€•,CŒsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”(hhŒparent”hubaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ(/translations/zh_CN/power/swsusp-dmcrypt”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”(hhhh2ubah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ(/translations/zh_TW/power/swsusp-dmcrypt”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”(hhhhFubah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ(/translations/it_IT/power/swsusp-dmcrypt”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”(hhhhZubah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ(/translations/ja_JP/power/swsusp-dmcrypt”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”(hhhhnubah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ(/translations/ko_KR/power/swsusp-dmcrypt”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”(hhhh‚ubah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ(/translations/sp_SP/power/swsusp-dmcrypt”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ'How to use dm-crypt and swsusp together”h]”hŒ'How to use dm-crypt and swsusp together”…””}”(hhªhh¨hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hh£hžhhŸŒB/var/lib/git/docbuild/linux/Documentation/power/swsusp-dmcrypt.rst”h KubhŒ paragraph”“”)”}”(hŒ(Author: Andreas Steinmetz ”h]”(hŒAuthor: Andreas Steinmetz <”…””}”(hŒAuthor: Andreas Steinmetz <”hh¹hžhhŸNh NubhŒ reference”“”)”}”(hŒ ast@domdv.de”h]”hŒ ast@domdv.de”…””}”(hhhhÄhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”Œmailto:ast@domdv.de”uh1hÂhh¹ubhŒ>”…””}”(hŒ>”hh¹hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khh£hžhubh¸)”}”(hX<Some prerequisites: You know how dm-crypt works. If not, visit the following web page: http://www.saout.de/misc/dm-crypt/ You have read Documentation/power/swsusp.rst and understand it. You did read Documentation/admin-guide/initrd.rst and know how an initrd works. You know how to create or how to modify an initrd.”h]”(hŒWSome prerequisites: You know how dm-crypt works. If not, visit the following web page: ”…””}”(hŒWSome prerequisites: You know how dm-crypt works. If not, visit the following web page: ”hhßhžhhŸNh NubhÃ)”}”(hŒ"http://www.saout.de/misc/dm-crypt/”h]”hŒ"http://www.saout.de/misc/dm-crypt/”…””}”(hhhhèhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”hêuh1hÂhhßubhŒÃ You have read Documentation/power/swsusp.rst and understand it. You did read Documentation/admin-guide/initrd.rst and know how an initrd works. You know how to create or how to modify an initrd.”…””}”(hŒÃ You have read Documentation/power/swsusp.rst and understand it. You did read Documentation/admin-guide/initrd.rst and know how an initrd works. You know how to create or how to modify an initrd.”hhßhžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K hh£hžhubh¸)”}”(hXNow your system is properly set up, your disk is encrypted except for the swap device(s) and the boot partition which may contain a mini system for crypto setup and/or rescue purposes. You may even have an initrd that does your current crypto setup already.”h]”hXNow your system is properly set up, your disk is encrypted except for the swap device(s) and the boot partition which may contain a mini system for crypto setup and/or rescue purposes. You may even have an initrd that does your current crypto setup already.”…””}”(hjhjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khh£hžhubh¸)”}”(hX‰At this point you want to encrypt your swap, too. Still you want to be able to suspend using swsusp. This, however, means that you have to be able to either enter a passphrase or that you read the key(s) from an external device like a pcmcia flash disk or an usb stick prior to resume. So you need an initrd, that sets up dm-crypt and then asks swsusp to resume from the encrypted swap device.”h]”hX‰At this point you want to encrypt your swap, too. Still you want to be able to suspend using swsusp. This, however, means that you have to be able to either enter a passphrase or that you read the key(s) from an external device like a pcmcia flash disk or an usb stick prior to resume. So you need an initrd, that sets up dm-crypt and then asks swsusp to resume from the encrypted swap device.”