No swap configured when encrypt-home is checked in installation
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| elementary OS |
New
|
Undecided
|
Unassigned | ||
Bug Description
Description: When option "Encrypt Home" is checked in installation of eOS Freya (0.3.2) the system will end up with a non-functional ill-configured cryptswap partition.
Background: This is a Ubuntu 14.04 bug, with is targeted to be fixed in 14.04.4. (https:/
If you want to use encrypted home AND cryptswap in Freya you will need some manual fixing.
There exists a lot of workarounds for this like
1.) using unencrypted swap
2.) reference swap partition by name e.g. sd[XY] etc..
3.) some weird, non-auto mounting and created and upstart script
All of these workarounds are non-justifiable from either a security or a technical perspective.
I write this, to present the proper fix to this problem which will also be present in Ubuntu 14.04.4.
All credits go to the respective developers that fixed the issue.
I only gathered their fixes and wrote them together.
Solution:
Do the following steps to end-up with a fully functional eOS with encrypted home and cryptswap.
To fix the problem we need to modify some installation scripts of ubiquity and ecryptfs-utils.
Unfortunatley this solution is therefor only possible when doing a fresh install of eOS.
1.) Use eOS-ISO to boot into live-system.
2.) *Do not* run the installation yet!
3a.) Use an editor to modify the file "/usr/share/
- e.g. sudo scratch-text-editor /usr/share/
3b.) Find line reading "dd if=/dev/zero of=$device bs=16M 2>/dev/null || true" (line 93 in my case)and replace with these two lines
dd if=/dev/zero of=$device bs=16M seek=1 2>/dev/null || true
dd if=/dev/zero of=$device bs=4K seek=1 count=4096 2>/dev/null || true
3c.) Save & close.
4a.) Use an editor to modify the file "/usr/bin/
- e.g. sudo scratch-text-editor /usr/bin/
4b.) Find line reading "echo "cryptswap$i UUID=$uuid /dev/urandom swap,cipher=
and add option "offset=1024," after swap (no spaces!) so:
echo "cryptswap$i UUID=$uuid /dev/urandom swap,offset=
4c.) Save & close.
5.) Now run installation and check option encrypt home folder.
6.) Reboot und run "free --human" to check if you have a swap partition set up.
7.) Enjoy!
