You are not logged in.
- Topics: Active | Unanswered
#1 2025-10-03 16:29:14
- ruffy
- Member
- Registered: 2017-06-10
- Posts: 71
hibernation with encrypted swap partition
Hi,
I currently have three partitions: boot, swap, and root. Both swap and root are encrypted with LUKS, and the root partition uses a btrfs filesystem. However, I haven't been able to get hibernation to work with this setup. Is hibernation truly infeasible with this configuration, or is there something I might be missing?
In the following, I have replaced the UUIDs with placeholders (<U1>, …, <U6>) to make it easier to see which ones are being used.
I use arch linux 6.12.49-1-lts.
/etc/crypttab:
cryptroot UUID=<U1> none luks,discard
cryptswap UUID=<U2> /etc/k/swap.key luks,discard
lsblk:
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
nvme0n1 259:0 0 953.9G 0 disk
├─nvme0n1p1 259:1 0 1G 0 part /boot
├─nvme0n1p2 259:2 0 64G 0 part
│ └─cryptswap 254:1 0 64G 0 crypt [SWAP]
└─nvme0n1p3 259:3 0 888.9G 0 part
└─cryptroot 254:0 0 888.9G 0 crypt
/home
/
blkid
blkid
/dev/mapper/cryptswap: UUID="<U3>" TYPE="swap"
/dev/nvme0n1p3: UUID="<U4>" TYPE="crypto_LUKS" PARTUUID="..."
/dev/nvme0n1p2: UUID="<U5>" TYPE="crypto_LUKS" PARTUUID="..."
/dev/mapper/cryptroot: UUID="<U6>" UUID_SUB="..." BLOCK_SIZE="4096" TYPE="btrfs"
...
/etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet cryptdevice=UUID=<U1>:cryptroot root=/dev/mapper/cryptroot rootflags=subvol=@ resume=UUID=<U3>"
/etc/mkinitcpio.conf
HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt filesystems resume fsck)
RESUME=/dev/mapper/cryptswap
Without hibernation, I get the following error after entering the passphrase to unlock the cryptroot volume:
Failed to stat resume device '/dev/disk/by-uuid/<U3>': no such file or directory
With hibernation, I get the same error after entering the passphrase to unlock the cryptroot volume:
Reported hibernation image: ID=arch kernel=6.12.49-1-lts UUID=<U3> offset=0
Failed to stat resume device '/dev/disk/by-uuid/<U3>': no such file or directory
Does anyone know how I can fix this, or is hibernation simply not possible with an encrypted swap partition setup?
Offline
#2 2025-10-22 01:48:01
- Mrkd1904
- Member
- Registered: 2023-11-08
- Posts: 84
Re: hibernation with encrypted swap partition
Hi,
I currently have three partitions: boot, swap, and root. Both swap and root are encrypted with LUKS, and the root partition uses a btrfs filesystem. However, I haven't been able to get hibernation to work with this setup. Is hibernation truly infeasible with this configuration, or is there something I might be missing?
In the following, I have replaced the UUIDs with placeholders (<U1>, …, <U6>) to make it easier to see which ones are being used.
I use arch linux 6.12.49-1-lts./etc/crypttab:
cryptroot UUID=<U1> none luks,discard
cryptswap UUID=<U2> /etc/k/swap.key luks,discardlsblk:
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
nvme0n1 259:0 0 953.9G 0 disk
├─nvme0n1p1 259:1 0 1G 0 part /boot
├─nvme0n1p2 259:2 0 64G 0 part
│ └─cryptswap 254:1 0 64G 0 crypt [SWAP]
└─nvme0n1p3 259:3 0 888.9G 0 part
└─cryptroot 254:0 0 888.9G 0 crypt
/home
/blkid
blkid
/dev/mapper/cryptswap: UUID="<U3>" TYPE="swap"
/dev/nvme0n1p3: UUID="<U4>" TYPE="crypto_LUKS" PARTUUID="..."
/dev/nvme0n1p2: UUID="<U5>" TYPE="crypto_LUKS" PARTUUID="..."
