[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Questions on boot time crypto-swap for Debian
Dale Amon wrote:
> I'm trying to work out how to cleanly integrate a
> cryptoswap option into the normal rcS.d scripts, but
> seem to be stuck in a catch-22.
>
> I have to set up the swap partition before the first
> swapon -a; this occurs in S10checkroot.sh.
>
> Since a system might be running devfs, I also have
> the constraint of doing it after S01devfsd; so all
> would seem okay... except that I need /dev/urandom,
> and it is not available until S55urandom because it
> writes files in /var/lib.
>
> The root fs is not writeable until after S10checkroot.sh,
> so I can't change the sequence.
>
> Does anyone see a way out of this quandary?
Mount swap partitions after /dev/urandom is initialized (see loop-AES'
README file) or encrypt root partition and you can set up swap partitions
with fixed keys that will be protected by root partition encryption.
Regards,
Jari Ruusu <jari.ruusu@pp.inet.fi>
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/