I have used the encrypted swap feature for a while now, but recently I moved from a swap partition to a swap file. This is because my new drive is an SSD and I wanted to make sure I could use TRIM on the part of the disk used for swap.
Typically an encrypted swap file would be used in fstab as below:
And geli(8) would automatically encrypt the swap with a one time key each time the system boots, that way the swap is always non recoverable after a reboot.
However because I wanted to take advantage of TRIM on the SSD I wanted to use a file for the swap instead of a partition. I am not sure if it is possible to do an automatically encrypted swap using GELI like is possible when using a swap partition.
My current fstab looks like this:
Typically an encrypted swap file would be used in fstab as below:
Code:
ada0s1b.eli none swap sw 0 0
However because I wanted to take advantage of TRIM on the SSD I wanted to use a file for the swap instead of a partition. I am not sure if it is possible to do an automatically encrypted swap using GELI like is possible when using a swap partition.
My current fstab looks like this:
Code:
md99 none swap sw,file=/usr/swap/swap 0 0