0

I followed the instructions at Transparent Encryption For a User's Home Folder to encrypt my home folder.

It all worked except the last command:

sudo ecryptfs-setup-swap

returned:

Unknown device "/dev/var/swap": No such file or directory

cannot open /dev/mapper/cryptswap1: No such file or directory

cannot open /dev/mapper/cryptswap1: No such file or directory

My guess is that is because Raspberry Pi OS does not have a SWAP partition.

According to: How to set up swap space? Raspberry Pi OS has a SWAP file.

I'm not exactly sure what to do now. My reason for wanting to encrypt SWAP was to prevent data from my home directory being leaked and saved unencrypted on the sd card.

How do I encrypt the SWAP file?

I could disable SWAP altogether but I'm concerned what effect that may have on performance.

*1

According to the comments at How to change Raspberry Pi's Swapfile Size on Raspbian the number 0 sets SWAP to infinite. Meaning, 0 does not disable SWAP (for those interested in disabling SWAP altogether)

seminar
  • 1
  • 1
  • Could argue that encryption is only valid for physical attacks as programs running on the machine often have access to unencrypted data as the user files / directories are open when they run but anyway it's your box so I would look at the /etc/dphys-swapfile file as this controls the swap under Raspberry Pi O/S for the program dphys-swapfile –  Dec 25 '20 at 16:18
  • I am not exactly sure what you mean by the first part. I am aware that encryption of the home folder does not protect my files from malicious software and I am aware that if the home folder has been decrypted while the Pi is on, the encryption is pointless. I would like to prevent unencrypted data from being written to the sd card in the event an adversary gets physical access while it is off. The dphys-swapfile file does not give me any indication of how to encrypt the SWAP file. I have edited the my question post. Refer to *1 – seminar Dec 25 '20 at 20:58
  • Move the location of the swap file to an encrypted mount point. You encrypt the drive / partition not the file itself. –  Dec 25 '20 at 23:06
  • How do you move the swap file to an encrypted mount point? I can't seem to find a way to do that. The only workable solution I have found is to just disable SWAP entirely. I'm going to try creating a SWAP partition with a separate install (to edit the first sd card) and then on the first sd card encrypt the SWAP partition. I think I tried this a couple weeks back but cannot remember the exact results. – seminar Jan 05 '21 at 17:19

0 Answers0