Full disk encryption - Hibernation and unlocking (feddit.org)

submitted 2 days ago* (last edited 2 days ago) by [email protected] to c/[email protected]

10 comments fedilink hide all child comments

Hey magical linux-oracle,

I recently made a full disk encryption on my computer via the debian installer.

I partitioned it like this:

SSD:

-- unencrypted part --

Boot - 1GB space, mounting point: /boot

EFI - 512MB space, mounting point: ESP, bootable flag: on

-- encrypted part --

Encrypted container with a volume group (vg-1) containing 3 logical volumes:

Root - 50GB space, mounting point: /

Swap - 30GB space, mounting point: swap

Home - Rest of space, mounting point: /home

& Second harddrive fully encrypted with one logical volume and mounting point /mnt/data

The install of linux worked pretty well.

Unfortunately, the hibernation part doesn't work out of the box. When I press hibernate (or standby), it only goes to the lock screen. How can I solve that issue? (Is it even a good idea to use hibernation on encrypted devices?)

Second thing: As you can see from my setup, I use 2 disks. When I start up my system, I only need to enter my decryption password once (not twice for the 2nd HD) and I see, that my second hard disk seems to be mounted already. It seems that people usually struggle with typing in their passwords twice and want a solution for that. Is it possible, that debian automatically fixed this for me (It's the same pw for both)?

Thanks!

~sp3ctre

you are viewing a single comment's thread
view the rest of the comments

[-] [email protected] 2 points 2 days ago* (last edited 2 days ago)

You have to use two swaps if you already use one swap, because one will be used when the system is on, but the second will be used to set the RAM content + the 1st content into SWAP (if any), otherwise, it would fail.

Then, find the hibernation swap uuid:

sudo swapon --show
lsblk -o name,uuid

Then

# /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="resume=UUID=xxxx"

#/etc/initramfs-tools/conf.d/resume
resume=UUID=xxxx

# bash
sudo update-grub
sudo update-initramfs -k all -u

# to hibernate on lid switch
# /etc/systemd/logind.conf
HandleLidSwitch=hibernate

Then reboot :)

Note: this method works wonderfully, I use it personally. Just be aware that the hibernation swap content is not encrypted, so you're vulnerable if your laptop is stolen while hibernated.

[-] [email protected] 2 points 2 days ago

Hmm, doesn't this undermine the whole purpose of encryption? If I understand that right, there will always be unencrypted stuff of me? Also when I completely shutdown?

[-] [email protected] 2 points 2 days ago

Yes. Unfortunately FDE hibernation is not well supported and in fact Debian used to disable it in the kernel (though that night have changed).

IMHO is a big oversight because encrypted swap hibernation is safer than sleep.

load more comments (2 replies)

load more comments (3 replies)

this post was submitted on 05 Jun 2025

34 points (94.7% liked)

Linux

54865 readers

474 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 6 years ago

MODERATORS

[email protected]