Auto crypting of swap now possible w/ fstab option in master

Tim Darby t+dfbsd at timdarby.net
Tue May 26 22:48:38 PDT 2015


Cool, thanks.


Tim

On Tue, May 26, 2015 at 6:35 PM, Matthew Dillon <dillon at backplane.com>
wrote:

> It should already work with serno device names, of the form:
> serno/blahblah.s1b
>
> -Matt
>
> On Sun, May 24, 2015 at 12:06 AM, Tim Darby <t+dfbsd at timdarby.net> wrote:
>
>> On Sat, May 16, 2015 at 2:04 PM, Matthew Dillon <
>> dillon at apollo.backplane.com> wrote:
>>
>>> A more sophisticated encrypted swap using LUKS was already available and
>>> could be set up via the installer, capable of encrypting swap and dumps.
>>> Manual configuration through luks is a bit messy though.
>>>
>>> This feature provides a simpler way to just encrypt swap with a random
>>> key
>>> via /etc/fstab, perhaps as a preface to potentially implementing more
>>> sophisticated crypto features in /etc/fstab in the future that use
>>> dm-crypt
>>> directly and bypass LUKS.
>>>
>>> The master branch now has experimental automatic crypting of swap
>>> available.
>>> If using master, simply recompile and reinstall the /usr/src/sbin/swapon
>>> utility and then specify 'crypt' as a swap option in your /etc/fstab.
>>> For example:
>>>
>>>     # Device            Mountpoint      FStype  Options         Dump
>>> Pass#
>>>     /dev/da0s1b         none            swap    sw,crypt,trim   0       0
>>>
>>
>> ​I set this up today and so far it's working great (with swapcache). Will
>> this eventually work with serno device names?
>>
>> Tim​
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20150526/32636527/attachment-0002.htm>


More information about the Users mailing list