Rudd-O
commented
8 years ago I believe the swap is set up as a ZFS volume, which gets created atop the ZFS pool, which is created itself atop a LUKS device.
Swap should, therefore, be encrypted.
Closed blade2005 closed 7 years ago
Rudd-O
commented
8 years ago I believe the swap is set up as a ZFS volume, which gets created atop the ZFS pool, which is created itself atop a LUKS device.
Swap should, therefore, be encrypted.
Rudd-O
commented
7 years ago I'll close this issue.
Based on the code I believe the swap is unecnrypted which means if you hibernate, you could pull swap and read it's contents anything in memory.
I'm doing this for an Ubuntu install but will need to do this for Fedora as well.
https://help.ubuntu.com/community/encryptedZfs The Section entitled 'Add Derived LUKS Keys' has instructions for setting up a encrypted swap with derived root key.
I may see about looking more into this over the weekend and forking the code and making the necessary changes.