Cryptswap broke

I have a Windows 10 / Lubuntu 16.04 dual boot setup. Recently I booted into Windows 10 and resized some partitions. Somehow that broke cryptswap, I’m guessing due to partition UUID being changed.

⚠⚠⚠ Please do not copy paste commands from this blog post. My configuration can be different than yours. You might lose your data!

  • My swap partition is allocated on /dev/sda7
  • I have /dev/mapper/cryptswap1 that’s supposed to be mapped to /dev/sda7

Symptoms

  • Every time I boot up it asks me for a passphrase to encrypt /dev/mapper/cryptswap1, when it is supposed to pull a random.
  • Sometimes when I reboot the system it gives me weird errors and won’t rebbot. Have to sudo systemctl reboot. Then it somehow triggers the passphrase prompt again, before finally rebooting.

Clearly something isn’t right about the cryptswap.

Diagnosis

First run free and see if we have a swap at all.

$ free
Mem:       16312260     3740628     4414144      594784     8157488    11383972
Swap:      16658428       34632    16623796

It seems I do have swap.

$ sudo swapon -a
swapon: stat of /dev/mapper/cryptswap1 failed: No such file or directory
$ swapon -s
/dev/sda7                                partition  16658428  0  -1

Clearly this means I do have swap, but the cryptswap1 doesn’t exist. Maybe my swap is on but is not encrypted??

Let’s check /etc/fstab

/dev/mapper/cryptswap1 none swap sw 0 0

But /dev/mapper/cryptswap1 does not even exist

What is in /dev/crypttab?

cryptswap1 UUID=5c6cfca7-1fea-41b9-868b-dc0d866740f2 /dev/urandom swap,offset=1024,cipher=aes-xts-plain64

Let’s also check with blkid

$ sudo blkid
...
/dev/sda7: UUID="5c6cfca7-1fea-41b9-868b-dc0d866740f2" TYPE="swap" PARTUUID="9aacd77e-bf30-46be-8ca6-716bf86edd45"

It became clear that for some reason cryptswap1 broke and my swap is living in /dev/sda7 unencrypted, because otherwise my swap would be /dev/mapper/cryptswap1.

Removing cryptswap1

$ sudo swapoff /dev/mapper/cryptswap1
(^ this may fail but move on regardless)
$ sudo swapoff /dev/sda7
$ sudo cryptsetup remove cryptswap1
  • In /etc/fstab, remove things related to sda7 or cryptswap1.
  • In /etc/crypttab, remove things related to sda7 or cryptswap1.

Setup cryptswap again

  • Add back cryptswap1 in /dev/fstab /dev/mapper/cryptswap1 none swap sw 0 0
  • In /dev/crypttab, add the mapping

    • Check your /dev/disk/by-id to figure out what your disk ID is.
    cryptswap1 /dev/disk/by-id/xxxxxx-part7 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
    
  • Reboot

  • Now set up cryptswap1

    $ sudo cryptsetup luksClose cryptswap1
    
  • Reboot again

  • Make swap

    $ sudo mkswap /dev/mapper/cryptswap1
    
  • Swap on

    $ sudo swapon -a
    
  • Lastly, open /etc/initramfs-tools/conf.d/resume with vim

    RESUME=UUID=xxxx (UUID of your sda7)
    
  • Reboot and you’re done

Verify cryptswap1 is working

$ swapon -s
/dev/dm-0                              	partition	16658428	34628	-1
$ sudo cryptsetup status /dev/mapper/cryptswap1
/dev/mapper/cryptswap1 is active and is in use.
  type:    PLAIN
  cipher:  aes-cbc-essiv:sha256
  keysize: 256 bits
  device:  /dev/sda7
  ...