After some more trying and bootups I figured out that this seems to work for me:
NOTE: REPLACE the X in sdaX with YOUR partition-number! UUIDs did not work for me!
Install necessary packages:
sudo apt-get install cryptsetup
Format your partition to SWAP
sudo swapoff -a
sudo cryptsetup -d /dev/urandom create cryptswap /dev/sdaX
sudo mkswap -f /dev/mapper/cryptswap -v1 -Lhello-swap
Add or edit the following line to /etc/crypttab
:
cryptswap /dev/sdaX /dev/urandom swap
Add or edit the line in /etc/fstab
:
/dev/mapper/cryptswap none swap sw 0 0
Re-enable swap:
sudo swapon -s
Confirm that swap is enabled:
free -m | grep Swap:
or check your System Monitor app in the Resources tab.
LVM with LUKS encryption
The method with encrypted home and swap is deprecated (after problems to keep things secret with that method). I suggest that you use the method that is now the only encryption method in Ubuntu's installer, LVM with LUKS encryption.
In the installer, at the partitioning window 'Installation type', select Erase disk and install Ubuntu
Encrypt the new Ubuntu installation for security
Write the changes to the target drive
Continue with the installation
The partition structure seen from the live system after installation shows that there is LVM with LUKS encryption.
After reboot you must enter the passphrase, that should be long, difficult to guess but easy for you to remember.
There is no back-door, so it is important to have a good backup routine.
This is the partition structure seen from the installed system,
Swap file /swapfile
Add a swap file if you need more swap. This swap file should be in the root directory
tester@tester-Lenovo-V130-14IKB:~$ sudo fallocate -l 8G /swapfile
tester@tester-Lenovo-V130-14IKB:~$ sudo mkswap /swapfile
mkswap: /swapfile: insecure permissions 0644, 0600 suggested.
setting up swapspace version 1, size = 8 GiB (8589930496 bytes)
no label, UUID=d34cc88f-0b25-4366-9f61-e477c87f5581
tester@tester-Lenovo-V130-14IKB:~$ sudo chmod 0600 /swapfile
tester@tester-Lenovo-V130-14IKB:~$ sudo nano /etc/fstab
I suggest that you add the following line to /etc/fstab
/swapfile none swap sw 0 0
Then you can swap it on
tester@tester-Lenovo-V130-14IKB:~$ sudo swapon -a
and check the result
tester@tester-Lenovo-V130-14IKB:~$ swapon
NAME TYPE SIZE USED PRIO
/dev/dm-2 partition 976M 0B -2
/swapfile file 8G 0B -3
/swapfile
will work after reboot because it is in /etc/fstab
(and with higher priority)
/swapfile file 8G 0B -2
/dev/dm-2 partition 976M 0B -3
This should be enough for hibernation with 8 GiB RAM and for running rather big tasks, that need heavy swapping.
Best Answer
By default, selecting the “Encrypt my home directory” option at install time will encrypt your swap space¹ as well - at least in Ubuntu 10.04 and newer (I don't know when this was implemented, so it could well be earlier).
Technically, it uses the
ecryptfs-setup-swap
program to do the swap encryption. You can use this tool if you want to encrypt your swap space post-install.¹: This applies to both swap partitions and any swap files you may have set up.