Ubuntu 20.04: Use encrypted swap with installer

If someone edits the installer to use encryption, they should also setup encrypted swap. I have now added instructions for that. Signed-off-by: Richard Laager <rlaager@wiktel.com>
2020-05-25 04:29:47 -05:00
parent bc4eac650a
commit 62c172a8eb
1 changed files with 21 additions and 1 deletions
--- a/Started/Ubuntu/Ubuntu
+++ b/Started/Ubuntu/Ubuntu
@@ -25,7 +25,27 @@ If you want a ZFS native encrypted, desktop install, you can `trivially edit
 the installer
 <https://linsomniac.gitlab.io/post/2020-04-09-ubuntu-2004-encrypted-zfs/>`__.
 The ``-o recordsize=1M`` there is unrelated to encryption; omit that unless
-you understand it. `Hopefully the installer will gain encryption support in
+you understand it. Additionally, once the system is installed, you should
+switch to encrypted swap::
+
+  swapon -v
+  # Note the device, including the partition.
+
+  ls -l /dev/disk/by-id/
+  # Find the by-id name of the disk.
+
+  sudo swapoff -a
+  sudo vi /etc/fstab
+  # Remove the swap entry.
+
+  sudo apt install --yes cryptsetup
+
+  # Replace DISK-partN as appropriate from above:
+  echo swap /dev/disk/by-id/DISK-partN /dev/urandom \
+      swap,cipher=aes-xts-plain64:sha256,size=512 | sudo tee -a /etc/crypttab
+  echo /dev/mapper/swap none swap defaults 0 0 | sudo tee -a /etc/fstab
+
+`Hopefully the installer will gain encryption support in
 the future
 <https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1857398>`__.