Corrections for encryption wiki

Hi Joe,
nice to see encryption getting promoted.

The instructions setting up hibernation on the swapfile will not work though.
Beginning where the wiki says …

sudo blkid -s UUID -o value /dev/mapper/vg0-lvroot

returns the UUID of the root volume.

This will not work because the standard encrypted install you describe will not produce any logical volumes; so there won’t be any volume group vg0 and no lvroot.

Instead of /dev/mapper/vg0-lvroot you should address the ext4 filesystem.

1 Like

I actually have all my machines encrypted, not just mobile devices so I would suggest renaming the Wiki to just “Encrypted installation”.

thanks for the hint, i just change it !

I did a quick check in VirtualBox. Actually /etc/default/grub has everything set up correctly out of the box. The only thing that needs to be added is the swapfile offset.

I propose changing the wiki swapfile part to the following …


Make a swapfile

If you want to use hibernation, then you must add swap because the content of the RAM will be written to the swap partition/file. This also means that the swap size should be at least the size of RAM .

The following commands will produce a swapfile the size of 8GB . copy and paste them one after the other inside terminal and give your root password .

If you want more or less swap change 8G to what you want to use as swap.

sudo fallocate -l 8G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile

To check …

swapon --show

Edit /etc/fstab to enable the swapfile after reboot

sudo leafpad /etc/fstab

Add the following line …

/swapfile none swap defaults,pri=-2 0 0

Save and exit.

Activate hibernation

sudo filefrag -v /swapfile | awk '{if($1=="0:"){print $4}}'

returns the swapfile offset. For example 997376.. , which means 997376.

sudo leafpad /etc/default/grub

Change to the following; remember to use your offset .

It will first look like this: (*** are the long snake of UUID numbers)

GRUB_CMDLINE_LINUX_DEFAULT=“quiet cryptdevice=UUID=:luks- root=/dev/mapper/luks-*** resume=/dev/mapper/luks-*** loglevel=3”

Add resume_offset=***** to the end of this line (after loglevel=3).

Insert offset number we got from the command before here.

Save and exit

Add resume to /etc/mkinitcpio.conf, do this now …

sudo leafpad /etc/mkinitcpio.conf

Change the HOOKS=… line by adding resume .

HOOKS=“base udev autodetect modconf block keyboard keymap encrypt lvm2 resume filesystems fsck”

Save and exit

rebuild kernel images and grub.cfg:

EFI and Bios systems:

sudo mkinitcpio -p linux

sudo grub-mkconfig -o /boot/grub/grub.cfg

3 Likes

From the wiki:

[ choose only Letters and Numbers will be good as the prompt on bootup is only in US-English! ] –> needs improvement
If someone knows how to use system keyboard layout at this point we will be happy to put it in here!

Seems it can be done (but I have never tried this myself, so …):

1 Like

i will add your changes to the wiki now, thanks again for the help!
We are working on a solution to let users directly comment on wiki entries for an easy contribution to it.

This can’t work because the kernel and initramfs is on the encrypted partition and not accessible until the drive is unlocked

(https://superuser.com/questions/974833/change-the-keyboard-layout-of-grub-in-stage-1)
this sounds legit…

and creating a core image to get this working is so… arch-alike :laughing:
thinking of doing this automaticly for the install process… is a nightmare

1 Like

I agree!
If someone really needs this a Wiki should suffice.

1 Like

https://wiki.archlinux.org/index.php/Talk:GRUB#Custom_keyboard_layout

the other option would be to have a seperate boot partition, what is also secure enaugh in my opinion, there is no personal data stored…