Bug 788236
Summary: | encrypted swap uses passphrase | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Paul Bransford <draeath> |
Component: | anaconda | Assignee: | Anaconda Maintenance Team <anaconda-maint-list> |
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 16 | CC: | anaconda-maint-list, g.kaviyarasu, jonathan, vanmeeuwen+fedora |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-02-07 21:19:17 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Paul Bransford
2012-02-07 20:16:08 UTC
A workaround is to add an additional key to the swap LUKS volume using "cryptsetup luksAddKey /dev/foo" and then add this new passphrase to /etc/crypttab. This is only a good idea if root is already encrypted. Indeed, creating a keyfile (for example in /etc/luks/), adding it to the volume, and then changing "none" to this path+filename appears to work. On boot, my root volume is unlocked, then the keyfile stored in /etc is used to unlock the swap volume, which is then mounted. Setting this up on installation is something that could be automated by Anaconda. The suspend/resume on this hardware is a bit buggy, so I can't thoroughly test it's function with this. (In reply to comment #2) > volume, and then changing "none" to this path+filename appears to work. On Inside /etc/crypttab. Sorry for the multiple comments. *** This bug has been marked as a duplicate of bug 505518 *** |