cross-posted from: https://programming.dev/post/19007507
For context:
I’ve encrypted the swap partition with:
cryptsetup -v luksFormat /dev/${DEVICE} cryptsetup luksOpen /dev/${DEVICE} swap
And what I want is for the user to be able to enter their password only once to decrypt their root partition which would contain a keyfile to then decrypt their swap partition.
Does anyone know if this is possible?
Just thought I’d ask to see if anyone’s done this alreadyLinks:
There is a difference here.
Unlocking home later in the boot process is not a problem, so the you can indeed have a keyfile on your root and get your home unlocked and mounted after root is done.
Swap however needs to be available early, at least if you want to use it for hibernation.