Welcome to the Linux Foundation Forum!

Lab 22.2 on CentOS

mo79uk
mo79uk Posts: 42

I completed this exercise, but I just want to point out one thing and request some explanations.

After I turn off my swap file (/dev/dm-1) and I then setup and turn on the encrypted one ( /dev/mapper/swapcrypt), the swap file appears on /dev/dm-2, not /dev/dm-1, and so it's the reference to /dev/dm-2 that goes in etc/fstab (the question seems to assume that if your swap was /dev/sda11 that it will re-appear on there and so you keep that reference).
Why is that, is it just a Red Hat thing?

I also don't understand what purpose the dev/urandom reference serves in a crypttab line. It was not shown in in examples within the module. From searching I think it assists with encryption/decryption.

I could not complete this exercise in the pre-built Ubuntu VM, even with --cipher aes as a luksFormat option.

Comments

  • Also, as part of the exercise clean up: It's easier to just remove the added lines in /etc/fstab and /etc/crypttab than label the original swap when formatting it again.

  • coop
    coop Posts: 916

    As far as the dm-1, dm-2 confusion I have no idea. We used a real partition. A reboot may go back to
    using dm-1

    From the man page for swapcrypt:

    The third field specifies the encryption password. If the field is not
           present or the password is set to "none" or "-", the password has to be
           manually entered during system boot. Otherwise, the field is interpreted
           as a absolute path to a file containing the encryption password. For swap
           encryption, /dev/urandom or the hardware device /dev/hw_random can be
           used as the password file; using /dev/random may prevent boot completion
           if the system does not have enough entropy to generate a truly random
           encryption key.
    

Categories

Upcoming Training