On Thu, February 8, 2018 1:49 pm, Tinker wrote: > Hi misc@, > > I looked through previous discussions on whether a SWAP partition > should be inside or outside the RAID partition when making a crypto > softraid. > > The only argument I stumbled into was that it should be outside because > swap is encrypted anyhow and it would be unnecessary to double-encrypt > the swap. > > > That seems like a weak argument to me, because swap is generally used > rarely and so speed does not really matter anyhow, and, the swap > partition is always used also as dump partition, and dumps are *not* > encrypted. > > For the case that a dump would happen, you want the OS to encrypt it > and the way to do that is to put the SWAP *inside* the RAID. > > > Maybe a crash-dump can be induced somehow. Maybe someone would get hold > of the HDD while the dump data is still on the swap partition because > the OS has not booted again, which would otherwise normally migrate > that dump data over to the filesystem. > > This is an extreme consideration though as a comprehensive motivation > for a choice it appears to me to make all sense. > > > Thoughts, comments? > > I would probably interpret no comments as that the SWAP should indeed > be located inside the RAID for this said reason. > > Thanks, > Tinker >
Assuming you are doing full disk encryption otherwise, put swap inside the softraid disk. The kernel is hardcoded to look on the boot disk to save dumps. If swap was is on sd0 but you decrypt a partition as sd1 and boot from that, swap is no longer on the same disk. Unless you override with config(8) Tim.
