On Wed, May 24, 2017 at 2:16 PM, Andrew Savchenko <birc...@gentoo.org> wrote: > > Apparently it is pointless to encrypt swap if unencrypted > hibernation image is used, because all memory is accessible through > that image (and even if it is deleted later, it can be restored > from hdd and in some cases from ssd). >
Yeah, that was my main concern with an approach like that. I imagine you could use a non-random key and enter it on each boot and restore from the encrypted swap, though I haven't actually used hibernation on linux so I'd have to look into how to make that work. I imagine with an initramfs it should be possible. -- Rich