Auto crypting of swap now possible w/ fstab option in master
Matthew Dillon
dillon at backplane.com
Tue May 26 18:35:51 PDT 2015
It should already work with serno device names, of the form:
serno/blahblah.s1b
-Matt
On Sun, May 24, 2015 at 12:06 AM, Tim Darby <t+dfbsd at timdarby.net> wrote:
> On Sat, May 16, 2015 at 2:04 PM, Matthew Dillon <
> dillon at apollo.backplane.com> wrote:
>
>> A more sophisticated encrypted swap using LUKS was already available and
>> could be set up via the installer, capable of encrypting swap and dumps.
>> Manual configuration through luks is a bit messy though.
>>
>> This feature provides a simpler way to just encrypt swap with a random key
>> via /etc/fstab, perhaps as a preface to potentially implementing more
>> sophisticated crypto features in /etc/fstab in the future that use
>> dm-crypt
>> directly and bypass LUKS.
>>
>> The master branch now has experimental automatic crypting of swap
>> available.
>> If using master, simply recompile and reinstall the /usr/src/sbin/swapon
>> utility and then specify 'crypt' as a swap option in your /etc/fstab.
>> For example:
>>
>> # Device Mountpoint FStype Options Dump
>> Pass#
>> /dev/da0s1b none swap sw,crypt,trim 0 0
>>
>
> I set this up today and so far it's working great (with swapcache). Will
> this eventually work with serno device names?
>
> Tim
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20150526/0d88dc46/attachment.html>
More information about the Users
mailing list