Originally from: wmutschl/mutschler.eu#13 (comment)
- Create a LUKS partition for swap with the same password as cryptdata:
cryptsetup luksFormat /dev/nvme0n1p4
Ensure swap partition shows as linux-swap in gparted. If not, open gparted and decrypt the swap drive and then reformat as swap again.
If it has a new LUKS UUID, make sure to update in the /etc/crypttab
, then close encryption on gparted in order to remount to the proper location that cryptswap is expecting.
cryptsetup luksOpen /dev/nvme0n1p4 /dev/mapper/cryptswap
swapon -a
- Change
/etc/crypttab
to look like this:
cryptdata UUID=something-something none luks,discard,keyscript=decrypt_keyctl
cryptswap UUID=bla-bla-bla none luks,discard,swap,tries=1,keyscript=decrypt_keyctl
- Add
"resume=/dev/mapper/cryptswap"
as a kernel flag:
sudo kernelstub -a "resume=/dev/mapper/cryptswap"
(or manually add it to the "user" section of /etc/kernelstub/configuration
)
-
Add line
RESUME=/dev/mapper/cryptswap
to/etc/initramfs-tools/conf.d/resume
, or replaceRESUME
line if it exists. -
Update initramfs:
update-initramfs -c -k all