Moving from an encrypted swap partiton to an encrypted swap file
I had three partitions on my computer: root, swap, and home.
But root filled up today and the system became only quasi-operable. Thankfully, swap files are pretty standard now, which obviates the need for a swap partition.
So, I want to eliminate the swap partition and merge it into root.
Here's the current setup.
Number Start End Size Type File system Flags
1 1049kB 20.0GB 20.0GB primary ext4 boot
2 20.0GB 24.0GB 4000MB primary linux-swap(v1)
3 24.0GB 1000GB 976GB primary ext4
First, close a bunch of unnecessary programs and then run
sudo swapoff -a
to empty the swap partition into RAM.
Now, use sudo gparted
, and eliminate the swap partition. Using the same, extend the root partition to fill all available space.
A bunch of warnings come up: ignore them.
Reboot.
Upon restart, run:
sudo resize2fs /dev/sda1
This extends the filesystem on the partition to fill all of the space allotted to it.
Now, it is time to create the swapfile. Since home has a lot of space and running out of memory is bad, we make it big.
sudo fallocate -l 8G /home/swapfile.swap
Now, we lock down the swapfile to prevent users or malicious programs from looking into it:
chmod 0600 /home/swapfile.swap
The result is a file which can only be read and written to by root.
Now, we set up encryption for the swapfile by adding the following to /etc/crypttab
:
cryptswap /home/swapfile.swap /dev/urandom swap,cipher=aes-cbc-essiv:sha256
We activate the encrypted swap drive:
sudo cryptdisks_start cryptswap
Check to see that it started using:
sudo cryptsetup status cryptswap
Now, we add this line to /etc/fstab
so that the encrypted swap is loaded automagically upon start-up:
/dev/mapper/cryptswap none swap sw 0 0
Now, we start up the new swap file:
sudo swapon -a