# Encrypting the swap partition?



## Maelstorm (Nov 30, 2015)

Is there a way to tell the kernel to encrypt the swap partition like what happens in OpenBSD?


----------



## protocelt (Nov 30, 2015)

Certainly. Take a look at the handbook section: https://www.freebsd.org/doc/handbook/swap-encrypting.html


----------



## kpa (Nov 30, 2015)

protocelt said:


> Certainly. Take a look at the handbook section: https://www.freebsd.org/doc/handbook/swap-encrypting.html



I noticed a small error in that section:



> It assumes a UFS file system where /dev/ada0s1b is the swap partition.



This I think should read instead:



> It assumes an MBR partitioned disk ada0 where /dev/ada0s1b is the swap partition.



Swap as configured by default uses no filesystem and is separate from the actual filesystems so referring to UFS is not proper there.


----------



## sidetone (Nov 30, 2015)

Add 
	
	



```
.eli
```
 behind the swap partition in /etc/fstab


```
/dev/ada0s1b.eli  none  swap  sw 0 0
```


----------



## wblock@ (Nov 30, 2015)

kpa said:


> I noticed a small error in that section:


Fixed in r47811, thanks!


----------



## enso_xyz (Dec 1, 2015)

I usually just do it from the install menu when I setup my server using ZFS as the file system. They offer a great book "The Design And Implementation Of The FreeBSD Operating System." Long title but a great read and reference for stuff like this. It will take you from n00b to systems admin in no time. Linux was driving me insane so I spent 3 months learning BSD and haven't looked back since.


----------



## wblock@ (Dec 1, 2015)

Are you sure about the title of that book?  Because the one I have is about design, not sysadmin stuff, and would not be very useful for those wishing to learn FreeBSD system administration.


----------



## enso_xyz (Dec 1, 2015)

enso_xyz said:


> I usually just do it from the install menu when I setup my server using ZFS as the file system. They offer a great book "The Design And Implementation Of The FreeBSD Operating System." Long title but a great read and reference for stuff like this. It will take you from n00b to systems admin in no time. Linux was driving me insane so I spent 3 months learning BSD and haven't looked back since.



I apologize I completely told you the wrong title lol... Thats the wrong book like *wblock@ *stated thats just the book I read the most and find most helpful for the stuff i do. My ebooks collection is quite extensive and  I have a number of titles from Michael Lucas, The one I should have referenced is "FreeBSD Mastery: Storage Essentials"... I have a number of titles from this author but I believe this one should be a good place to start. 

However the one I said first is also a great book. Every BSD sys admin should own that book its an indispensable resources when you want to get in to the interworking of the OS, has a wealth of valuable knowledge. 

Your question is kind of vague. I didn't say anything before but I need to know more about what your doing? Are we talking during installation or on a system thats already up and running? I would need to know more about the specific situation in order to properly answer your question. During installation you have the option to encrypt the swap drive.


----------



## Maelstorm (Dec 1, 2015)

Ok, that's going to require me to do a rebuild of the kernel.


----------

