-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2010-10-13 at 17:19 +0200, Susan Dittmar wrote:
Dear Carlos,
Quoting Carlos E. R. (robin.listas@telefonica.net):
Yes, the swap can be encrypted, and during resume the kernel messages mentions that fact. I don't know if it uses LUKS or something else.
Using that method, however, during boot the system would ask for the passphrase twice or more: once for the root system (another for /home, if used), and another for swap ?¹?.
When following the aforementioned SDB article in creating several encrypted partitions (all with luks), the system only asks for one passphrase during boot in case all passphrases are the same.
Ah, I see.
On restore from hibernation, it would ask for the password only once: for the swap. The partitions are mounted, no password required.
It's the other way 'round here too, at least in my setting: It *does* ask for *all* passphrases on restore from hibernation too. Maybe that's due to the fact that the information about which partitions to unlock is given as kernel boot parameters.
Ah! No, I think I know why: you don't have a separate unencripted /boot partition - is that it?
Another possibility would be hardware encryption, directly by the HD firmware. Search for "ATA Security Feature Set" in man hdparm. I have never used this in Linux - I know of people that used it in windows. I don't know who has to ask for the password, I think the bios: not even the MBR can be read if the lock is set.
I will look into that. Thanks!
Tell us what you find, I'm curious about that system. - -- Cheers, Carlos E. R. (from 11.2 x86_64 "Emerald" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) iEYEARECAAYFAky12PcACgkQtTMYHG2NR9XNJgCgjFDki2qAvjMQZsdrPxWUJcSc zGkAn2zq7CPw2u5/hEtwy6FeixQdRT8E =aLgU -----END PGP SIGNATURE-----