cross-posted from: https://programming.dev/post/19007507

For context:
I’ve encrypted the swap partition with:

cryptsetup -v luksFormat /dev/${DEVICE}
cryptsetup luksOpen /dev/${DEVICE} swap

And what I want is for the user to be able to enter their password only once to decrypt their root partition which would contain a keyfile to then decrypt their swap partition.

Does anyone know if this is possible?
Just thought I’d ask to see if anyone’s done this already

Links:

  • recursive_recursion [they/them]@programming.devOPEnglish
    0·
    14 days ago

    I’ve seen people do a similar thing with a separate encrypted home partition which is decrypted by a key stored in your encrypted root.

    Do you happen to have a link to this?

    However, I’d strongly recommend you use an LVM on LUKS setup (this is what I do). That way you decrypt one partition and you don’t have to mess around with keyfiles. #LVM_on_LUKS

    Looking at the wiki it seems doable (in relation to revising my script) and as far as I can tell the tradeoffs seems better than #LUKS on a partition

    much appreciated for the recommendation!