Support Encrypted Filesystems #10
Assignees
Labels
Comments
|
Reference external Pull Request |
mdhorn
added a commit
to mdhorn/clr-installer
that referenced
this issue
Nov 20, 2018
Fixes clearlinux#10 Enable encrypted partitions for all but /boot. A single passphrase is used for all partitions which enable encryption expect swap, which currently uses a random password each boot. NOTE: If we need to support a large swap for laptop suspend/restore, we should change from a random passphrase to the same known passphrase. /etc/crypttab will attempt to use either the disk label or the UUID to identify the disk instead of the physical disk name. Swap partition would normally loose its UUID or Label each boot due to dm-crypt and mkswap overwriting the connect. To maintain identification of the partition, we use a trick from here: https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption of creating a small (1M) ext2 partition with label at the beginning of the swap partition, then use an offset in the /etc/crypttab to prevent overwriting this information. Signed-off-by: Mark D Horn <mark.d.horn@intel.com>
mdhorn
added a commit
to mdhorn/clr-installer
that referenced
this issue
Nov 20, 2018
Fixes clearlinux#10 Enable encrypted partitions for all but /boot. A single passphrase is used for all partitions which enable encryption expect swap, which currently uses a random password each boot. NOTE: If we need to support a large swap for laptop suspend/restore, we should change from a random passphrase to the same known passphrase. /etc/crypttab will attempt to use either the disk label or the UUID to identify the disk instead of the physical disk name. Swap partition would normally loose its UUID or Label each boot due to dm-crypt and mkswap overwriting the connect. To maintain identification of the partition, we use a trick from here: https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption of creating a small (1M) ext2 partition with label at the beginning of the swap partition, then use an offset in the /etc/crypttab to prevent overwriting this information. Signed-off-by: Mark D Horn <mark.d.horn@intel.com>
mdhorn
added a commit
to mdhorn/clr-installer
that referenced
this issue
Nov 26, 2018
Fixes clearlinux#10 Enable encrypted partitions for all but /boot. A single passphrase is used for all partitions which enable encryption expect swap, which currently uses a random password each boot. NOTE: If we need to support a large swap for laptop suspend/restore, we should change from a random passphrase to the same known passphrase. /etc/crypttab will attempt to use either the disk label or the UUID to identify the disk instead of the physical disk name. Swap partition would normally loose its UUID or Label each boot due to dm-crypt and mkswap overwriting the connect. To maintain identification of the partition, we use a trick from here: https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption of creating a small (1M) ext2 partition with label at the beginning of the swap partition, then use an offset in the /etc/crypttab to prevent overwriting this information. Signed-off-by: Mark D Horn <mark.d.horn@intel.com>
mdhorn
added a commit
to mdhorn/clr-installer
that referenced
this issue
Nov 27, 2018
Fixes clearlinux#10 Enable encrypted partitions for all but /boot. A single passphrase is used for all partitions which enable encryption expect swap, which currently uses a random password each boot. NOTE: If we need to support a large swap for laptop suspend/restore, we should change from a random passphrase to the same known passphrase. /etc/crypttab will attempt to use either the disk label or the UUID to identify the disk instead of the physical disk name. Swap partition would normally loose its UUID or Label each boot due to dm-crypt and mkswap overwriting the connect. To maintain identification of the partition, we use a trick from here: https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption of creating a small (1M) ext2 partition with label at the beginning of the swap partition, then use an offset in the /etc/crypttab to prevent overwriting this information. Signed-off-by: Mark D Horn <mark.d.horn@intel.com>
mdhorn
added a commit
to mdhorn/clr-installer
that referenced
this issue
Nov 29, 2018
Fixes clearlinux#10 Enable encrypted partitions for all but /boot. A single passphrase is used for all partitions which enable encryption expect swap, which currently uses a random password each boot. NOTE: If we need to support a large swap for laptop suspend/restore, we should change from a random passphrase to the same known passphrase. /etc/crypttab will attempt to use either the disk label or the UUID to identify the disk instead of the physical disk name. Swap partition would normally loose its UUID or Label each boot due to dm-crypt and mkswap overwriting the connect. To maintain identification of the partition, we use a trick from here: https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption of creating a small (1M) ext2 partition with label at the beginning of the swap partition, then use an offset in the /etc/crypttab to prevent overwriting this information. Signed-off-by: Mark D Horn <mark.d.horn@intel.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Friday Mar 02, 2018 at 22:19 GMT
The text was updated successfully, but these errors were encountered: