Swap Space Not Activated On Boot

NoOp glgxg at sbcglobal.net
Wed Sep 3 19:43:26 UTC 2014 

On 09/03/2014 09:04 AM, sktsee wrote:
> On Wed, 03 Sep 2014 08:38:05 -0700, NoOp wrote:
..
>> 
>> Just having bootable usb drives connected can/will change the /dev/sdX
>> and so I've not been able to find a method to reliably mount encrypted
>> swap in this situation.
> 
> 
> Yes, as I've mentioned twice now, you should use specify disk by-id as 
> the source device in /etc/crypttab if you have multiple hard drives 
> attached to your system to avoid the issue with device path changes on 
> boot. AFAICT, no one in the bug reports used disk by-id, they just used a 
> UUID or the device path (/dev/sdx).
> 

I had/have always thought that /dev/by-path was/is unreliable as well:
<https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1193705>
<https://wiki.archlinux.org/index.php/Talk:Persistent_block_device_naming>
<https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/522341>
(crypttab by-id entries not processed automatically at startup despite
upstart files)
<https://bugs.launchpad.net/ubuntu/+source/fai/+bug/1040254>

I also cannot find the reference to 'by-id' in the crypsetup FAQ
<http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions>
 - only this:
"    2.3 How do I set up encrypted swap?

    As things that are confidential can end up in swap (keys,
passphrases, etc. are usually protected against being swapped to disk,
but other things may not be), it may be advisable to do something about
the issue. One option is to run without swap, which generally works well
in a desktop-context. It may cause problems in a server-setting or under
special circumstances. The solution to that is to encrypt swap with a
random key at boot-time.

    NOTE: This is for Debian, and should work for Debian-derived
distributions. For others you may have to write your own startup script
or use other mechanisms.

    01) Add the swap partition to /etc/crypttab. A line like the
following should do it:

          swap  /dev/<partition>  /dev/urandom   swap,noearly

    Warning: While Debian refuses to overwrite partitions with a
filesystem or RAID signature on it, if your disk IDs may change (adding
or removing disks, failure of disk during boot, etc.), you may want to
take additional precautions. Yes, this means that your kernel device
names like sda, sdb, ... can change between reboots! This is not a
concern if you have only one disk. One possibility is to make sure the
partition number is not present on additional disks or also swap there.
Another is to encapsulate the swap partition (by making it a 1-disk
RAID1 or by using LVM), so that it gets a persistent identifier.
Specifying it directly by UUID does not work, unfortunately, as the UUID
is part of the swap signature and that is not visible from the outside
due to the encryption and in addition changes on each reboot with this
setup. "

Are we looking at different FAQ's?

However... you've never steered me wrong in the past, so I'll give
'by-id' a try :-)

More information about the ubuntu-users mailing list