@obadz, thanks for your PR! By analyzing the annotation information on this pull request, we identified @edolstra, @aszlig and @wkennington to be potential reviewers

👎 on this, because first of all this breaks hibernation and second, I'd only make it default if we have sufficient NixOS VM test(s) for that. For example which configuration gets generated if you already use LVM or dmcrypt? For these configurations you usually have (or at least should have) an encrypted swap device that's using either a derived or a different keyslot for the swap device which you can use to unlock the machine after hibernation.

Preserving the hibernation feature for the (I suspect) small subset of users that use it would be nice and I'd certainly be happy to see improvements that make this work (I don't use it myself so can't really work on that).

However, I don't think it should come in the way of what I believe is an important security improvement.

Until the feature that enables hibernation users to use encrypted swap spaces, they'll have to decide whether they'd rather take the security risk or if they need the feature more in which case they can toggle randomEncryption to false.

@obadz: Well, we should have an option in the template configuration.nix then for users to be aware of this and also turn it off.

@aszlig: what would this option do?

Either override the randomEncryption option with false or note users to set their passphrases if they want hibernation.

I don't really like the option that overrides randonEncryption to false, but if there is a way to disable the hibernation feature, we could have an assertion that validates that either hibernation is disabled or swaps aren't encrypted?

It sounds like this change is too contentious to be a pull request at the moment, perhaps an RFC should be opened first?

(triage) Should an RFC be opened for this? I also think that this would be a good idea but I'm not sure if it would be worth the extra effort. But if we can fix all/most of the issues I don't think we would need an RFC.

Swap Encryption is really the sensible default given the amount of sensitive information that RAM can contain.

Do we have any sources on this? I don't really think that this is wrong but IIRC programs like OpenSSH, GnuPG, ... should prevent sensitive information (like keys or passwords) from getting swapped so that it actually shouldn't be that bad (but I might be very wrong about this...).

Edit: Some sources:
https://linux.die.net/man/2/mlock

mlock() and mlockall() respectively lock part or all of the calling process's virtual address space into RAM, preventing that memory from being paged to the swap area.

https://www.gnupg.org/faq/gnupg-faq.html

GnuPG tries to lock memory so that no other process can see it and so that the memory will not be written to swap.

But of course this doesn't mean that all applications that should use this are actually using it...

Also I'd say that this only makes sense with at least an encrypted home partition and on a fully encrypted system (e.g. via LVM) the swap should already be encrypted and we would loose performance by encrypting it twice (imho we should at least put a note inside the manual that the swap shouldn't be on an already encrypted LVM-VG/PV).

👎 on this, because first of all this breaks hibernation

IMHO we should solve that as well, at least by placing a comment in the config file (and in the install part manual).

I'd only make it default if we have sufficient NixOS VM test(s) for that.

👍 - I already experienced two problems with encryption (due to advanced use-cases tho). It might easily break some setups in unexpected ways.

Another possible problem could be the performance on old/low-end systems or systems with very fast SSDs (on my system the latter shouldn't be a problem (theoretically) but it could be on other systems).

Edit: I also don't know if we should allow discards/TRIM or not (and if TRIM makes sense for a swap). AFAIK it shouldn't have a huge security impact and therefore it usually shouldn't be a problem. I guess the best source for this is a blog post from the main cryptsetup developer Milan Broz: TRIM & dm-crypt ... problems?

Edit (forgot to mention...): Overall I really like this idea but I think we should further discuss the actual implementation. E.g., if possible, it might be a good idea to offer an option for nixos-generate-config to disable encryption. And imho we should better document encryption inside the nixos manual (can be done after this PR).

(triage) since this hasnt moved in over 2 years, shall we close this ?

No consensus to make swap encryption the default.