From Fedora Project Wiki
Description
Support the use of encrypted filesystems for anything other than /boot using cryptsetup and LUKS. This includes install time creation/configuration, as well as integrated support in mkinitrd and initscripts (others?). Currently we are only pursuing support for encrypted devices using cryptsetup/LUKS.
When selecting the "Encrypt System" checkbox in anaconda, it is necessary to prompt the user for a passphrase to use for the encrypted filesystem.
References:
Steps To Reproduce
- Boot anaconda
- Proceed to the partitioning dialog
- Select the checkbox item "Encrypt system"
- Enter and confirm the passphrase in a pop up dialog for the encrypted filesystem
- choose "Create custom layout" partitioning layout and continue to the disk druid partition screen
- continue with installation
"Create custom layout"
Expected Results
- Confirmed "Encrypt system" item is checked
- Confirm able to enter and confirm the passphrase in the pop up dialog
- Proceed to the disk druid screen
- Verify the pre-existing partition is resized and the new default logical volume group is created in the free space from the resize
- Verify the default logical volume group (VolGroup00) displays a "locked" icon in the format column
- Verify installation completes successfully
- Upon reboot, the user is asked for the LUKS passphrase at the console
- Verify entry in /etc/crypttab is present for LUKS device
/etc/crypttab may look something like:
luks-sda2 /dev/sda2 none