I forgot to set up the swap encryption and I’m trying to set it up now

I forgot to set up the swap encryption and I’m trying to set it up now. I have btrfs on my root partition, also containing /boot.

I tried with this suggested configuration and with some slight variations, but I’m getting a kernel panic, rather unreadable to me. Below is a screenshot.

Right now, my /etc/openswap.conf looks like this:

## cryptsetup open $swap_device $crypt_swap_name
## get uuid using e.g. lsblk -f
swap_device=/dev/disk/by-uuid/4b751be8-4ead-4ec4-b8fb-c7ec2aab6fda
crypt_swap_name=swapDevice

## one can optionally provide a keyfile device and path on this device
## to the keyfile
keyfile_device=/dev/mapper/luks-a76245df-73a8-4a1c-ae08-c53a6af22957
keyfile_filename=crypto_keyfile.bin

## additional arguments are given to mount for keyfile_device
## has to start with --options (if so desired)
keyfile_device_mount_options="--options=subvol=@"

## additional arguments are given to cryptsetup
## --allow-discards options is desired in case swap is on SSD partition
cryptsetup_options="--type luks --allow-discards"

When I run # source /usr/lib/initcpio/hooks/openswap; run_hook; swapon /dev/mapper/swapDevice, the swap is correctly activated, so my openswap config should be ok.

I have added the openswap hook to /etc/mkinitcpio.conf:

HOOKS="base udev autodetect modconf block keyboard keymap consolefont plymouth encrypt openswap resume filesystems"

My /etc/default/grub is now like this:

GRUB_CMDLINE_LINUX_DEFAULT="quiet cryptdevice=UUID=a76245df-73a8-4a1c-ae08-c53a6af22957:luks-a76245df-73a8-4a1c-ae08-c53a6af22957 root=/dev/mapper/luks-a76245df-73a8-4a1c-ae08-c53a6af22957 resume=/dev/mapper/swapDevice udev.log_priority=3"

And of course I have GRUB_ENABLE_CRYPTODISK=y and GRUB_PRELOAD_MODULES="part_gpt part_msdos cryptodisk"

Does someone have ideas about this?

PXL_20230424_0815242071920×1440 320 KB

The UUID 546057c-etc. is the one of my btrfs root filesystem.

I know this isnt what you asked exactly … but I would guess it gets around your problems.

You could just make a swapfile that resides on your encrypted partition.

Below is a general instruction for creating a 8gb swapfile residing on root partition.

cd / && sudo dd if=/dev/zero of=/swapfile bs=1M count=8192 status=progress

sudo chmod 0600 /swapfile

sudo mkswap -U clear /swapfile

sudo swapon /swapfile

Now swap should be active. To make it permanent and activate next boot edit /etc/fstab to include

/swapfile none swap defaults 0 0

Thats it, reboot. You should have an active 8gb swapfile.

Thanks, I considered this option but I don’t actually trust swap files since the usual method is using partitions, and the latter is much better supported by the ecosystem.

I decided to re-install Manjaro in another partition and then copy the relevant files from the old installation. Having a separate home partition helps in this case, but running yes | cp -f -a * .* $HOME from the old home also does the trick.

I then removed the old partition and found that the new installation was stopping during boot because it was still trying to load the old partition, which was set-up in /etc/crypttab. I’m not sure, but maybe this file could also be the error for the original problem, since it was connected with the encrypt hook.

This topic was automatically closed 3 hours after the last reply. New replies are no longer allowed.