[Blueprint encrypted-swap-by-default] Encrypted Swap By Default

Bob/Paul wiki.ubuntu.com at bobpaul.org
Mon Dec 8 16:46:55 GMT 2008


Blueprint changed by Bob/Paul:

Whiteboard changed to:

(steve.langasek) When I migrated my laptop from hardy to intrepid, I
turned on encrypted swap at the same time (swap LV on top of
LVM+encryption).  Anything that makes heavy use of swap on my desktop
now brings the whole system to its knees.  Please be cognizant of
performance issues when implementing this - I fear this may be untenable
as a default for desktop systems.

(Roderick Greening) It would never be expected to encrypt a swap file
which exists in a LVM encrypted drive. Given that to build a LVM system,
you have to use the alternate cd, the user would be in total control of
these choices. Via the regular live CD/DVD, LVM is not a option (that I
recall), so encrypting the swap by default should not be problematic.

(Paul Klapperich) As far as encrypted swap working with hibernate, it
sounds like this goes nicely on computers that have a TPM as per the
second link. I don't have one to test. For computers without a tpm, I
don't know how ecryptfs works, but for luks we could perhaps use a pam
module to hold the user account password for the duration of the login
and set it as an alternate key for the luks swap partition (which
previously had a random key only) if the user initiates a hibernate.
Alternatively a global "swap password" could be created instead of (or
somehow in addition to) random key encryption, but that's an extra
password that now all users of the system would be required to know. It
would, however, allow a resume from hibernate followed by a switch user
if the person who hibernated is not present.

-- 
  Encrypted Swap By Default
  https://blueprints.launchpad.net/ubuntu/+spec/encrypted-swap-by-default



More information about the Ubuntu-server-bugs mailing list