For my new laptop, I decided to use harddrive encryption. The new Debian installer (to be released with etch) can handle this setup, and it works pretty well. The passphrase prompt isn’t pretty, but who cares.

But where I’m currently stuck is getting it to work with uswsusp.

I used to be a Suspend 2 user, but I’m tired of compiling my own kernels; it takes a lot of diskspace and my new laptop has a much smaller harddisk (I bought a used laptop, so I didn’t have a choice; the old laptop is PATA, the new is SATA, so I can’t just move the HD over either). So I wanted to try new “userspace software suspend”.

s2ram works just fine on the laptop (with –force, but from some Google results I figured it’s already reported to work, so it will probably be in the next versions whitelist), where it’s becoming difficult is the suspend to disk with an encrypted swap device.

From what I can tell, s2disk expects the resume device to be a swap device; so I’d need to pass it /dev/mapper/cswap. However this is encrypted using a random key, so it can’t be decrypted after resume. Also it appears to be configured after the resume script at boot, which says it can’t stat my resume device.

Dear Lazyweb, anyone who could write some Howto for uswsusp and HD encryption? Do I need to encrypt swap with a static key (which would reside on an encrypted partition, after all)? And what about the boot sequence?

[Update: one of the cryptomount maintainers told me he’s working on fixing #394136 and #382280 this weekend, and that this will help me as well. (Basically it will allow the cryptomount initramfs things to setup more than one encrypted device, from what I figured).]