Encrypted swap partition does not show up in /dev/mapper

encryption swap cryptsetup

I followed these steps to convert my normal swap on /dev/sda4 (UUID 5da9c956-e544-47e3-bb8e-fe18d9531b2f) into an encrypted swap partition on 16.04:

  • Disable old swap partition and overwrite it with zeroes:

    sudo swapoff -a
sudo dd if=/dev/zero of=/dev/sda4 bs=4M

  • Install cryptsetup:

    sudo apt install cryptsetup

  • Edit /etc/crypttab to contain this:

    # <target name> <source device>                 <key file>  <options>
cryptswap   UUID=5da9c956-e544-47e3-bb8e-fe18d9531b2f   /dev/urandom    swap

  • Edit /etc/fstab to remove the old swap line and replace it with this one:

    # cryptswap on /dev/sda4 configured in /etc/crypttab
/dev/mapper/cryptswap               none        swap    sw  0   0

  • Reload cryptdisks configuration:

    sudo service cryptdisks reload
sudo service cryptdisks-early reload

  • Enable the new encrypted swap:

    sudo swapon -a

However, this last step gave me the following error message:

swapon: stat of /dev/mapper/cryptswap failed: No such file or directory

Indeed, the encrypted device file seems not to have been created:

$ ls -la /dev/mapper/
total 0
drwxr-xr-x  2 root root      60 Aug 10 18:50 .
drwxr-xr-x 20 root root    4780 Aug 10 20:16 ..
crw-------  1 root root 10, 236 Aug 10 18:50 control

What went wrong here and how do I get my encrypted swap partition to work?


Solution 1:

You have a problem with your /etc/crypttab file that's causing eveything to go south, and a problem with your swap partition.

First off, you need to mkswap the partition that you want to use for your encrypted swap file. The cryptdisk utility expects your partition to be swap, so you should keep it as such:

sudo mkswap /dev/sda4

Now, note that this will change the partition's UUID. Get the new one with the following command, and make note of it:

sudo blkid /dev/sda4

Now, we need to deal with the larger problem at hand: your /etc/crypttab file. Replace it with the following:

# <target name>  <source device>        <key file>     <options>
cryptswap        UUID=<Your new UUID>   /dev/urandom   swap,offset=1024

Reboot the system, and you should have a working swap!

You have your cryptswap set up currently to recreate the entire partition as an encrypted swap. This is Not Good™, because we need to preserve the UUID. By offsetting the swap by 1024 blocks, we preserve the critical filesystem info, including the UUID.

Related

How to use amdgpu-pro with 17.04?
Set desktop resolution for standard 11.10 VNC server
Kernel panic (probably) goes on even after update to 4.4.0-112-generic (ubuntu 16.04.3 LTS)!
Brightness problem on a Samsung 530U3B
How to extract/inject ID3 tags via bash?
How to display date under time in GNOME
How do I fix "no public keys available" errors? [duplicate]
Ethernet connection not working on Ubuntu 20.04
Does apt have a directory where it stores all downloads?
Need to have 2 versions of Python without using a VM
How to dual boot two different Linux distributions?
ALC892 Low sound issue fixed with changing alsa config, why does it work?