-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Duncan wrote: > I'm not running encrypted swap tho I've always thought it'd be nice to > setup /someday/, so I can't help directly.
I just run the following script from local.start. I forget where I
found it online. Obviously change the swapdevice variable!
Honestly, my guess is that it is overly paranoid. You could probably
eliminate most of the steps this script takes, but it runs in only a
second or two so it isn't a big deal. I would leave in the bit that
zeros the start of the encrypted swap partition - it probably helps to
keep mkswap from getting confused.
Not sure what the fancy scripts that are being discussed do, but this is
plenty good for me, and I'm sure Duncan could get this running in about
15 seconds...
#!/bin/sh
# Run this script somewhere in your startup scripts _after_ random
# number generator has been initialized and /usr has been mounted.
# (md5sum, uuencode, tail and head programs usually reside in /usr/bin/)
# encrypted swap partition
SWAPDEVICE=/dev/hda3
# loop device name
LOOPDEV=/dev/loop6
MD=`dd if=${SWAPDEVICE} bs=4k count=10 2>/dev/null | md5sum`
for X in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 ; do
dd if=/dev/zero of=${SWAPDEVICE} bs=4k count=10 conv=notrunc 2>/dev/null
sync
done
UR=`dd if=/dev/urandom bs=18 count=1 2>/dev/null \
| uuencode -m - | head -n 2 | tail -n 1`
echo ${MD}${UR} | losetup -p 0 -e aes-cbc-256 ${LOOPDEV} ${SWAPDEVICE}
MD=
UR=
dd if=/dev/zero of=${LOOPDEV} bs=4k count=10 conv=notrunc 2>/dev/null
sync
mkswap ${LOOPDEV}
sync
swapon ${LOOPDEV}
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFOuTeG4/rWKZmVWkRAvh/AJ9m/TppQ4w+kFEtjRgqRqBXrW0HSgCffycx
v1aYQi+49/PX9GBTi8Z5kxk=
=X4Km
-----END PGP SIGNATURE-----
smime.p7s
Description: S/MIME Cryptographic Signature
