From Fedora Project Wiki

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Description

Support the use of encrypted filesystems for anything other than /boot using cryptsetup and LUKS. This includes install time creation/configuration, as well as integrated support in mkinitrd and initscripts (others?). For additional details, consult the http://docs.fedoraproject.org/install-guide/f41/en-US/html/Disk_Encryption_Guide.html.

When using encrypted file systems/block devices, the functionality should continue to work as expected, and not create situations where the encryption leads to undesired errors.

References:


How to test

  1. Boot the installer using any available means (boot.iso, CD, DVD, Live image or PXE)
  2. At the first disk partitioning screen, select Use entire drive, Encrypt System, and Review and modify partitioning layout. Proceed to the next screen by selecting Next
  3. Ensure that each LVM logical volume is configured for encryption. You may need to edit the physical volume properties and select Encrypt
  4. Ensure that each LVM physical volume is configured for encryption. You may need to edit the physical volume properties and select Encrypt
  5. Proceed to the next step by clicking Next
  6. When prompted, enter a passphrase twice
  7. Complete the installation as desired

Expected Results

  1. The system should install successfully
  2. A lock icon appears next to all disk partitions configured for encryption
  3. The system should prompt for your passphrase only once during boot
  4. The system unlocks the encrypted partition(s) and boots successfully
  5. an entry for each encrypted disk partition exists in /etc/crypttab