From 62c172a8ebd42db166c8b56e8f06a950b14d9232 Mon Sep 17 00:00:00 2001 From: Richard Laager Date: Mon, 25 May 2020 04:29:47 -0500 Subject: [PATCH] Ubuntu 20.04: Use encrypted swap with installer If someone edits the installer to use encryption, they should also setup encrypted swap. I have now added instructions for that. Signed-off-by: Richard Laager --- .../Ubuntu/Ubuntu 20.04 Root on ZFS.rst | 22 ++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/docs/Getting Started/Ubuntu/Ubuntu 20.04 Root on ZFS.rst b/docs/Getting Started/Ubuntu/Ubuntu 20.04 Root on ZFS.rst index 074949f..b8b14a9 100644 --- a/docs/Getting Started/Ubuntu/Ubuntu 20.04 Root on ZFS.rst +++ b/docs/Getting Started/Ubuntu/Ubuntu 20.04 Root on ZFS.rst @@ -25,7 +25,27 @@ If you want a ZFS native encrypted, desktop install, you can `trivially edit the installer `__. The ``-o recordsize=1M`` there is unrelated to encryption; omit that unless -you understand it. `Hopefully the installer will gain encryption support in +you understand it. Additionally, once the system is installed, you should +switch to encrypted swap:: + + swapon -v + # Note the device, including the partition. + + ls -l /dev/disk/by-id/ + # Find the by-id name of the disk. + + sudo swapoff -a + sudo vi /etc/fstab + # Remove the swap entry. + + sudo apt install --yes cryptsetup + + # Replace DISK-partN as appropriate from above: + echo swap /dev/disk/by-id/DISK-partN /dev/urandom \ + swap,cipher=aes-xts-plain64:sha256,size=512 | sudo tee -a /etc/crypttab + echo /dev/mapper/swap none swap defaults 0 0 | sudo tee -a /etc/fstab + +`Hopefully the installer will gain encryption support in the future `__.