Does hibernate work with an encrypted home dir in maverick?

Solution 1:

No, hibernate is definitely broken if you encrypt home. Actually the problem isn't encrypted home per se, it's the encrypted swap that's the problem.

Here's the bug for this issue if you want to track it or comment: https://bugs.launchpad.net/ecryptfs/+bug/432785

Alternately, you can disable encrypted swap, but as the manpage for ecrypt-setup-swap says:

Encrypted swap is essential to securing any system using eCryptfs, since decrypted file contents will exist in the system’s memory, which may be swapped to disk at any time. If the system swap space is not also encrypted, it is possible that decrypted files could be written to disk in clear text.

If you understand the risks and still feel comfortable disabling swap encryption, I found a good and very to the point HOWTO here: http://www.logilab.org/blogentry/29155

Solution 2:

Out of the box hibernation does not work with the encrypted swap Ubuntu sets up together with encrypted home directories. Disabling swap encryption is not a good idea as the encryption keys are written to the swap in plain text when the system hibernates, and also in other cases it is possible that the keys are leaked to swap space, effectively rendering the whole concept useless. Again: Do not disable swap encryption, especially if you plan to hibernate the system.

But it is not too hard to set a static passphrase instead of the random one. This way you have to enter the swap encryption passphrase every time you boot (or resume from hibernation). Unattended boots are not possible this way, but for many scenarios this is not a problem.

I tested the following instructions on Ubuntu 12.04 and it worked very well:

Enable Hibernate With Encrypted Swap