Mailinglist Archive: opensuse-factory (355 mails)

< Previous Next >
Re: [opensuse-factory] TW partitioning propsal swap
On niedziela, 8 marca 2020 19:49:43 CET Christian Boltz wrote:
Hello,

Am Sonntag, 8. März 2020, 17:19:19 CET schrieb Axel Braun:
Hm, guided setup encrypts root partition AND swap. Not sure if this is
a good idea....

It is.

If you are paranoid enough to encrypt your root partition (you should!),
then you don't want to have parts of your RAM (like open documents or in
worst case your disk encryption key) swapped out to unencrypted swap ;-)

This is somewhat similar to the discussion if you really need to encrypt
the root partition, or if encrypting /home is good enough. IMHO it
isn't, because for example files in /tmp/ can also contain sensitive
data which you don't want to have unencrypted. For example, when you
click a PDF attached to a mail in KMail, it will get stored in /tmp/
before it gets opened.


Sidenote: I have no idea if suspend to disk works with encrypted swap -
I don't have any swap to test.
It does work very well on my ThinkPad T440. I have my root and swap partitions
encrypted with LUKS. The root partition includes /boot, so I use GRUB to
decrypt it and keep a key in the initramfs so I don't have to put in the
passphrase twice (I followed the guide at https://en.opensuse.org/
SDB:Encrypted_root_file_system). I haven't had any problems with that setup,
but that, of course, depends on your machine.

Regards
Radosław Wyrzykowski


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups