I recently installed Antergos (which is basically Arch) and set it to use full disk encryption. Now, I want to migrate from
sd-encrypt because I want to be able to hibernate and I couldn’t put swap partition in the same LUKS volume..
During the setup:
- I used LUKS for
/partition and swap partition,
- because my main SSD is small, I wanted to be able to hibernate and I have 32GB of RAM I created the encrypted swap partition on the second drive,
- I mounted swap partition (as well as another encrypted EXT4 partition from the second drive) using
I tested that installation works, grub let me boot into both linux and dual booted Windows, on Linux boot it decrypts and mounts both encrypted drives.
However, I was getting error about not finding disk with the UUID of a swap drive, and Arch manual confirmed that
encrypt which I got from installer can handle only one encrypted partition during boot. If I want to handle more of them I should move to
sd-encrypt. However, even after reading the documentation I am not certain what I have to do in order to migrate to
HOOKS="base udev autodetect modconf block keyboard keymap encrypt resume filesystems fsck"
GRUB_CMDLINE_LINUX_DEFAULT="quiet resume=UUID=[encrypted swap UUID]"
swap_crypt /dev/disk/by-uuid/[/ UUID] password_file luks data_crypt /dev/disk/by-uuid/[/ UUID] password_file luks
What else should I do after I change
HOOKS? Do I have to create a
/etc/crypttab.initramfs and move
swap_crypt there? Do I have to change
rd.luks? Both swap partition and / partition uses the same password, so according to the documentation both should be mounted on boot after I entered the password once, is that right? Documentation mentions
rd.luks.* params and similar – do I have to use them and if so, where should I put them?