Re: [suse-security] How do I encypt the swap (partition[s]) under SuSE 9.3 Prof ?

[Axel Sintermann <Axel.Sintermann@xxxxxxxxxxx>]

> Can anyone tell me how to encrypt swap under SuSE
> 9.3? This is standard on Mac's and should be as well possible in
> 9.3.

On a  SUSE 9.2 (default-kernel) system it was almost trivially easy to
set up an encrypted swap, IIRC.
You can try this for your 9.3:

put an entry like 
  /dev/hdXX swap swap sw,loop=/dev/loopNNN,encryption=AES256,pri=99 0 0
in your /etc/fstab. The "pri=..." part is optional, and you may select
different algrithms for the "encryption=..." part (read the man pages
for details).

Replace "XX" with your designated swap device, and replace NNN with a
number from 0-15 to select a loop device (0-15 loop devices seem to be
standard in S92). I use loop 5 and 6, FWIW. 

Check with lsmod if you have the AES (or your selected encryption)
module running; I believe it wasn't even necessary to modprobe the
module somewhere in /etc/init.d, but I am not sure about that now.
(My lsmod output shows "aes_i586 .....")

Then, just run "swapoff -a" (just to be sure) and "swapon -a", and 
you're all set.

Get back to the list or to me if it doesn't work right away; 
my failing memory might be missing some minor step since it's been 
a while ...


HTH,
Axel

> PS: Sorry for writing in German on the first posting. Should not happen again ;-)

I hadn't even noticed: ik spreken deuts (sogar richtiges :-) )

(sorry for replying to Chris instead of the list the first time)


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here