From mboxrd@z Thu Jan  1 00:00:00 1970
From: Efraim Flashner <efraim@flashner.co.il>
Subject: Re: Encrypted root partition
Date: Wed, 18 Jan 2017 22:53:25 +0200
Message-ID: <20170118205325.GC14209@macbook42.flashner.co.il>
References: <87vavd3k1t.fsf@gnu.org> <87a8cp4bqk.fsf@gmail.com>
	<877f7swllv.fsf@gnu.org> <87pojkitaf.fsf@gmail.com>
	<87eg00k372.fsf@gmail.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="Q8BnQc91gJZX4vDc"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:40013)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <efraim@flashner.co.il>) id 1cTxEd-0003BK-UY
	for guix-devel@gnu.org; Wed, 18 Jan 2017 15:53:36 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <efraim@flashner.co.il>) id 1cTxEZ-0007KV-Is
	for guix-devel@gnu.org; Wed, 18 Jan 2017 15:53:36 -0500
Content-Disposition: inline
In-Reply-To: <87eg00k372.fsf@gmail.com>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Chris Marusich <cmmarusich@gmail.com>
Cc: guix-devel@gnu.org


--Q8BnQc91gJZX4vDc
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jan 18, 2017 at 03:38:57AM -0800, Chris Marusich wrote:
> Chris Marusich <cmmarusich@gmail.com> writes:
>=20
> As a bonus, I realized that one could use this feature to encrypt swap,
> also.  You can encrypt your swap area by using a swap file in the root
> file system.  Specifically, if you do something like this...
>=20
>  # Make the file readable/writable only by root.
>  sudo dd if=3D/dev/zero of=3D/swapfile bs=3D1MiB count=3D10240
>  sudo chmod 600 /swapfile
>  sudo mkswap --label swap /swapfile
>=20
> and then you add a single line to your operating system configuration
> file like this...
>=20
>  (swap-devices '("/swapfile"))
>=20
> then your swap file will be automatically mounted during boot.  You
> don't even have to enter your LUKS passphrase an additional time.  I was
> pleasantly surprised to find out that encrypted swap was this easy!
>=20

This seems like something that would be nice to add to the manual :)


--=20
Efraim Flashner   <efraim@flashner.co.il>   =D7=90=D7=A4=D7=A8=D7=99=D7=9D =
=D7=A4=D7=9C=D7=A9=D7=A0=D7=A8
GPG key =3D A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

--Q8BnQc91gJZX4vDc
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEkVdB/rIvpOM7bo+N9MHTkX6s7pMFAlh/1bcACgkQ9MHTkX6s
7pO1tQ/+JdqX0dwk5zGcTFHCSWoql6FwaffK9M/DfoMbmHD9WlqFXuJ/B+IoPssV
7hyz3ah8xxhWOkLxF+lMy4ru13IRRVkZgRBhCO7hXIO2xPSNLoEF/nAp+zL6KysQ
DHUDQRpV8VYEYzjELlrivzuC0BbSZn+YdxO22P+zKuuW9rEDZKKBHi3ema+H8Eoi
dbPY3dx6rqc4M6NuYISDTcl01Sh7q2jwGB1b5ELEymaxYaNfnOUPSz+3DCL70M8I
J9VAl1K2RMkMwATbNQqkmj+E7f9LEMZz2IoASEQcP0E0LeI/EqdyXF8yWLlCrtUt
gZhE3jSvt3flGIvxeYtVn4kjXvcO3WyLM5DpgC+UQuMUa0qg/UayTpuOiA7XkOG4
pdqWm3sJM5fDZJsz6m4vqJx6WintxLFcadjhFf4jj5bjTc50X4iblB+SwTlbKvUo
Lxsf1+54Zo/6WkhNzVyTe20PjrczddYejIH++QqfqU1xMWeXS+uQ2HgraOPpQ34y
BIS/4keoSStP4BchZcWizOUgliCRJFk8T8188Ma5JpT2o9oML3MEovgMtJ5dcQJS
/3yzNvnRYpv9alGYsNjXJoynVwCCjXKBe3yohX4K46KZnF0id1ilzB6jY1/ZXWNf
GwDs3r0BeSeMvBBdgDoiDIBtmSZ6cx4OC6RhJGGYU2NDKdR4Dx4=
=ymiT
-----END PGP SIGNATURE-----

--Q8BnQc91gJZX4vDc--