Hey magical linux-oracle,

I recently made a full disk encryption on my computer via the debian installer.

I partitioned it like this:

SSD:

– unencrypted part –

Boot - 1GB space, mounting point: /boot

EFI - 512MB space, mounting point: ESP, bootable flag: on

– encrypted part –

Encrypted container with a volume group (vg-1) containing 3 logical volumes:

Root - 50GB space, mounting point: /

Swap - 30GB space, mounting point: swap

Home - Rest of space, mounting point: /home

& Second harddrive fully encrypted with one logical volume and mounting point /mnt/data

The install of linux worked pretty well.

Unfortunately, the hibernation part doesn’t work out of the box. When I press hibernate (or standby), it only goes to the lock screen. How can I solve that issue? (Is it even a good idea to use hibernation on encrypted devices?)

Second thing: As you can see from my setup, I use 2 disks. When I start up my system, I only need to enter my decryption password once (not twice for the 2nd HD) and I see, that my second hard disk seems to be mounted already. It seems that people usually struggle with typing in their passwords twice and want a solution for that. Is it possible, that debian automatically fixed this for me (It’s the same pw for both)?

Thanks!

~sp3ctre

  • dbkblk@lemmy.world
    0·
    1 month ago

    You have to use two swaps if you already use one swap, because one will be used when the system is on, but the second will be used to set the RAM content + the 1st content into SWAP (if any), otherwise, it would fail.

    Then, find the hibernation swap uuid:

    sudo swapon --show
lsblk -o name,uuid

    Then

    # /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="resume=UUID=xxxx"

#/etc/initramfs-tools/conf.d/resume
resume=UUID=xxxx

# bash
sudo update-grub
sudo update-initramfs -k all -u

# to hibernate on lid switch
# /etc/systemd/logind.conf
HandleLidSwitch=hibernate

    Then reboot :)

    Note: this method works wonderfully, I use it personally. Just be aware that the hibernation swap content is not encrypted, so you’re vulnerable if your laptop is stolen while hibernated.

    • sp3ctre@feddit.orgOP
      1·
      1 month ago

      Hmm, doesn’t this undermine the whole purpose of encryption? If I understand that right, there will always be unencrypted stuff of me? Also when I completely shutdown?