Hi!
I have a fresh installation of Tumbleweed on a Lenovo T580 notebook. The SSD is encrypted via LUKS during installation – including a separate swap partition to use for hibernation. At the moment the root partition is already decrypted automatically without providing an additional key file as stated here:
Automatically_decrypt_the_root_partition
What I also would like to accomplish is to decrypt the swap partition without having to provide the password twice, like it is described here:
Additional_steps_when_using_hibernation_with_encrypted_swap_partition
Unfortunately, this does not work as expected. I still have to provide the password twice (one for Grub and one for swap as I understand it) – at boot time as well as on waking up from hibernation.
First of all there is one general lack of understanding: Do I have to provide an additional key file to decrypt the swap partition automatically like this was the case before Grub was able to decrypt root automatically? At the moment I do not provide a separate key file, cause the Support Database is somewhat unclear about this (for me).
These are the specific steps I have taken so far:
lsblk -o +UUID
nvme0n1p3 259:3 0 31.1G 0 part ebdb25fa-de4b-453e-aac9-13aeb9cd0bb1
cr_swap 254:1 0 31.1G 0 crypt [SWAP] 0cf5e904-7249-4700-af64-2a33853b5bc9
/etc/crypttab
cr_swap UUID=ebdb25fa-de4b-453e-aac9-13aeb9cd0bb1 none x-initrd.attach,force
cr_root UUID=0a9af5f4-f126-49af-8a9d-c63ff5725fb4 none x-initrd.attach
/etc/dracut.conf.d/99-resume.conf
add_dracutmodules+=" resume "
There is another file ‘99-debug.conf’ present which I left untouched to not mess with system generated configs. I hope that’s just inelegant and not problematic.
Rebuild the initrd via:
dracut -f
Finally I added ‘resume’ to the kernel parameters via Yast:
splash=silent quiet security=apparmor resume=UUID=0cf5e904-7249-4700-af64-2a33853b5bc9
Please let me know if further information is required. And please bear with my dangerous half-knowledge. Any help much appreciated.