448665
>
>
>
Is this a bug or a feature?
Either way it is annoying.
As for the proposed fix, what if you don’t use crypttab?
And what if you don’t use /dev/urandom?
I have used a heavily modified rc.sysinit for the last several versions
of Fedora calling a custom script to mount 5 LUKS partitions.
mkinitrd in F9 now breaks everything.
My solution ( work around ) has been to turn swap off and un-mapp the
swap partition just before I do a kernel install. This way mkinitrd
does not see it. Upon reboot it gets mounted through my scripts and
fstab ( in your case crypttab )
There is also an option during install to use a global LUKS passphrase.
Would that have been a solution for you ( Mike C. ) for your test box?
Anyone know how and where Fedora stores that passphrase for use? Is it
a security issue?
More information about the users
mailing list