sön 2016-11-13 klockan 22:49 +0000 skrev Andy Smith:
> So, although support for FDE is pretty good in installers these
> days, I wrote up some notes about using it at BitFolk which you may
> find useful:
>
> https://tools.bitfolk.com/wiki/Full_disk_encryption
Another option for the xvdb swap is to randomly encrypt it on boot.
$ grep cryptswap /etc/crypttab
cryptswap1 UUID=1cd6a42b-f9b5-4116-bf00-21e813b5a051 /dev/urandom swap,offset=1024,cipher=aes-xts-plain64
$ grep cryptswap /etc/fstab
/dev/mapper/cryptswap1 none swap sw 0 0
$
This particular example being based on what the Ubuntu installer
provides when you go for the ecryptfs homedir setup.
// Andreas
