Encrypted swap partition does not show up in /dev/mapper
I followed these steps to convert my normal swap on /dev/sda4
(UUID 5da9c956-e544-47e3-bb8e-fe18d9531b2f
) into an encrypted swap partition on 16.04:
-
Disable old swap partition and overwrite it with zeroes:
sudo swapoff -a sudo dd if=/dev/zero of=/dev/sda4 bs=4M
-
Install
cryptsetup
:sudo apt install cryptsetup
-
Edit
/etc/crypttab
to contain this:# <target name> <source device> <key file> <options> cryptswap UUID=5da9c956-e544-47e3-bb8e-fe18d9531b2f /dev/urandom swap
-
Edit
/etc/fstab
to remove the old swap line and replace it with this one:# cryptswap on /dev/sda4 configured in /etc/crypttab /dev/mapper/cryptswap none swap sw 0 0
-
Reload cryptdisks configuration:
sudo service cryptdisks reload sudo service cryptdisks-early reload
-
Enable the new encrypted swap:
sudo swapon -a
However, this last step gave me the following error message:
swapon: stat of /dev/mapper/cryptswap failed: No such file or directory
Indeed, the encrypted device file seems not to have been created:
$ ls -la /dev/mapper/
total 0
drwxr-xr-x 2 root root 60 Aug 10 18:50 .
drwxr-xr-x 20 root root 4780 Aug 10 20:16 ..
crw------- 1 root root 10, 236 Aug 10 18:50 control
What went wrong here and how do I get my encrypted swap partition to work?
Solution 1:
You have a problem with your /etc/crypttab
file that's causing eveything to go south, and a problem with your swap partition.
First off, you need to mkswap
the partition that you want to use for your encrypted swap file. The cryptdisk utility expects your partition to be swap, so you should keep it as such:
sudo mkswap /dev/sda4
Now, note that this will change the partition's UUID. Get the new one with the following command, and make note of it:
sudo blkid /dev/sda4
Now, we need to deal with the larger problem at hand: your /etc/crypttab
file. Replace it with the following:
# <target name> <source device> <key file> <options>
cryptswap UUID=<Your new UUID> /dev/urandom swap,offset=1024
Reboot the system, and you should have a working swap!
You have your cryptswap
set up currently to recreate the entire partition as an encrypted swap. This is Not Good™, because we need to preserve the UUID. By offsetting the swap by 1024 blocks, we preserve the critical filesystem info, including the UUID.