Ubuntu
devicekit-power package

  1. Bug #423608
  2. Comment #17

Comment 17 for bug 423608

Revision history for this message
In , Dustin Kirkland  (kirkland) wrote :

Sorry for the delay. I haven't had much time to devote to eCryptfs lately.

So this is shell, rather than C code, but here's the script that we use to setup the encrypted swap.

http://bazaar.launchpad.net/~ecryptfs/ecryptfs/ecryptfs-utils/annotate/head%3A/src/utils/ecryptfs-setup-swap

Toward the bottom, you can see a series of "warn" calls, that check if the device is already setup for encryption.

Basically, on my system with encrypted swap, I have:

kirkland@x200:~$ cat /proc/swaps
Filename Type Size Used Priority
/dev/mapper/cryptswap1 partition 4803392 35872 -1
kirkland@x200:~$ cat /etc/crypttab
# <target name> <source device> <key file> <options>
cryptswap1 /dev/sda5 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
kirkland@x200:~$ grep swap /etc/fstab
# swap was on /dev/sda5 during installation
#UUID=0f683971-6543-46cf-ab65-ff332df913b9 none swap sw 0 0
/dev/mapper/cryptswap1 none swap sw 0 0

This will be relatively standard for Ubuntu encrypted-swap setups, and a pretty straight-forward, frequently-used way of doing this. However, I doubt that this is the be-all, end-all of ways to encrypt swap.

I think you should be able to loop over the swap partitions in /proc/swaps, looking for matches in /etc/crypttab should do it. It would *certainly* be better than what we have now, which is nothing.

:-Dustin

:-Dustin