luks swap hibernation

Hi there!

I just downloaded and installed a fresh copy of Manjaro KDE 20.0.2 on my new Dell XPS 15 7590.
During the setup I configured both the root btrfs and the swap partition to have an underlying luks encryption with the same password.

In general it seems to work, the swap partition get's mounted when fully booted, but during startup and shutdown I get errors like that:

Failed to open key file.
ERROR: resume: hibernation device '/dev/mapper/luks-9c38518f-15af-4746-af85-5431

Which also cause a few seconds of annoying delay.

Some more info on my system:

$ lsblk --fs
NAME                                          FSTYPE      FSVER LABEL UUID                                 FSAVAIL FSUSE% MOUNTPOINT
nvme0n1                                                                                                                   
├─nvme0n1p1                                   crypto_LUKS 1           455a911f-2d10-4548-a671-e1d4b8295bce                
│ └─luks-455a911f-2d10-4548-a671-e1d4b8295bce btrfs                   4dd8f7e8-5ffb-4405-b3d8-789ea877483d  379,7G     3% /home
├─nvme0n1p2                                   crypto_LUKS 1           9c38518f-15af-4746-af85-5431dfa8e641                
│ └─luks-9c38518f-15af-4746-af85-5431dfa8e641 swap        1           ca8b8500-9ab5-4296-af0e-452e956ce6e5                [SWAP]
└─nvme0n1p3                                   vfat        FAT32       5311-CC1E                             124,4M     1% /boot/efi
$ cat /etc/crypttab
...
luks-455a911f-2d10-4548-a671-e1d4b8295bce UUID=455a911f-2d10-4548-a671-e1d4b8295bce     /crypto_keyfile.bin luks
luks-9c38518f-15af-4746-af85-5431dfa8e641 UUID=9c38518f-15af-4746-af85-5431dfa8e641     /crypto_keyfile.bin luks
$ cat /etc/fstab
...
/dev/mapper/luks-455a911f-2d10-4548-a671-e1d4b8295bce /              btrfs   subvol=@,defaults,noatime,space_cache 0 1
/dev/mapper/luks-455a911f-2d10-4548-a671-e1d4b8295bce /home          btrfs   subvol=@home,defaults,noatime,space_cache 0 2
/dev/mapper/luks-9c38518f-15af-4746-af85-5431dfa8e641 swap           swap    defaults,noatime 0 2
$ inxi -Fx
System:    Host: XPS157590 Kernel: 5.6.15-1-MANJARO x86_64 bits: 64 compiler: gcc v: 10.1.0 Desktop: KDE Plasma 5.18.5 
           Distro: Manjaro Linux 
Machine:   Type: Laptop System: Dell product: XPS 15 7590 v: N/A serial: <root required> 
           Mobo: Dell model: 0VYV0G v: A00 serial: <root required> UEFI: Dell v: 1.6.0 date: 02/06/2020 
Battery:   ID-1: BAT0 charge: 97.0 Wh condition: 97.0/97.0 Wh (100%) model: SMP DELL GPM0365 status: Full 
CPU:       Topology: 6-Core model: Intel Core i7-9750H bits: 64 type: MT MCP arch: Kaby Lake rev: A L2 cache: 12.0 MiB 
           flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx bogomips: 62431 
           Speed: 800 MHz min/max: 800/4500 MHz Core speeds (MHz): 1: 800 2: 800 3: 800 4: 800 5: 800 6: 800 7: 800 8: 800 
           9: 800 10: 800 11: 800 12: 800 
Graphics:  Device-1: Intel UHD Graphics 630 vendor: Dell driver: i915 v: kernel bus ID: 00:02.0 
           Device-2: NVIDIA TU117M [GeForce GTX 1650 Mobile / Max-Q] vendor: Hewlett-Packard driver: nvidia v: 440.82 
           bus ID: 01:00.0 
           Display: x11 server: X.Org 1.20.8 driver: modesetting,nvidia resolution: 1920x1080~60Hz 
           OpenGL: renderer: Mesa Intel UHD Graphics 630 (CFL GT2) v: 4.6 Mesa 20.0.7 direct render: Yes 
Audio:     Device-1: Intel Cannon Lake PCH cAVS vendor: Dell driver: snd_hda_intel v: kernel bus ID: 00:1f.3 
           Sound Server: ALSA v: k5.6.15-1-MANJARO 
Network:   Device-1: Intel Wi-Fi 6 AX200 vendor: Bigfoot Networks driver: iwlwifi v: kernel port: 3000 bus ID: 3b:00.0 
           IF: wlp59s0 state: up mac: 08:d2:3e:b6:92:8e 
Drives:    Local Storage: total: 476.94 GiB used: 10.35 GiB (2.2%) 
           ID-1: /dev/nvme0n1 vendor: Micron model: 2200S NVMe 512GB size: 476.94 GiB 
Partition: ID-1: / size: 390.62 GiB used: 10.35 GiB (2.6%) fs: btrfs dev: /dev/dm-0 
           ID-2: /home size: 390.62 GiB used: 10.35 GiB (2.6%) fs: btrfs dev: /dev/dm-0 
           ID-3: swap-1 size: 86.19 GiB used: 2.0 MiB (0.0%) fs: swap dev: /dev/dm-1 
Sensors:   System Temperatures: cpu: 49.0 C mobo: N/A 
           Fan Speeds (RPM): N/A 
Info:      Processes: 354 Uptime: 59m Memory: 7.40 GiB used: 3.91 GiB (52.9%) Init: systemd Compilers: gcc: 10.1.0 Shell: bash 
           v: 5.0.17 inxi: 3.0.37

Can somebody give me some hints how to get that swap fully working, including hibernation?

