For context:
I’ve encrypted the swap partition with:
cryptsetup -v luksFormat /dev/${DEVICE}
cryptsetup luksOpen /dev/${DEVICE} swap
And what I want is for the user to be able to enter their password only once to decrypt their root partition which would contain a keyfile to then decrypt their swap partition.
Does anyone know if this is possible?
Just thought I’d ask to see if anyone’s done this already
Use a different encryption key for your swap partition, then put that in a file on your (encrypted) root. In
/etc/crypttab, where you list the encrypted partition and the device name for the unencrypted view, you can list the key file too. That way the swap partition will be automatically decrypted during the boot process and before swap is enabled.I believe there may be issues resuming from suspend doing this, but I’ve not tested that.