From mboxrd@z Thu Jan 1 00:00:00 1970 From: dian_cecht@zoho.com Subject: Re: Encrypted root partition Date: Thu, 19 Jan 2017 14:31:39 -0800 Message-ID: <20170119223130.GA21887@khaalida> References: <87vavd3k1t.fsf@gnu.org> <87a8cp4bqk.fsf@gmail.com> <877f7swllv.fsf@gnu.org> <87pojkitaf.fsf@gmail.com> <87eg00k372.fsf@gmail.com> <87d1fjd749.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:56149) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cULFH-0006sC-KP for guix-devel@gnu.org; Thu, 19 Jan 2017 17:31:52 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cULFE-0007Ni-If for guix-devel@gnu.org; Thu, 19 Jan 2017 17:31:51 -0500 Received: from sender153-mail.zoho.com ([74.201.84.153]:25346) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cULFE-0007Lv-9v for guix-devel@gnu.org; Thu, 19 Jan 2017 17:31:48 -0500 Content-Disposition: inline In-Reply-To: <87d1fjd749.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org On Wed, Jan 18, 2017 at 11:08:22PM -0500, Mike Gerwitz wrote: > Using an ephemeral key for swap (that is: a temporary key that is > randomly generated and never stored) is preferred: when you unmount it, > the data won't be recoverable. > I just wanted to say that this can break suspend-to-disk, and so if someone is going to make a note of something in the manual, said breakage should also be mentioned, but if suspend-to-disk isn't needed, this is the ideal option. I also want to mention that I seem to recall there is a way to get the kernel to store suspend-to-disk info somewhere other than root, but I don't recall the method, but I do recall it being a bit annoying to setup.