sudodus
April 4th, 2013, 08:08 PM
I have a USB 3 boot pendrive, where I have installed Lubuntu 12.04 + Xubuntu desktop. I have no proprietory drivers in the system, so it is generally portable, runs with Intel, Nvidia and Radeon graphics. I'm quite happy because this way I can easily borrow a computer and run my own system with my own settings, bookmarks, passwords, and some personal data files too.
I wanted to have encrypted home, and it works well. But it implies encrypted swap, and the system started hijacking the swap partitions from the installed systems. This happended if there was a linux swap partition available, even when I made a small swap partition on the USB drive and let the system encrypt it. This 'wanted' cryptswap had a line in /etc/fstab pointing to it, but the system wanted more. It is described in a manual page, that cryptswap tries to encrypt the swap it finds for security. But I don't want it in this case.
I tried a lot of things, including to remove the software, that is used to create cryptswap /sbin/cryptsetup but then the existing cryptswap could not be used. Finally I made a regular swap partition, made an entry in /etc/fstab and kept that software removed (actually moved to another directory outside PATH). Then it couldn't hijack swap, and the encrypted home is still working well.
This is security hole. But I work around it with a script that wipes the swap if it is used (usually I don't need swapping). If swapping was needed, and I want to remove any traces, it will overwrite the swap partition and make a fresh one at the same place and with the same UUID. It takes about one minute for 2 GB, which is definitely OK for me.
I know discard is nicer for the hardware than dd, and it should work with a swapfile on an SSD. But I don't think discard works on a USB pendrive. I'm sure there are better solutions for this problem, maybe it is simple, maybe not.
Please help me!
I wanted to have encrypted home, and it works well. But it implies encrypted swap, and the system started hijacking the swap partitions from the installed systems. This happended if there was a linux swap partition available, even when I made a small swap partition on the USB drive and let the system encrypt it. This 'wanted' cryptswap had a line in /etc/fstab pointing to it, but the system wanted more. It is described in a manual page, that cryptswap tries to encrypt the swap it finds for security. But I don't want it in this case.
I tried a lot of things, including to remove the software, that is used to create cryptswap /sbin/cryptsetup but then the existing cryptswap could not be used. Finally I made a regular swap partition, made an entry in /etc/fstab and kept that software removed (actually moved to another directory outside PATH). Then it couldn't hijack swap, and the encrypted home is still working well.
This is security hole. But I work around it with a script that wipes the swap if it is used (usually I don't need swapping). If swapping was needed, and I want to remove any traces, it will overwrite the swap partition and make a fresh one at the same place and with the same UUID. It takes about one minute for 2 GB, which is definitely OK for me.
I know discard is nicer for the hardware than dd, and it should work with a swapfile on an SSD. But I don't think discard works on a USB pendrive. I'm sure there are better solutions for this problem, maybe it is simple, maybe not.
Please help me!