[PATCH] allow resume from LUKS encrypted swap partition

Bug #91867 reported by Gabriel Ambuehl on 2007-03-13
18
Affects Status Importance Assigned to Milestone
initramfs-tools (Ubuntu)
Wishlist
Unassigned
Nominated for Hardy by Eric Shattow

Bug Description

Binary package hint: initramfs-tools

The attached patch allows to suspend and resume to a LUKS encrypted swap partition. This means that all data (including passwords) that would otherwise be written to disk in plain text will be encrypted.

To make use of the patch, you must
* create a LUKS encrypted partition
* activate the device with cryptsetup luksOpen
* run mkswap on it and enter it in fstab as swap
* change your kernel's resume=* line to
resume=LUKS=/name/of/harddiskpartition:devicemapper name (actual process depends on the bootloader used)
For example resume=LUKS=/dev/hda3:cryptswap
* then run update-initramfs to build a new initramfs.

You will then be asked to provide the password for the swap partition upon boot and the script will try to resume from it. If it can't find swsuspend signatures, boot will continue. The script will also automatically setup correct suspend device for swsuspend.

I have extensively tested this on Feisty.

resume from LUKS encrypted swap patch

description: updated
jmc (launchpad-dodgeit) wrote :

Thanks a lot for your patch! Seems to work really well for me!
I hope it makes it into Feisty release!!

jmc (launchpad-dodgeit) wrote :

Works also well together with https://launchpad.net/bugs/85640 and the patch from Carsten Schabacker

Daniel Holbach (dholbach) wrote :

Is the patch still applicable in Hardy?

Also to get your fix included in Ubuntu, it would help if you tried transforming it into a debdiff (http://wiki.ubuntu.com/PackagingGuide/Recipes/Debdiff) and submit it for review (http://wiki.ubuntu.com/SponsorshipProcess). If you prefer somebody else to do that, that's fine - please just indicate if you're available to do that.

Daniel T Chen (crimsun) wrote :

Is this issue relevant in 8.10 still? It's too late to push into 8.10 if so, but we can try for 9.04.

Changed in initramfs-tools:
status: New → Incomplete
Dimitrios Symeonidis (azimout) wrote :

setting back to new, importance wishlist
related redhat thread: https://bugzilla.redhat.com/show_bug.cgi?id=247794

Changed in initramfs-tools:
importance: Undecided → Wishlist
status: Incomplete → New
Michael Evans (mjevans1983) wrote :

I confirm that this patch works for me, though it does ask me to decrypt my root partition prior to resuming from swap (which is an un-necessary entry of a password, unless it's checking the disk for resume entries/info first; though it mounts / after it checks resume so I doubt that is the case).

Can somebody implement this patch or is it already implemented?

Changed in initramfs-tools (Ubuntu):
status: New → Confirmed
status: Confirmed → Incomplete
Wladimir Palant (palant) wrote :

By now (definitely xenial and above), this functionality has been implemented via the cryptsetup package. It will take care of unlocking resume devices so that one can simply use "resume=/dev/mapper/foo" for the parameter.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.