How to add swap encryption after installation:
start your system and login as root user, then (assuming the swap partition is /dev/sda5) follow the next instructions:
-turn off the swap: swapoff /dev/sda5
-change the partition type
from Linux swap to Linux native, using Control center -> Local disk -> manage disk partitions
-reformat the partition for encrypt use: cryptsetup luksFormat /dev/sda5
-map the partition to device mapper: cryptsetup luksOpen /dev/sda5 crypt5
(possibly provide the same pass phrase already used for the others already encrypted partitions)
-initialize your new encrypted partition using random data: dd if=/dev/zero of=/dev/mapper/crypt5 bs=4M
(differently from what posted in the August article, here we are using /dev/zero on the mapped
device, in turn it will result in random data on the disk physical partition, but the process will be much faster)
-format the partition as swap: mkswap /dev/mapper/crypt5
-look at basic info using the command blkid
, you will find something like:
root@localhost ~]# blkid
/dev/sda1: UUID="68b88c36-656f-4d27-a78f-c73c69b60a12" TYPE="ext4"
/dev/sda5: UUID="a484fcd9-b97f-4ba0-bfce-5253654e1988" TYPE="crypto_LUKS"
/dev/sda6: UUID="b5dbbb0c-8a13-49b1-b9e4-83e3d25f1fde" TYPE="ext4"
/dev/mapper/crypt5: UUID="e9c1d218-162a-4d49-a1e8-d8f546639596" TYPE="swap"
-now your partitions is ready to be used but you need few more steps:
-add the swap partition entry to /etc/crypttab
, so that it can be automatically mapped at next reboot (note the blue UUID):
-add the swap partition entry in /etc/fstab
to match your new setup:
UUID=e9c1d218-162a-4d49-a1e8-d8f546639596 swap swap defaults 1 2
-finally you may need to change your /boot/grub/menu.lst
to related to your entry resume=UUID=...
kernel (hd0,0)/boot/vmlinuz BOOT_IMAGE=linux root=UUID=68b88c36-656f-4d27-a78f-c73c69b60a12 quiet vmalloc=256M acpi=on resume=UUID=e9c1d218-162a-4d49-a1e8-d8f546639596 splash=silent vga=788
reboot and enjoy!