From 414c397b082086d2c5f4252410b823ed8b61d034 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Sun, 15 Mar 2020 01:44:39 -0400
Subject: [PATCH] note about swap

---
 static/build.html | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/static/build.html b/static/build.html
index 3199857f..e46f1740 100644
--- a/static/build.html
+++ b/static/build.html
@@ -429,7 +429,8 @@ mv vendor/android-prepare-vendor/DEVICE/BUILD_ID/vendor/google_devices/* vendor/
 
             <p>You should set a passphrase for the signing keys to protect them at rest. The
             GrapheneOS release signing script expects the same passphrase to be used for each of
-            the keys.</p>
+            the keys. If you use swap, make sure that it's encrypted to avoid leaking unencrypted
+            keys to storage.</p>
 
             <p>The sample certificate subject should be replaced with your own information.</p>