cross-posted from: https://programming.dev/post/19007507
For context:
I’ve encrypted the swap partition with:cryptsetup -v luksFormat /dev/${DEVICE} cryptsetup luksOpen /dev/${DEVICE} swapAnd what I want is for the user to be able to enter their password only once to decrypt their root partition which would contain a keyfile to then decrypt their swap partition.
Does anyone know if this is possible?
Just thought I’d ask to see if anyone’s done this alreadyLinks:
Yes, very. I’ve seen people do a similar thing with a separate encrypted home partition which is decrypted by a key stored in your encrypted root. However, I’d strongly recommend you use an LVM on LUKS setup (this is what I do). That way you decrypt one partition and you don’t have to mess around with keyfiles. https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS
Do you happen to have a link to this?
Looking at the wiki it seems doable (in relation to revising my script) and as far as I can tell the tradeoffs seems better than #LUKS on a partition
much appreciated for the recommendation!