…””}”(hjhjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khh£hžhubh¸)”}”(hXUThe most important thing is that you set up dm-crypt in such a way that the swap device you suspend to/resume from has always the same major/minor within the initrd as well as within your running system. The easiest way to achieve this is to always set up this swap device first with dmsetup, so that it will always look like the following::”h]”hXTThe most important thing is that you set up dm-crypt in such a way that the swap device you suspend to/resume from has always the same major/minor within the initrd as well as within your running system. The easiest way to achieve this is to always set up this swap device first with dmsetup, so that it will always look like the following:”…””}”(hXTThe most important thing is that you set up dm-crypt in such a way that the swap device you suspend to/resume from has always the same major/minor within the initrd as well as within your running system. The easiest way to achieve this is to always set up this swap device first with dmsetup, so that it will always look like the following:”hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khh£hžhubhŒ literal_block”“”)”}”(hŒ=brw------- 1 root root 254, 0 Jul 28 13:37 /dev/mapper/swap0”h]”hŒ=brw------- 1 root root 254, 0 Jul 28 13:37 /dev/mapper/swap0”…””}”(hhhj/ubah}”(h]”h ]”h"]”h$]”h&]”Œ xml:space”Œpreserve”uh1j-hŸh¶h K$hh£hžhubh¸)”}”(hŒrNow set up your kernel to use /dev/mapper/swap0 as the default resume partition, so your kernel .config contains::”h]”hŒqNow set up your kernel to use /dev/mapper/swap0 as the default resume partition, so your kernel .config contains:”…””}”(hŒqNow set up your kernel to use /dev/mapper/swap0 as the default resume partition, so your kernel .config contains:”hj?hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K&hh£hžhubj.)”}”(hŒ+CONFIG_PM_STD_PARTITION="/dev/mapper/swap0"”h]”hŒ+CONFIG_PM_STD_PARTITION="/dev/mapper/swap0"”…””}”(hhhjNubah}”(h]”h ]”h"]”h$]”h&]”j=j>uh1j-hŸh¶h K)hh£hžhubh¸)”}”(hŒ‚Prepare your boot loader to use the initrd you will create or modify. For lilo the simplest setup looks like the following lines::”h]”hŒPrepare your boot loader to use the initrd you will create or modify. For lilo the simplest setup looks like the following lines:”…””}”(hŒPrepare your boot loader to use the initrd you will create or modify. For lilo the simplest setup looks like the following lines:”hj\hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K+hh£hžhubj.)”}”(hŒ_image=/boot/vmlinuz initrd=/boot/initrd.gz label=linux append="root=/dev/ram0 init=/linuxrc rw"”h]”hŒ_image=/boot/vmlinuz initrd=/boot/initrd.gz label=linux append="root=/dev/ram0 init=/linuxrc rw"”…””}”(hhhjkubah}”(h]”h ]”h"]”h$]”h&]”j=j>uh1j-hŸh¶h K/hh£hžhubh¸)”}”(hX…Finally you need to create or modify your initrd. Lets assume you create an initrd that reads the required dm-crypt setup from a pcmcia flash disk card. The card is formatted with an ext2 fs which resides on /dev/hde1 when the card is inserted. The card contains at least the encrypted swap setup in a file named "swapkey". /etc/fstab of your initrd contains something like the following::”h]”hXˆFinally you need to create or modify your initrd. Lets assume you create an initrd that reads the required dm-crypt setup from a pcmcia flash disk card. The card is formatted with an ext2 fs which resides on /dev/hde1 when the card is inserted. The card contains at least the encrypted swap setup in a file named “swapkeyâ€. /etc/fstab of your initrd contains something like the following:”…””}”(hX„Finally you need to create or modify your initrd. Lets assume you create an initrd that reads the required dm-crypt setup from a pcmcia flash disk card. The card is formatted with an ext2 fs which resides on /dev/hde1 when the card is inserted. The card contains at least the encrypted swap setup in a file named "swapkey". /etc/fstab of your initrd contains something like the following:”hjyhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K4hh£hžhubj.)”}”(hŒ¿/dev/hda1 /mnt ext3 ro 0 0 none /proc proc defaults,noatime,nodiratime 0 0 none /sys sysfs defaults,noatime,nodiratime 0 0”h]”hŒ¿/dev/hda1 /mnt ext3 ro 0 0 none /proc proc defaults,noatime,nodiratime 0 0 none /sys sysfs defaults,noatime,nodiratime 0 0”…””}”(hhhjˆubah}”(h]”h ]”h"]”h$]”h&]”j=j>uh1j-hŸh¶h K /dev/null 2>&1 && mapped=1 fi umount /mnt break fi usleep 500000 done killproc /sbin/cardmgr dmesg -n 6 if [ $mapped = 1 ] then if [ $noresume != 0 ] then mkswap /dev/mapper/swap0 > /dev/null 2>&1 fi echo 254:0 > /sys/power/resume dmsetup remove swap0 fi umount /sys mount /mnt umount /proc cd /mnt pivot_root . mnt mount /proc umount -l /mnt umount /proc exec chroot . /sbin/init $* < dev/console > dev/console 2>&1”h]”hXF#!