Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Swap issue after crypting disk partitions
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
egoitz
n00b
n00b


Joined: 10 Oct 2016
Posts: 17

PostPosted: Mon Oct 17, 2016 12:19 pm    Post subject: Swap issue after crypting disk partitions Reply with quote

Good morning,

Yesterday I finally was able to crypt my disk with Cryptsetup. I created the partitions with parted, later the lvm volumes and finally
cryptsetup. Have used this model with LVM because else genkernel when generating the initramfs with --luks but not specifying --lvm
(because I was at first attempt not using it) was saying it was unable to find the lvm volumes I was specifying as real_root, real_resume
and so. Basically when using luks+lvm everything worked as expected but the swap automatic mount either in initramfs (for returning from
suspending to disk) or after the whole boot proccess. The volume group of swap gets marked as inactive and that seems to be the reason
because swap is not usable from either the own operating system after boot (without previously doing vgchange -a y and later swapon -a) or
the own initramfs. My question is why Swap LVM volume gets marked as inactive after a proper reboot or when a new boot proccess happens
after a correct shutdown proccess?.

Has anyone ever seen this behaviour?. How can be fixed?.

Best regards,
Back to top
View user's profile Send private message
Roman_Gruber
Advocate
Advocate


Joined: 03 Oct 2006
Posts: 3806
Location: Austro Bavaria

PostPosted: Tue Oct 18, 2016 6:03 am    Post subject: Reply with quote

Usually you use cryptswap, and you need to define it like that.

There was a config file in /etc how to define cryptswap. that is usually recreated randomly on every reboot or you have to provide a key for swap.

The question is, do you need the contents of swap after a reboot? E.g. when you use hibernation?

I'll tell you my setup:

Bootloader from a binary distro => linux mint
unencrypted boot partition according to handbook with 120MB / uefi
initramfs from genkernel 2, generated only once, reused, as it only provides busybox and the magic to mount my root
root partition is in a lvm volume. that lvm volume contains a luks container. that luks container contains ext4

I gave up on using swap. There was no need on my old box with 4gb of RAM on a pencryn notebook cpu, thats 2 cores @ 2.6GHZ.
On an invybridge notebook cpu there was no need for swap with 8gb of RAM for a month. Now i am on 16GB of RAM and that was far overkill to upgrade it.

When you use google chrome on 4GB of RAM box, it runs out of memory after a few hours, but thats probably adobe flash issue and thats it.

When you use lvm below like i did, you can move the lvm container while running the box, as I did. => pvmove

=> you need to use genkernel 2 for the initramfs
Back to top
View user's profile Send private message
egoitz
n00b
n00b


Joined: 10 Oct 2016
Posts: 17

PostPosted: Tue Oct 18, 2016 8:08 pm    Post subject: Reply with quote

Hi Roman,

I use it for suspending to disk... or can use in a laptop for instance with a cron script (or any other code) that checks the battery is near being totally
discharged for avoid loosing info...

That's why I consider it important.... suspending to disk IMHO is important... same as encrypting disk is important for me...
Back to top
View user's profile Send private message
Roman_Gruber
Advocate
Advocate


Joined: 03 Oct 2006
Posts: 3806
Location: Austro Bavaria

PostPosted: Tue Oct 18, 2016 9:29 pm    Post subject: Reply with quote

You may end up in adapting or creating or reusing an existing initramfs busybox init script. A few years ago those were shared on the old gentoo wiki or on this forum.

I'm also on an encrypted laptop, but I gave up on that hibernation thing with luks. Too time consuming for little benefit. Libreoffice / google chrome does restore open tabs and windows 80 percent of the time, so its fine ...

When you want to avoid loosing information in user applications, the better approach is to set the auto save to 1 Minute. I do this since Office 97 days.

Some software has big memory holes and hibernation makes thing only goes worse over time. e.g. google chrome
Back to top
View user's profile Send private message
egoitz
n00b
n00b


Joined: 10 Oct 2016
Posts: 17

PostPosted: Wed Oct 19, 2016 12:18 pm    Post subject: Reply with quote

I'm stubborn I will try making this working because I like having all the same way as left..... and there are other things like consoles, or database opened programs which
are important to be the same way for remembering... the browsers are directly not worrying for me... and about saving automatically... yes I do too :) but I need hibernation :) :) :p
Back to top
View user's profile Send private message
egoitz
n00b
n00b


Joined: 10 Oct 2016
Posts: 17

PostPosted: Wed Oct 19, 2016 8:50 pm    Post subject: Reply with quote

Hi there!

Have solved my issue on not having swap after booting and the fact of being able to use hibernation. Have generated by genkernel the following way :

genkernel --menuconfig --luks --lvm --compress-initramfs --compress-initramfs-type=gzip all...

Obviously you could perhaps go directly and instead of all specify initramfs..... but with the indicated support.... or you could specify too not being using zfs or btrfs..... then Genkernel
generates the function startLUKS() of /etc/initrd.scripts file inside the initram generated env, with this function just doing a vg scan after opening only a crypted root fs. It does not repeat
it when it opens too a crypted swap device. So I have fixed it by generating a var which when it's value is greater than zero, at the end of the function does the call to startVolumes then
all volumes become ready.

startLUKS() {

# if key is set but key device isn't, find it

reescanear=0

[ -n "${CRYPT_ROOT_KEY}" ] && [ -z "${CRYPT_ROOT_KEYDEV}" ] \
&& sleep 6 && bootstrapKey "ROOT"

if [ -n "${CRYPT_ROOT}" ]; then
openLUKS "root"
reescanear=1
if [ -z "${REAL_ROOT}" ]
then
REAL_ROOT="/dev/mapper/root"
fi
fi

# same for swap, but no need to sleep if root was unencrypted
[ -n "${CRYPT_SWAP_KEY}" ] && [ -z "${CRYPT_SWAP_KEYDEV}" ] \
&& { [ -z "${CRYPT_ROOT}" ] && sleep 6; bootstrapKey "SWAP"; }

if [ -n "${CRYPT_SWAP}" ]; then
openLUKS "swap"
reescanear=1
if [ -z "${REAL_RESUME}" ]
then
# Resume from swap as default
REAL_RESUME="/dev/mapper/swap"
fi
fi

if [ $reescanear -gt 0 ]
then
startVolumes
fi

}


Sorry for the format, was going to send a uniffied diff but have removed the original version of this modified file.

Cheers :D :D
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13485

PostPosted: Thu Oct 20, 2016 1:20 am    Post subject: Reply with quote

If the parts you marked in bold are what was added, then you could generate again the stock copy and use that as the other side of a unified diff. This would also allow you to use [code] tags in your post to preserve formatting. Normally, I would edit your post to add [code] tags, but [code] suppresses other markup, so I will not do that here because it would break your use of bold.
Back to top
View user's profile Send private message
egoitz
n00b
n00b


Joined: 10 Oct 2016
Posts: 17

PostPosted: Thu Oct 20, 2016 8:54 am    Post subject: Reply with quote

Hi Hu,

Ok I'll do it totally true... there are very few lines and I could generate it the old file and the new one for later entering a code tag yep :)

I'll do it this weekend :) sorry for the format.... was just trying to share what fixes the issue I was suffering for those suffering it and by the way
the genkernel developers to notice about it....

Cheers :)
Back to top
View user's profile Send private message
Roman_Gruber
Advocate
Advocate


Joined: 03 Oct 2006
Posts: 3806
Location: Austro Bavaria

PostPosted: Fri Oct 21, 2016 8:05 am    Post subject: Reply with quote

Thanks for sharing
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum