Arch Linux

116 readers

1 users here now

Discussion community about the Arch Linux distro.

Wiki : https://wiki.archlinux.org/

Site : https://archlinux.org/

Packages : https://archlinux.org/packages/

GitLab : https://gitlab.archlinux.org/archlinux

Downloads : https://archlinux.org/download/

founded 8 months ago

MODERATORS

[email protected]

[Question] Encrypted Partition Unlock via Root Unlocking (programming.dev)

submitted 2 months ago by [email protected] to c/[email protected]

1 comments fedilink hide all child comments

For context:
I've encrypted the swap partition with:

cryptsetup -v luksFormat /dev/${DEVICE}
cryptsetup luksOpen /dev/${DEVICE} swap

And what I want is for the user to be able to enter their password only once to decrypt their root partition which would contain a keyfile to then decrypt their swap partition.

Does anyone know if this is possible?
Just thought I'd ask to see if anyone's done this already

Links:

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 2 months ago

Use a different encryption key for your swap partition, then put that in a file on your (encrypted) root. In /etc/crypttab, where you list the encrypted partition and the device name for the unencrypted view, you can list the key file too. That way the swap partition will be automatically decrypted during the boot process and before swap is enabled.

I believe there may be issues resuming from suspend doing this, but I've not tested that.