Welcome to the Linux Foundation Forum!

Lab 22.2 on CentOS

Posts: 42

I completed this exercise, but I just want to point out one thing and request some explanations.

After I turn off my swap file (/dev/dm-1) and I then setup and turn on the encrypted one ( /dev/mapper/swapcrypt), the swap file appears on /dev/dm-2, not /dev/dm-1, and so it's the reference to /dev/dm-2 that goes in etc/fstab (the question seems to assume that if your swap was /dev/sda11 that it will re-appear on there and so you keep that reference).
Why is that, is it just a Red Hat thing?

I also don't understand what purpose the dev/urandom reference serves in a crypttab line. It was not shown in in examples within the module. From searching I think it assists with encryption/decryption.

I could not complete this exercise in the pre-built Ubuntu VM, even with --cipher aes as a luksFormat option.

Comments

  • Also, as part of the exercise clean up: It's easier to just remove the added lines in /etc/fstab and /etc/crypttab than label the original swap when formatting it again.

  • Posts: 916

    As far as the dm-1, dm-2 confusion I have no idea. We used a real partition. A reboot may go back to
    using dm-1

    From the man page for swapcrypt:

    1. The third field specifies the encryption password. If the field is not
    2. present or the password is set to "none" or "-", the password has to be
    3. manually entered during system boot. Otherwise, the field is interpreted
    4. as a absolute path to a file containing the encryption password. For swap
    5. encryption, /dev/urandom or the hardware device /dev/hw_random can be
    6. used as the password file; using /dev/random may prevent boot completion
    7. if the system does not have enough entropy to generate a truly random
    8. encryption key.

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Categories

Upcoming Training