I instaled a fresh 11.04 system when it was released and set up full disk encryption with LUKS. At first it asked me for a password for my three encrypted partitions:
/
/home
swap
Typing in the passphrase three times got frustrating, so I tried to set up /home and swap to decrypt from a keyfile stored on /. I created the keyfile and enabled it on the two partitions. My crypttab now looks like this:
root-root_crypt UUID=13c21bf6-4d92-42a7-877a-87cc31b1aa19 none luks
home-home_crypt UUID=ba90ce5b-9df7-4764-8a72-011bbb164db4 /root/keyfile luks
home-home_crypt UUID=ba90ce5b-9df7-4764-8a72-011bbb164db4 none luks
sda3_crypt UUID=e4677895-2114-4054-9f23-d36f6bb0e6a2 /root/keyfile luks,swap
This works fine for /home, which gets mounted automatically without asking for a password. But cryptsetup still asks for a password for the swap space. I've even tried adding noauto to the swap space so it wouldn't be set up at all — once the system is booted I can enable it without the passphrase, so I thought I'd just add a late init script to do it, but even with noauto cryptsetup still asks for the passphrase.
Thanks!
Best Answer
Had the same question, here is how i did it on ubuntu 12.04.1 and 12.10,
--before starting make sure you have a backup and can also boot your system with ubuntu cd or usb; as if you make a mistake, your system may not boot anymore or you may loss data. i assume you have an encrypted ubuntu system with LUKS, inside LUKS you have 3 partitions, SYSTEM-BOOT (not encrypted), SYSTEM-SWAP (encrypted) and SYSTEM-OS (encrypted)--
u need to adjust UUIDs, SYSTEM-SWAP_crypt, SYSTEM-OS_crypt, SYSTEM-SWAP, SYSTEM-OS to the variation used on your system, pls see reference link below my solution for more info
Get UUIDs:
Prepare >
Tell cryptsetup to compute the passphrase of the swap partition from the decryption key of the volume holding the root filesystem >
tell the system about swap partition, edit crypttab>
=? make sure two lines match
tell the system about swap partition, edit fstab>
=? make sure u have this line
tell the system about swap partition, edit resume>
=? make sure u have this line
update initramfs on boot partition >
Reference
The answer inspired by Setting up an encrypted Debian system (archived link):