With the release of Ubuntu Lucid Lynx, the use of an encrypted /home is becoming a pretty common and simple to setup thing. This is good news for privacy reasons obviously. The next step which a lot of users are reluctant to accomplish is the use of an encrypted swap. One of the most obvious reasons is that in most cases it breaks the suspend and hibernate functions.
Here is a little HOWTO on how to switch from normal swap to encrypted swap and back. That way, when you need a secure laptop (trip to a conference, or situtation with risk of theft) you can active it, and then deactivate it when you're at home for example.
Turn it off
The idea is to turn off swap, remove the ecryptfs layer, reformat your partition with normal swap and enable it. We use sda5 as an example for the swap partition, please use your own (fdisk -l will tell you which swap partition you are using - or in /etc/crypttab)
sudo swapoff -a sudo cryptsetup remove /dev/mapper/cryptswap1 sudo vim /etc/crypttab *remove the /dev/sda5 line* sudo /sbin/mkswap /dev/sda5 sudo swapon /dev/sda5 sudo vim /etc/fstab *replace /dev/mapper/cryptswap1 with /dev/sda5*
If this is is useful, you can probably stick it in a script to turn on and off... maybe we could get an ecryptfs-unsetup-swap into ecryptfs.
Comments
please dont't try this with ubuntu 11.10 - the creation of an unencrypted swap file works, but not resuming. I'm locked out...
When you do the ecryptfs-setup-swap, you should make sure you have enough free memory to briefly go without swap, because swap gets turned off during that process. Thanks for the post.
Great article! I tried it in Ubuntu 11.10 and it worked fine.
I've added it to my snippets collection: http://codenachos.com/view/ubuntu-enable-and-disable-swap-encryption
You do not need this how-to for Ubuntu 11.04 or later. They automatically encrypt the swap if you choose to have an encrypted home folder.
Thank you :-)