/dev/mapper/cryptroot: UUID="<U6>" UUID_SUB="..." BLOCK_SIZE="4096" TYPE="btrfs"
.../etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet cryptdevice=UUID=<U1>:cryptroot root=/dev/mapper/cryptroot rootflags=subvol=@ resume=UUID=<U3>"
/etc/mkinitcpio.conf
HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt filesystems resume fsck)
RESUME=/dev/mapper/cryptswapWithout hibernation, I get the following error after entering the passphrase to unlock the cryptroot volume:
Failed to stat resume device '/dev/disk/by-uuid/<U3>': no such file or directory
With hibernation, I get the same error after entering the passphrase to unlock the cryptroot volume:
Reported hibernation image: ID=arch kernel=6.12.49-1-lts UUID=<U3> offset=0
Failed to stat resume device '/dev/disk/by-uuid/<U3>': no such file or directoryDoes anyone know how I can fix this, or is hibernation simply not possible with an encrypted swap partition setup?
Might be a stupid question, but how are you unlocking the swap partition? Passphrase? If so, is it prompting you to unlock at boot?
Offline
#3 2025-10-22 08:30:12
- seth
- Member
- From: Don't DM me only for attention
- Registered: 2012-09-03
- Posts: 72,057
Re: hibernation with encrypted swap partition
Offline
#4 2025-10-22 12:27:55
- ruffy
- Member
- Registered: 2017-06-10
- Posts: 71
Re: hibernation with encrypted swap partition
Might be a stupid question, but how are you unlocking the swap partition? Passphrase? If so, is it prompting you to unlock at boot?
I tried either passphrase or keyfile (which was stored on the encrypted root partition), however, the swap partition is always decrypted too late for the hibernation image to be found.
Last edited by ruffy (2025-10-22 13:54:47)
Offline
#5 2025-10-22 12:29:27
- ruffy
- Member
- Registered: 2017-06-10
- Posts: 71
Re: hibernation with encrypted swap partition
Thanks, yes I followed already the different approaches from the wiki, however until now nothing did work out.
Yes, I also tried hibernating to a swapfile stored on the encrypted root partition. What I did not try is storing the swapfile on the encrypted swap partition.
Offline
#6 2025-10-22 14:11:06
- seth
- Member
- From: Don't DM me only for attention
- Registered: 2012-09-03
- Posts: 72,057
Re: hibernation with encrypted swap partition
What I did not try is storing the swapfile on the encrypted swap partition.
That's not gonna work, encryption or not.
Did you see that you'll have to decrypt/open the swap partition in the initramfs?
Yes, I also tried hibernating to a swapfile stored on the encrypted root partition.
What does that look like and what error do you get for it?
Offline
#7 2025-10-22 14:29:37
- ruffy
- Member
- Registered: 2017-06-10
- Posts: 71
Re: hibernation with encrypted swap partition
I tried specifying /etc/crypttab.initramfs for swap, but that did not work. I will re-read this section in the wiki on the weekend and see if I missed something.
Offline
#8 2026-01-03 00:12:09
- hhdev
- Member
- Registered: 2026-01-02
- Posts: 1
Re: hibernation with encrypted swap partition
Hi ruffy,
Did you make progress here?
I was in exactly the same situation when found this post with no solution, so I tried systemd approach, which worked from 1st try.
Since I am pretty reserved on systemd I'll be glad to get rid of it, in case you've found solution to your initial question.
---
Just for completeness, here's what's required to make our setup running with systemd:
/etc/mkinitcpio.conf
Switched encrypt to sd-encrypt, which requires change to most of the rest hooks:HOOKS=(base systemd autodetect microcode kms modconf block keyboard sd-vconsole block sd-encrypt filesystems resume fsck)Note there is no "RESUME=" keyword in mkinitcpio
/etc/default/grub
Removed all kernel params like luks.* and rd.luks.* and of course cryptkey and similar for the encrypt hook, as explained in the boxes at dm-crypt pageGRUB_CMDLINE_LINUX_DEFAULT='quiet root=/dev/mapper/luks-711faca8-b6c1-418e-8803-000000000000 resume=/dev/mapper/swap apparmor=1 security=apparmor udev.log_priority=3'/etc/crypttab.initramfs
Created this file with content from /etc/crypttab:luks-711faca8-b6c1-418e-8803-000000000000 UUID=711faca8-b6c1-418e-8803-000000000000 /crypto_keyfile.bin luks swap /dev/nvme0n1p3 /crypto_keyfile.bin luks/crypto_keyfile is reused also for the swap.
Last edited by hhdev (2026-01-03 00:13:25)
Offline
#9 2026-01-06 08:16:21
- ruffy
- Member
- Registered: 2017-06-10
- Posts: 71
Re: hibernation with encrypted swap partition
Hi hhdev,
no I tried everything in the wiki, also the systemd approach, but somehow nothing did work.
After that I just gave up...
I am quite busy currently, but will try your suggestion again next week. Let's see if I can get it to work 
Thanks!
Offline