# dmcrypt encrypted swap fails on boot

## haarp

Hey. every time I boot, dmcrypt fails to add my swap. This is /etc/conf.d/dmcrypt:

```
swap=cswap

source='/swap'
```

However, it scrolls by too fast for me to make out the actual error and it's too early in the boot process to get logged.

If I manually restart dmcrypt after the system has booted however, it works flawlessly. Any ideas what might be the issue?

----------

## Hu

Without the error text, it is very difficult for us to help you.  Can you use scroll lock to pause the output?  Can you page back through the output to read it after boot completes?

----------

## khayyam

haarp ....

As your swap seems to be a file rather than a device I wonder if this isn't a case of the script running prior to the availablity of filesysem on which the swapfile is located ... dmcrypt is run early so the filesystems are not yet mounted.

best ... khay

----------

## haarp

 *Hu wrote:*   

> Without the error text, it is very difficult for us to help you.  Can you use scroll lock to pause the output?  Can you page back through the output to read it after boot completes?

 

Paging is not possible as the login prompt will clear the screen once it has booted. I'll try scroll lock next time I boot.

 *khayyam wrote:*   

> haarp ....
> 
> As your swap seems to be a file rather than a device I wonder if this isn't a case of the script running prior to the availablity of filesysem on which the swapfile is located ... dmcrypt is run early so the filesystems are not yet mounted.
> 
> best ... khay

 

I only have / itself. And seeing as init scripts are being run at that point (and grabbing configs from /etc), the swapfile in /swap must also be accessible.

----------

## khayyam

 *haarp wrote:*   

> I only have / itself. And seeing as init scripts are being run at that point (and grabbing configs from /etc), the swapfile in /swap must also be accessible.

 

haarp ... doh! yes, I'd had a mental picture of encrypted root, which of course would require an initramfs and so make the dmcrypt rcscript pointless. Anyhow, with only a rootfs, isn't an encypted swap rather redundent?

best ... khay

----------

## Hu

 *haarp wrote:*   

>  *Hu wrote:*   Without the error text, it is very difficult for us to help you.  Can you use scroll lock to pause the output?  Can you page back through the output to read it after boot completes? 
> 
> Paging is not possible as the login prompt will clear the screen once it has booted.

 That is configurable.  The behavior of wiping the screen is relatively new.  Most old-timers prefer to turn it off by passing --noclear to the getty process.

----------

## haarp

Scroll lock worked! Error message is "mkswap: fsync failed". Makes me wonder if / is maybe read-only at this point of the boot process...

 *khayyam wrote:*   

>  Anyhow, with only a rootfs, isn't an encypted swap rather redundent?

 

There are additional ecryptfs, but those are mounted when they're needed.

----------

## Hu

Why are you using a swap file instead of a swap partition?  A swap partition has fewer dependencies, and might work at this stage.  If you cannot switch to a swap partition, you might be able to solve this by using an RC_NEED statement to force dm-crypt to run later.

----------

## haarp

 *Hu wrote:*   

> Why are you using a swap file instead of a swap partition?  A swap partition has fewer dependencies, and might work at this stage.  If you cannot switch to a swap partition, you might be able to solve this by using an RC_NEED statement to force dm-crypt to run later.

 

Yes, but a swap file is more flexible. I can easily reduce its size should I run out of disk space, for instance.

Modifying the runscript dependencies worked. Thanks!

I added this to /etc/rc.conf:

```
# Start dmcrypt later so / is writable

rc_dmcrypt_before="!checkfs !fsck swapfiles"

rc_dmcrypt_after="localmount"
```

----------