/bin/sh PATH=/sbin:/bin:/usr/sbin:/usr/bin mount /proc mount /sys mapped=0 noresume=`grep -c noresume /proc/cmdline` if [ "$*" != "" ] then noresume=1 fi dmesg -n 1 /sbin/cardmgr -q for i in 1 2 3 4 5 6 7 8 9 0 do if [ -f /proc/ide/hde/media ] then usleep 500000 mount -t ext2 -o ro /dev/hde1 /mnt if [ -f /mnt/swapkey ] then dmsetup create swap0 /mnt/swapkey > /dev/null 2>&1 && mapped=1 fi umount /mnt break fi usleep 500000 done killproc /sbin/cardmgr dmesg -n 6 if [ $mapped = 1 ] then if [ $noresume != 0 ] then mkswap /dev/mapper/swap0 > /dev/null 2>&1 fi echo 254:0 > /sys/power/resume dmsetup remove swap0 fi umount /sys mount /mnt umount /proc cd /mnt pivot_root . mnt mount /proc umount -l /mnt umount /proc exec chroot . /sbin/init $* < dev/console > dev/console 2>&1”…””}”(hhhj¥ubah}”(h]”h ]”h"]”h$]”h&]”j=j>uh1j-hŸh¶h KGhh£hžhubh¸)”}”(hX2Please don't mind the weird loop above, busybox's msh doesn't know the let statement. Now, what is happening in the script? First we have to decide if we want to try to resume, or not. We will not resume if booting with "noresume" or any parameters for init like "single" or "emergency" as boot parameters.”h]”hXDPlease don’t mind the weird loop above, busybox’s msh doesn’t know the let statement. Now, what is happening in the script? First we have to decide if we want to try to resume, or not. We will not resume if booting with “noresume†or any parameters for init like “single†or “emergency†as boot parameters.”…””}”(hjµhj³hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kwhh£hžhubh¸)”}”(hX»Then we need to set up dmcrypt with the setup data from the pcmcia flash disk. If this succeeds we need to reset the swap device if we don't want to resume. The line "echo 254:0 > /sys/power/resume" then attempts to resume from the first device mapper device. Note that it is important to set the device in /sys/power/resume, regardless if resuming or not, otherwise later suspend will fail. If resume starts, script execution terminates here.”h]”hXÁThen we need to set up dmcrypt with the setup data from the pcmcia flash disk. If this succeeds we need to reset the swap device if we don’t want to resume. The line “echo 254:0 > /sys/power/resume†then attempts to resume from the first device mapper device. Note that it is important to set the device in /sys/power/resume, regardless if resuming or not, otherwise later suspend will fail. If resume starts, script execution terminates here.”…””}”(hjÃhjÁhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K}hh£hžhubh¸)”}”(hŒªOtherwise we just remove the encrypted swap device and leave it to the mini system on /dev/hda1 to set the whole crypto up (it is up to you to modify this to your taste).”h]”hŒªOtherwise we just remove the encrypted swap device and leave it to the mini system on /dev/hda1 to set the whole crypto up (it is up to you to modify this to your taste).”…””}”(hjÑhjÏhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K…hh£hžhubh¸)”}”(hŒÈWhat then follows is the well known process to change the root file system and continue booting from there. I prefer to unmount the initrd prior to continue booting but it is up to you to modify this.”h]”hŒÈWhat then follows is the well known process to change the root file system and continue booting from there. I prefer to unmount the initrd prior to continue booting but it is up to you to modify this.”…””}”(hjßhjÝhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K‰hh£hžhubeh}”(h]”Œ'how-to-use-dm-crypt-and-swsusp-together”ah ]”h"]”Œ'how to use dm-crypt and swsusp together”ah$]”h&]”uh1h¡hhhžhhŸh¶h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h¶uh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¦NŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jŒerror_encoding”ŒUTF-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h¶Œ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œ embed_images”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”jðjísŒ nametypes”}”jðNsh}”jíh£sŒ footnote_refs”}”Œ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œ transformer”NŒ include_log”]”Œ decoration”Nhžhub.