I’ve never had an issue once its set up. Just a 16GB LUKS partition alongside my normal LUKS partition, a small edit to /etc/crontab
so I only have to enter the password once, set the RESUME
variable, add to fstab, and rebuild init. This method even works with suspend-then-hibernate on every laptop I’ve used it with.
This would take 5 seconds at install time, but instead you have to install, reboot to the live USB, shrink LV, shrink PV, shrink LUKS, shrink partition, repartition, grow LUKS, grow PV, grow LV, and finally set up the swap partition as above.
Am I the only one? Does anyone else use encrypted drives and hibernate?
The attack described in the post I linked assumes a privileged attacker wants to gain deeper access to the kernel, with the ability to rewrite the encrypted swap header already. It’s an attack that’s not very important to general users, but it’s a real issue for kernel developers.
With secure boot configured correctly I don’t think there’s any risk in using encrypted swap partitions for hibernation, but the kernel itself had some issues with it for a while.