Ubuntu
initramfs-tools package

[PATCH] allow resume from LUKS encrypted swap partition

Bug #91867 reported by Gabriel Ambuehl
18
Affects Status Importance Assigned to Milestone
initramfs-tools (Ubuntu)
Incomplete
Wishlist
Unassigned
Nominated for Hardy by Eric Shattow

Bug Description

Binary package hint: initramfs-tools

The attached patch allows to suspend and resume to a LUKS encrypted swap partition. This means that all data (including passwords) that would otherwise be written to disk in plain text will be encrypted.

To make use of the patch, you must
* create a LUKS encrypted partition
* activate the device with cryptsetup luksOpen
* run mkswap on it and enter it in fstab as swap
* change your kernel's resume=* line to
resume=LUKS=/name/of/harddiskpartition:devicemapper name (actual process depends on the bootloader used)
For example resume=LUKS=/dev/hda3:cryptswap
* then run update-initramfs to build a new initramfs.

You will then be asked to provide the password for the swap partition upon boot and the script will try to resume from it. If it can't find swsuspend signatures, boot will continue. The script will also automatically setup correct suspend device for swsuspend.

I have extensively tested this on Feisty.

See original description
Revision history for this message
Gabriel Ambuehl (gabriel-ambuehl) wrote :

resume from LUKS encrypted swap patch

description: updated
Revision history for this message
jmc (launchpad-dodgeit) wrote :

Thanks a lot for your patch! Seems to work really well for me!
I hope it makes it into Feisty release!!

Revision history for this message
jmc (launchpad-dodgeit) wrote :

Works also well together with https://launchpad.net/bugs/85640 and the patch from Carsten Schabacker

Revision history for this message
Daniel Holbach (dholbach) wrote :

Is the patch still applicable in Hardy?

Also to get your fix included in Ubuntu, it would help if you tried transforming it into a debdiff (http://wiki.ubuntu.com/PackagingGuide/Recipes/Debdiff) and submit it for review (http://wiki.ubuntu.com/SponsorshipProcess). If you prefer somebody else to do that, that's fine - please just indicate if you're available to do that.

Revision history for this message
Gabriel Ambuehl (gabriel-ambuehl) wrote : Re: [Bug 91867] Re: [PATCH] allow resume from LUKS encrypted swap partition

What's the deadline for that?

Revision history for this message
Daniel T Chen (crimsun) wrote :

Is this issue relevant in 8.10 still? It's too late to push into 8.10 if so, but we can try for 9.04.

Changed in initramfs-tools:
status: New → Incomplete
Revision history for this message
Dimitrios Symeonidis (azimout) wrote :

setting back to new, importance wishlist
related redhat thread: https://bugzilla.redhat.com/show_bug.cgi?id=247794

Changed in initramfs-tools:
importance: Undecided → Wishlist
status: Incomplete → New
Revision history for this message
Michael Evans (mjevans1983) wrote :

I confirm that this patch works for me, though it does ask me to decrypt my root partition prior to resuming from swap (which is an un-necessary entry of a password, unless it's checking the disk for resume entries/info first; though it mounts / after it checks resume so I doubt that is the case).

Revision history for this message
Thomas Hotz (thotz-deactivatedaccount) wrote :

Can somebody implement this patch or is it already implemented?

Changed in initramfs-tools (Ubuntu):
status: New → Confirmed
status: Confirmed → Incomplete
Revision history for this message
Wladimir Palant (palant) wrote :

By now (definitely xenial and above), this functionality has been implemented via the cryptsetup package. It will take care of unlocking resume devices so that one can simply use "resume=/dev/mapper/foo" for the parameter.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.