I forgot to set up the swap encryption and I’m trying to set it up now. I have btrfs on my root partition, also containing /boot.
I tried with this suggested configuration and with some slight variations, but I’m getting a kernel panic, rather unreadable to me. Below is a screenshot.
Right now, my /etc/openswap.conf
looks like this:
## cryptsetup open $swap_device $crypt_swap_name
## get uuid using e.g. lsblk -f
swap_device=/dev/disk/by-uuid/4b751be8-4ead-4ec4-b8fb-c7ec2aab6fda
crypt_swap_name=swapDevice
## one can optionally provide a keyfile device and path on this device
## to the keyfile
keyfile_device=/dev/mapper/luks-a76245df-73a8-4a1c-ae08-c53a6af22957
keyfile_filename=crypto_keyfile.bin
## additional arguments are given to mount for keyfile_device
## has to start with --options (if so desired)
keyfile_device_mount_options="--options=subvol=@"
## additional arguments are given to cryptsetup
## --allow-discards options is desired in case swap is on SSD partition
cryptsetup_options="--type luks --allow-discards"
When I run # source /usr/lib/initcpio/hooks/openswap; run_hook; swapon /dev/mapper/swapDevice
, the swap is correctly activated, so my openswap config should be ok.
I have added the openswap
hook to /etc/mkinitcpio.conf
:
HOOKS="base udev autodetect modconf block keyboard keymap consolefont plymouth encrypt openswap resume filesystems"
My /etc/default/grub
is now like this:
GRUB_CMDLINE_LINUX_DEFAULT="quiet cryptdevice=UUID=a76245df-73a8-4a1c-ae08-c53a6af22957:luks-a76245df-73a8-4a1c-ae08-c53a6af22957 root=/dev/mapper/luks-a76245df-73a8-4a1c-ae08-c53a6af22957 resume=/dev/mapper/swapDevice udev.log_priority=3"
And of course I have GRUB_ENABLE_CRYPTODISK=y
and GRUB_PRELOAD_MODULES="part_gpt part_msdos cryptodisk"
Does someone have ideas about this?
The UUID 546057c-etc. is the one of my btrfs root filesystem.