Well, there is a volatile partition (seemingly /dev/xvdc) that contains a 1GiB swap and modifications from root filesystem. It is backed by volatile.img file. The symlink approach (provided that you link them to a partition with temporary per-boot key) will essentially do the job, except that you have to recreate the symlinks at the right time. (The encryption key is discarded after shutdown of whole VM, though.) Moreover, you have to skip DVMs, because they need the volatile.img file.
So, I've modified some script that is responsible for volatile.img creation. The modification works on Qubes 3.0 and might need some adjustment for 3.1. See https://github.com/QubesOS/qubes-issues/issues/1527 for more details. The size of swap is (or used to be) hadcoded in the script for creating volatile.img. In 3.1, you might also need some adjustment of the initramfs of the particular AppVM, because partitioning script has been moved there. Note that modification of those scripts implies that you need to reapply them after some system updates unless they are upstreamed. Regards, Vít Šesták 'v6ak' On Tuesday, May 24, 2016 at 10:23:50 PM UTC+2, [email protected] wrote: > > Hi, > I would like to have an encrypted swap on external disk with random > generated key on every boot. And.. > There's one problem. The Template VM has only /dev/xvdc as swap memory, > but AppVMs has /dev/xvdc which was parted to /dev/xvdc1 (1GB swap) and > /dev/xvdc2. > So when I set up the /dev/xvdc in /etc/crypttab it cause that AppVM can't > boot. The AppVM can't decrypt and mount that disk. > I can use /dev/xvdc1 but I'm afraid that then Template VMs wouldn't start. > Apart from this I would like to have at least 8GB swap. > I'm hoping that symlink on volatile.img (is it swap file?) to extarnal > drive will work. > > Can anobody tell me how to get it? > > Another way which will be enough for me is that the qubes has one big > swap, but I'd prefer the first option becouse this one can cause a problem > during boot qubes when something goes wrong with my second drive. > > Regards > Adrian > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/efb0a033-f1ef-4bf0-8e0a-4a6ea2ebdb93%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
