#1 /tmp is physical partition & encrypted while swap is unencryped in memory if needed
/dev/mapper/OS-temp is a 10G LVM partition that was created at install
Code: Select all
#/etc/crypptab
#Encrypted /tmp
enc_temp /dev/mapper/OS-temp /dev/urandom cipher=aes-xts-plain64,size=512,hash=sha512,tmp
#/etc/fstab
/dev/mapper/enc_temp /tmp none nosuid,noexec,nodev,rw 0 0
tmpfs none swap defaults,size=4g 0 0
Code: Select all
# /etc/crypptab
enc_temp tmpfs /dev/urandom tmp,cipher=aes-xts-plain64,size=512,hash=sha512
enc_swap tmpfs /dev/urandom swap,cipher=aes-xts-plain64,size=512,hash=sha512
#/etc/fstab
/dev/mapper/enc_temp /tmp none defaults,nosuid,noexec,nodev,rw,size=6g 0 0
/dev/mapper/enc_swap none swap defaults,size=4g 0 0
/dev/mapper/OS-encrypted is a shared encrypted LVM
Code: Select all
# /etc/crypttab
enc_stuff /dev/mapper/encrypted/stuff /dev/urandom cipher=aes-xts-plain64,size=512,hash=sha512
enc_ts /dev/mapper/encrypted/tmp_swap /dev/urandom tmp,cipher=aes-xts-plain64,size=512,hash=sha512
# /etc/fstab
/dev/mapper/enc_stuff xfs /stuff defaults 1 2
/dev/mapper/end_ts /tmp none defaults,nosuid,noexec,nodev,rw 0 0
/dev/mapper/end_ts none swap defaults,size=4g 0 0