It is possible. I have it set up like that on my laptop.
Apart from a small /boot partition. The whole drive is encrypted.
Decryption keys are stored encrypted in the initramfs, which is embedded in the 
kernel.

--
Joost

On May 25, 2017 12:40:12 AM GMT+02:00, Rich Freeman <ri...@gentoo.org> wrote:
>On Wed, May 24, 2017 at 2:16 PM, Andrew Savchenko <birc...@gentoo.org>
>wrote:
>>
>> Apparently it is pointless to encrypt swap if unencrypted
>> hibernation image is used, because all memory is accessible through
>> that image (and even if it is deleted later, it can be restored
>> from hdd and in some cases from ssd).
>>
>
>Yeah, that was my main concern with an approach like that.  I imagine
>you could use a non-random key and enter it on each boot and restore
>from the encrypted swap, though I haven't actually used hibernation on
>linux so I'd have to look into how to make that work.  I imagine with
>an initramfs it should be possible.
>
>-- 
>Rich

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Reply via email to