This is the only place i can point out
https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#With_suspend-to-disk_support

I have zero experience with btrfs - however the issue with encryption is somewhat universal.

I think the solution is to move your swap from a partition to a file inside your container.

Then the swap file will be decrypted when the system starts and can be used immediately.

thanks @bogdancovaciu - yes I've seen this link a few times already, it's just really hard work to read this and google every second sentence to try to find out what it's about :wink:

@linux-aarhus thank you for your hint, but I tried that setup in the past and it seems swap-files on a btrfs partitions are a bad idea (tm).

I know of the challenges with btrfs - maintenance especially.

I actually tried using btrfs for a short while - but I had data loss and disk space issues - so I turned my attention to f2fs which works very well - for a while :frowning_face: - so I reverted all my partitions to use ext4.

I am not too fond of data loss - I have tried the hard way - to recover - paying data recovery specialists - not a path I want to walk again. :grin:

hehe, yes I've had a few issues with btrfs too, but most of the time they could be solved by letting a full balance run through.

I just love the timeshift + btrfs snapshot feature so much :wink:

https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#With_suspend-to-disk_support

To resume from a encrypted swap partition, the encrypted partition must be unlocked in the initramfs.

  • When using the default busybox-based initramfs with the encrypt hook, follow the instructions in #mkinitcpio hook.
  • When using the systemd-based initramfs with the sd-encrypt mkinitcpio hook, simply specify additional rd.luks kernel parameters to unlock the swap partition.

How do I find out if my Manjaro installation uses busybox-based or systemd-based initramfs?

By checking the hooks line in /etc/mkinitcpio.conf .

Is resume set correctly in /etc/default/grub in GRUB_CMDLINE_LINUX_DEFAULT line?

resume=/dev/mapper/luks-9c38518f-15af-4746-af85-5431

how to interpret that?

$ sudo grep "^[^#;]" /etc/mkinitcpio.conf
MODULES="crc32c-intel"
BINARIES=()
FILES="/crypto_keyfile.bin"
HOOKS="base udev autodetect modconf block keyboard keymap encrypt openswap resume filesystems"

@Marte yes, it seems to have configured this correctly by default, though what you wrote is incomplete I think, the error message cropped the full ID. It reads:

resume=/dev/mapper/luks-9c38518f-15af-4746-af85-5431dfa8e641

1 Like

Please read the the quote form the Arch Wiki you posted very carefully. And then search for the identifying hooks in your own hook line.

You should be able to determine if your system uses the busybox- or systemd-based initramfs.

ah, okey. so I've got the encrypt hook and not the sd-encrypt hook.
That means I'm riding the busybox-based initramfs version.

Yes, this is correct. By default most (if not all) Manjaro systems use the older busybox-based initramfs. And your systems also uses the busybox-based initramfs.

Should I try to switch to the systemd-based initramfs?

The encrypt hook can only unlock a single device (FS#23182). With sd-encrypt multiple devices may be unlocked, see dm-crypt/System configuration#Using sd-encrypt hook.

Instead of using an encrypted swap partition you could go for a swapfile on the encrypted root partition. This is how I am doing it and it works fine - including hibernation.

1 Like

but not with the root partiton's filesystem beeing btrfs, no?

If that is true and you want to use the swap partition, you have to switch. However, if you do, make sure you have a USB flash drive with a live iso ready. Because if you make a mistake during the switch, your system might not boot.

You would need to switch form a busybox-based initramfs to a systemd-based initramfs. You also need to change your grub cmdline. The syntax for identifying the luks devices is different.

swap files on btrfs are supported since kernel 5.0 according to arch wiki:

https://wiki.archlinux.org/index.php/Btrfs#Swap_file

and with regard to hibernation:

https://wiki.archlinux.org/index.php/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file_on_Btrfs

Resume from a swap file on btrfs is still unreliable (as whole btrfs in general lol).

As far as I know, there's a workaround for encrypt hook. One needs to create another hook for swap partition based on encrypt hook. If I remember correctly...

That swap files on btrfs are slow and unreliable was my experience in the past as well, though in general my btrfs based manjaro systems work quite well, although I of course have to give you that ext4 is more stable and needs less maintenance.

I will try to read some more on how to get that separate encrypted swap partition to work with hibernation and report back on my progress.

Forum kindly sponsored by