* Important! * This didn't work! It is not secure! When wiping happens, the file gets moved to another place by btrfs, then, this doesn't work for two reasons: 1) Wiping happens in other parts of the disk, and the offset changes and has to be updated in all configurations files after wiping everytime.
* This was just a stupid experiment.
sudo btrfs subvolume create /mnt/btrfsbase/swap * Add it to /etc/fstab
UUID=8f9ede3a-912f-40d6-9335-90ed3186e3e4 /swap btrfs defaults,noautodefrag,nodatacow,nodiscard,noatime,subvol=swap 0 0
cd /swap sudo truncate -s 0 swapfile sudo chattr +C swapfile btrfs property set swapfile compression none sudo chmod 600 swapfile sudo dd if=/dev/zero of=swapfile bs=1M count=24576 #reserve 24GB sudo mkswap /swap/swapfile
sudo findmnt -no UUID -T /swap/swapfile
gcc -O2 -o btrfs_map_physical btrfs_map_physical.c
sudo btrfs_map_physical /swap/swapfile | head -n 2
FILE OFFSET FILE SIZE EXTENT OFFSET EXTENT TYPE LOGICAL SIZE LOGICAL OFFSET PHYSICAL SIZE DEVID PHYSICAL OFFSET 0 134217728 0 regular 134217728 4594864128 134217728 1 4594864128
sudo getconf PAGESIZE
Result: 4096
4594864128/4096=1121793
RESUME=UUID=8f9ede3a-912f-40d6-9335-90ed3186e3e4 resume_offset=1121793
GRUB_CMDLINE_LINUX_DEFAULT="resume=UUID=8f9ede3a-912f-40d6-9335-90ed3186e3e4 resume_offset=1121793 quiet btusb.enable_autosuspend=n"
sudo swapon /swap/swapfile
resume device = /dev/disk/by-uuid/8f9ede3a-912f-40d6-9335-90ed3186e3e4 early writeout = y image size = 0 RSA key file = /etc/uswsusp.key shutdown method = platform resume offset = 1121793
sudo systemctl edit systemd-hibernate.service
[Service] ExecStart= ExecStartPre=-/bin/run-parts -v -a pre /lib/systemd/system-sleep ExecStart=/usr/sbin/s2disk ExecStartPost=-/bin/run-parts -v --reverse -a post /lib/systemd/system-sleep
sudo update-grub sudo update-initramfs -k all -u sudo update-grub
sudo s2disk
I have a system with encrypted swap, but I don't want to have encryption on the hibernation swap file. My idea is to use hibernation only when strictly necessary, because I don't want to need to put a password during booting. Then, this swap file should actually be always deactivated except before hibernation. When resuming, this swap space should be deactivated and then securely wiped! The script to do this would be this: my_server_hibernate.sh:
#!/bin/bash
echo "Activating swap from swapfile" sudo swapon /swap/swapfile sleep 1 echo "Hibernating" sleep 0.2 xtrlock -b & sudo s2disk echo "Returning from Hibernate" sleep 10 echo "Deactivating swapfile" sudo swapoff /swap/swapfile sleep 5 echo "Wiping swapfile" #sudo wipe -k -f -q -Q 1 /swap/swapfile sudo dd if=/dev/zero of=/swap/swapfile bs=1M count=24576 status=progress #reserve 24GB sync sleep 1 echo "Making swapfs again" sudo mkswap /swap/swapfile echo "All done, ready to hiberante again"