Software Development with Linux

Encrypted swap partition on Gentoo and Sabayon Linux

FRI, 01 APR 2011

Even if you do not want to go with full disk encryption, having your swap partition encrypted is a good security practice by itself.  Here's a short but great explanation of why you should encrypt your swap partition by Patrick R. McDonald.

Now, how to do it for Gentoo or Sabayon Linux?

  1. Find the swap partition from /etc/fstab

  2. # grep swap /etc/fstab
    /dev/sda2 swap swap defaults 0 0
  3. Add the following lines to /etc/conf.d/dmcrypt.  Don't forget to use the correct device for the 'source' parameter.

  4. swap=crypt-swap
  5. Modify /etc/fstab so the swap partition will point to the encrypted device instead of the real one.

  6. /dev/mapper/crypt-swap swap swap defaults 0 0
  7. Add dmcrypt to the boot runlevel.

  8. sudo rc-update add dmcrypt boot

And your done! Starting from the next boot, your swap partition will be encrypted.