I recently installed Antergos (which is basically Arch) and set it to use full disk encryption. Now, I want to migrate from encrypt to sd-encrypt because I want to be able to hibernate and I couldn't put swap partition in the same LUKS volume..
Background
During the setup:
- I used LUKS for
/partition and swap partition, - because my main SSD is small, I wanted to be able to hibernate and I have 32GB of RAM I created the encrypted swap partition on the second drive,
- I mounted swap partition (as well as another encrypted EXT4 partition from the second drive) using
/etc/crypttab.
I tested that installation works, grub let me boot into both linux and dual booted Windows, on Linux boot it decrypts and mounts both encrypted drives.
However, I was getting error about not finding disk with the UUID of a swap drive, and Arch manual confirmed that encrypt which I got from installer can handle only one encrypted partition during boot. If I want to handle more of them I should move to sd-encrypt. However, even after reading the documentation I am not certain what I have to do in order to migrate to sd-encrypt.
Details
HOOKS="base udev autodetect modconf block keyboard keymap encrypt resume filesystems fsck"GRUB_CMDLINE_LINUX_DEFAULT="quiet resume=UUID=[encrypted swap UUID]"GRUB_CMDLINE_LINUX=cryptdevice=/dev/disk/by-uuid/[/ UUID]:Arch_cryptGRUB_ENABLE_CRYPTODISK=y/etc/crypttabswap_crypt /dev/disk/by-uuid/[/ UUID] password_file luks data_crypt /dev/disk/by-uuid/[/ UUID] password_file luks
What else should I do after I change encrypt to sd-encrypt in HOOKS? Do I have to create a /etc/crypttab.initramfs and move swap_crypt there? Do I have to change luks to rd.luks? Both swap partition and / partition uses the same password, so according to the documentation both should be mounted on boot after I entered the password once, is that right? Documentation mentions luks.* and rd.luks.* params and similar - do I have to use them and if so, where should I put them?
