Commit 1af3a048 authored by Matthias Klumpp's avatar Matthias Klumpp

Change pureos-default-partitioning-settings.patch: Always reformat swap on boot

parent 20c1ba40
......@@ -132,7 +132,7 @@ This patch does the following:
#endif // ENCRYPTWIDGET_H
--- a/src/modules/partition/gui/PartitionViewStep.cpp
+++ b/src/modules/partition/gui/PartitionViewStep.cpp
@@ -431,39 +431,6 @@
@@ -433,39 +433,6 @@
description );
}
}
......@@ -198,7 +198,7 @@ This patch does the following:
""" Generates information for each crypttab entry. """
if "luksMapperName" not in partition or "luksUuid" not in partition:
return None
@@ -156,11 +161,18 @@
@@ -156,11 +161,24 @@
if not mapper_name or not luks_uuid:
return None
......@@ -206,8 +206,14 @@ This patch does the following:
+ pwd_entry = "/crypto_keyfile.bin"
+ opts_entry = self.crypttab_options
+ else:
+ pwd_entry ="none"
+ pwd_entry = "none"
+ opts_entry = "luks"
+
+ if partition["fs"] == "linuxswap":
+ # we always re-encrypt swap partitions with a random password on boot
+ # this makes suspend-to-disk impossible, but improves security slightly
+ pwd_entry = "/dev/urandom"
+ opts_entry = "swap,cipher=aes-xts-plain64,size=256"
+
return dict(
name=mapper_name,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment