In recent versions, Debian offers easy support for full disk encryption with LUKS+dmcrypt directly from the installation - almost zero work needed.
Yesterday, I crashed my LUKS-encrypted swap partition - I’m not sure exactly how, but I entered the password to unlock the partition falsely thrice on waking up from hibernate. Since the root partition was correctly unlocked, the system proceeded in booting normally, or so I thought. Only after I rebooted again, my system couldn’t find the LUKS volume with the swap partition on it any more and would refuse to boot up at all. Here is how I fixed it:
- Boot from a live linux system
- Verify that the LUKS volume is completely gone :-(
- Create a new LUKS volume on the original partition with cryptsetup. This will destroy all data on there, yes, but it is a swap partition anyway.
- Mount it, run mkswap on the mapped partition (i.e. /dev/mapper/sda5_crypt)
- Update /etc/crypttab to the new UUID
- Go to your /boot partition and fix the initrd.img by unpacking, replacing the UUID with “sed ’s/OLD_UUID/NEW_UUID/’ INITRD_FILENAME > INITRD_FILENAME” and then repacking it with gzip