This thread has been moved to the Community Wiki. I shall no longer update this thread (although you are welcome to post queries here); I shall update the Wiki instead.
A thread for discussion of the wiki page only can be found here http://ubuntuforums.org/showthread.p...9#post12062069
- Many people have asked how to get hibernation to work with encrypted folders. The problem is that the swap partition is also encrypted, but with a random key, so on restarting there is no way to resume.
- Now sharney, who uses Linux Mint, has found a way to solve this problem (on Mint, of course). The idea is to replace the random key with a password of your choice (you could use the same password as your login, but see Disclaimers & Warnings below, point 6).
- I thought I'd see whether or not I could get this working on Ubuntu, which is a little different from both Mint (despite Mint's origins in Ubuntu) and sharney, who uses full-disk encryption. I succeeded! Hence, this how-to.
- Of course, as new information comes to light or as errors are discovered, I shall update this first post.
DISCLAIMERS & WARNINGS
- I presume that you know how to use the Terminal. (This how-to quite advanced — well, for me it is — so if you don't know how to use the Terminal, this how-to is not for you.)
- I tested this both on a virtual machine using Virtual Box and on a native installation. The Virtual Box had a strange problem — when resuming, the screen remained black, although the applications were still open. But the native installation worked correctly.
- I tested this on Ubuntu Precise 12.04 (fully updated), so I don't know whether or not it will work on other versions.
- Canonical does not support this function (yet), so use it at your own risk. I disclaim responsibility, because I'm not terribly technical and I discovered the method through reading and trial-and-error, not by any cleverness.
- Please follow the instructions carefully, otherwise you may find your system unable to boot (but you can recover with the Recovery Option or a Live CD).
- If more than one person uses your machine, every user will need to know the encryption password for the swap.
- Your existing encrypted swap partition uses a random key, generated each time you boot.
- You will be replacing that random key method with a fixed key using a password of your choice.
- It is possible to replace the password with a file, meaning that you wouldn't have to remember an extra password — but that file would be visible to anyone with physical access to your computer (e.g. via a Live USB).
- If you forget your password, you will still be able to boot (after trying three times), but you won't have a swap partition. However, you can repeat this How-To to set it up again, so it's not a big deal.
- Wherever there is coding in this How-To, I shall use blue for anything you need to type, with italics where you need to adjust something.
- Your computer must already be set up for encryption. If not, please set up encryption and come back here.
- Think of a password (or passphrase) for your swap partition. You can use the same as your log-in — but don't do that if other people have accounts on your computer! (See Disclaimers & Warnings point 6.)
- Find out which is your encrypted swap partition.If you don't see output like mine (the numbers may differ), you don't have encryption.Code:swapon --summary Filename Type Size Used Priority /dev/mapper/cryptswap1 partition 1998844 0 -1Make a note of the device. Mine says /dev/sda1 — but yours could say something else, e.g. /dev/sdb3.Code:sudo cryptsetup status cryptswap1 /dev/mapper/cryptswap1 is active and is in use. type: PLAIN cipher: aes-cbc-essiv:sha256 keysize: 256 bits device: /dev/sda1 offset: 0 sectors size: 3997696 sectors mode: read/write
- Back up.
HOW TO SET UP HIBERNATION
- Turn off swap.Code:sudo swapoff /dev/mapper/cryptswap1
- Undo the existing mapping.Code:sudo cryptsetup luksClose /dev/mapper/cryptswap1
- Set up swap again, but this time with your chosen passphrase. The command will prompt you, twice, for your passphrase.
Replace /dev/sdXN with the device from Preparation point 3.Code:sudo cryptsetup luksFormat --cipher aes-cbc-essiv:sha256 --verify-passphrase --key-size 256 /dev/sdXN WARNING! ======== This will overwrite data on /dev/sda1 irrevocably. Are you sure? (Type uppercase yes): YES Enter LUKS passphrase: [type your passphrase] Verify passphrase: [type your passphrase]
- Re-map the swap.
Replace /dev/sdXN with the device from Preparation point 3.Code:sudo cryptsetup luksOpen /dev/sdXN cryptswap1 Enter passphrase for /dev/sda1: [type your passphrase]
- Set up the partition as swap.Code:sudo mkswap /dev/mapper/cryptswap1
- Turn on the swap (so you have swap again).Code:sudo swapon --all
- Check that it is working. You should see output similar to mine (the numbers may differ).Code:swapon --summary Filename Type Size Used Priority /dev/mapper/cryptswap1 partition 1996796 0 -1
- Edit (using gksudo gedit or your favourite editor) the file /etc/crypttab. Comment out the existing line by adding # to the front (or just delete the line), and add the following line.
Replace /dev/sdXN with the device from Preparation point 3.Code:cryptswap1 /dev/sdXN none luks
- Edit the file /usr/share/initramfs-tools/scripts/local-top/cryptroot. Search for the following line (should be line 288, but this could change over time):Skip to the next blank line (should be 291, before FSTYPE=''), and insert the following line.Code:message "cryptsetup: unknown error setting up device mapping"
Replace /dev/sdXN with the device from Preparation point 3.Code:/sbin/cryptsetup luksOpen /dev/sdXN cryptswap1
- Edit the file /etc/acpi/hibernate.sh. At the first blank line, insert the following line.Code:DEVICE='/dev/mapper/cryptswap1'
- Edit the file /etc/initramfs-tools/conf.d/resume. Replace the existing RESUME line with the following line.Code:RESUME=/dev/mapper/cryptswap1
- Register these changes.Code:sudo update-initramfs -u -k all
- Ubuntu disables the Hibernate option in the menu. Restore it as follows. Create (using gksudo gedit or your favourite editor) the file:
Fill the file with the following text and save.Code:[Re-enable hibernate by default] Identity=unix-user:* Action=org.freedesktop.upower.hibernate ResultActive=yes
USING YOUR NEW SWAP FOR THE FIRST TIME
- Reboot your machine.
- You will receive a prompt for swap's encryption passphrase. Remember that your mouse does not work at this point. Type your passphrase and press Enter.
The prompt for your passphrase.
Prompt for cryptswap1 passphrase on booting.png
If you mistype a passphrase three times, the system will boot anyway but without your swap enabled. Repeat the How-To if you have forgotten your passphrase.
Incorrect cryptswap1 passphrase.png
After correctly typing your passphrase.
Correct cryptswap1 passphrase.png
HOW TO HIBERNATE
- Use Hibernate from the shut-down menu
- Press Alt-F2 and type(If you do this from a terminal, you can use sudo instead of gksudo)Code:gksudo pm-hibernate
Once your machine has shut down, restart. Did your programs resume normally? If so, hibernate and resume work!